admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-18T14:00:28.796987+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-18 14:03:28 +00:00
parent 617a71dd6e
commit 06ae950b99
266 changed files with 1977 additions and 841 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2005/CVE-2005-100xx/CVE-2005-10003.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2005-10003",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T14:15:03.800",
"lastModified": "2024-10-17T14:15:03.800",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.3 is able to address this issue. The patch is named 6ed8e3cc336e29f09c7e791863d0559939da98bf. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Xcomic de mikexstudios hasta la versi\u00f3n 0.8.2. Afecta a una parte desconocida. La manipulaci\u00f3n del argumento cmd provoca la inyecci\u00f3n de comandos del sistema operativo. Es posible iniciar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. El exploit se ha revelado al p\u00fablico y puede usarse. La actualizaci\u00f3n a la versi\u00f3n 0.8.3 puede solucionar este problema. El parche se llama 6ed8e3cc336e29f09c7e791863d0559939da98bf. Se recomienda actualizar el componente afectado."
}
],
"metrics": {

6
CVE-2018/CVE-2018-163xx/CVE-2018-16363.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-16363",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-09-07T22:29:01.947",
"lastModified": "2018-11-06T20:28:28.590",
"lastModified": "2024-10-18T12:19:40.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webdesi9:file_manager:2.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EED093EA-6D1C-4999-A260-C0170B5702BB"
"criteria": "cpe:2.3:a:filemanagerpro:file_manager:2.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A0EB1CA9-6920-4B64-AA45-6D35EC9599B4"
}
]
}

6
CVE-2018/CVE-2018-169xx/CVE-2018-16966.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-16966",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-04-15T21:29:00.233",
"lastModified": "2023-05-26T17:54:55.423",
"lastModified": "2024-10-18T12:19:40.940",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webdesi9:file_manager:3.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "75ACE73D-1116-4FA4-A5D5-F3F932794C55"
"criteria": "cpe:2.3:a:filemanagerpro:file_manager:3.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "ADCF2E45-51A8-4E0A-9673-FC224341E504"
}
]
}

6
CVE-2018/CVE-2018-169xx/CVE-2018-16967.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-16967",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-04-15T21:29:00.310",
"lastModified": "2023-05-26T17:54:55.423",
"lastModified": "2024-10-18T12:19:40.940",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webdesi9:file_manager:3.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "75ACE73D-1116-4FA4-A5D5-F3F932794C55"
"criteria": "cpe:2.3:a:filemanagerpro:file_manager:3.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "ADCF2E45-51A8-4E0A-9673-FC224341E504"
}
]
}

8
CVE-2018/CVE-2018-251xx/CVE-2018-25104.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2018-25104",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T16:15:03.207",
"lastModified": "2024-10-17T16:15:03.207",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en el complemento CoinGate hasta la versi\u00f3n 1.2.7 de PrestaShop. Se ha calificado como problem\u00e1tica. La funci\u00f3n postProcess del archivo modules/coingate/controllers/front/callback.php del componente Payment Handler se ve afectada por este problema. La manipulaci\u00f3n provoca errores de l\u00f3gica empresarial. El ataque puede iniciarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.2.8 puede solucionar este problema. El parche se identifica como 0a3097db0aec7c5d66686c142c6abaa1e126ca16. Se recomienda actualizar el componente afectado."
}
],
"metrics": {

4
CVE-2023/CVE-2023-267xx/CVE-2023-26785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26785",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-17T22:15:02.743",
"lastModified": "2024-10-17T22:15:02.743",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-322xx/CVE-2023-32266.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-32266",
"sourceIdentifier": "security@opentext.com",
"published": "2024-10-16T17:15:13.097",
"lastModified": "2024-10-16T17:15:13.097",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Search Path vulnerability in OpenText\u2122 Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. \u00a0\n\nThis issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1."
},
{
"lang": "es",
"value": "La vulnerabilidad de ruta de b\u00fasqueda no confiable en OpenText\u2122 Application Lifecycle Management (ALM),Quality Center permite la inclusi\u00f3n de c\u00f3digo. La vulnerabilidad permite a un usuario archivar archivos DLL maliciosos en el sistema antes de la instalaci\u00f3n. Este problema afecta a Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1."
}
],
"metrics": {

4
CVE-2023/CVE-2023-395xx/CVE-2023-39593.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39593",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-17T22:15:02.847",
"lastModified": "2024-10-17T22:15:02.847",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-495xx/CVE-2023-49567.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49567",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2024-10-18T08:15:03.143",
"lastModified": "2024-10-18T08:15:03.143",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-495xx/CVE-2023-49570.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-49570",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2024-10-18T09:15:02.770",
"lastModified": "2024-10-18T09:15:02.770",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the \"Basic Constraints\" extension in the certificate indicates that it is meant to be an \"End Entity\u201d. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la funci\u00f3n de an\u00e1lisis HTTPS de Bitdefender Total Security, en la que el software conf\u00eda en un certificado emitido por una entidad que no est\u00e1 autorizada a emitir certificados. Esto ocurre cuando la extensi\u00f3n \"Basic Constraints\" del certificado indica que est\u00e1 destinado a ser una \"Entidad final\". Esta falla podr\u00eda permitir a un atacante realizar un ataque Man-in-the-Middle (MITM), interceptando y potencialmente alterando las comunicaciones entre el usuario y el sitio web."
}
],
"metrics": {

8
CVE-2023/CVE-2023-60xx/CVE-2023-6055.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-6055",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2024-10-18T08:15:03.387",
"lastModified": "2024-10-18T08:15:03.387",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the \"Server Authentication\" specification in the Extended Key Usage extension, the product does not verify the certificate's compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la funci\u00f3n de an\u00e1lisis HTTPS de Bitdefender Total Security, en la que el software no puede validar correctamente los certificados de los sitios web. En concreto, si un certificado de sitio no tiene la especificaci\u00f3n \"Server Authentication\" (Autenticaci\u00f3n de servidor) en la extensi\u00f3n Extended Key Usage (Uso extendido de clave), el producto no verifica la conformidad del certificado con el sitio y considera que dichos certificados son v\u00e1lidos. Esta falla podr\u00eda permitir a un atacante realizar un ataque Man-in-the-Middle (MITM), interceptando y potencialmente alterando las comunicaciones entre el usuario y el sitio web."
}
],
"metrics": {

8
CVE-2023/CVE-2023-60xx/CVE-2023-6056.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-6056",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2024-10-18T08:15:03.500",
"lastModified": "2024-10-18T08:15:03.500",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en la funci\u00f3n de an\u00e1lisis HTTPS de Bitdefender Total Security que da lugar a una confianza indebida en los certificados autofirmados. Se ha descubierto que el producto conf\u00eda en los certificados firmados con el algoritmo de hash RIPEMD-160 sin una validaci\u00f3n adecuada, lo que permite a un atacante establecer conexiones SSL MITM con sitios arbitrarios."
}
],
"metrics": {

8
CVE-2023/CVE-2023-60xx/CVE-2023-6057.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-6057",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2024-10-18T08:15:03.627",
"lastModified": "2024-10-18T08:15:03.627",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en la funci\u00f3n de an\u00e1lisis HTTPS de Bitdefender Total Security que da como resultado la confianza indebida en los certificados emitidos mediante el algoritmo de firma DSA. El producto no comprueba correctamente la cadena de certificados, lo que permite a un atacante establecer conexiones SSL MITM con sitios arbitrarios mediante un certificado firmado por DSA."
}
],
"metrics": {

8
CVE-2023/CVE-2023-60xx/CVE-2023-6058.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-6058",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2024-10-18T08:15:03.737",
"lastModified": "2024-10-18T08:15:03.737",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en el manejo de conexiones HTTPS por parte de Bitdefender Safepay. El problema surge cuando el producto bloquea una conexi\u00f3n debido a un certificado de servidor que no es de confianza, pero permite al usuario agregar el sitio a las excepciones, lo que hace que el producto conf\u00ede en el certificado para los an\u00e1lisis HTTPS posteriores. Esta vulnerabilidad permite a un atacante realizar un ataque Man-in-the-Middle (MITM) mediante el uso de un certificado autofirmado, en el que el producto confiar\u00e1 despu\u00e9s de que el sitio se haya agregado a las excepciones. Esto puede provocar la interceptaci\u00f3n y posible alteraci\u00f3n de las comunicaciones seguras."
}
],
"metrics": {

8
CVE-2023/CVE-2023-67xx/CVE-2023-6728.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-6728",
"sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"published": "2024-10-17T13:15:12.077",
"lastModified": "2024-10-17T13:15:12.077",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content."
},
{
"lang": "es",
"value": "El cifrado del archivo bof.cfg del SO SR de Nokia es vulnerable a un ataque de fuerza bruta. Esta debilidad permite que un atacante en posesi\u00f3n del archivo cifrado descifre el archivo bof.cfg y obtenga el contenido de configuraci\u00f3n BOF."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-67xx/CVE-2023-6729.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-6729",
"sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"published": "2024-10-17T13:15:12.170",
"lastModified": "2024-10-17T15:35:11.400",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with \"access console.\" Consequently, a low privilege authenticated user with \"access console\" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted."
},
{
"lang": "es",
"value": "Los enrutadores Nokia SR OS permiten el acceso de lectura y escritura a todo el sistema de archivos a trav\u00e9s de SFTP o SCP para los usuarios configurados con \"consola de acceso\". En consecuencia, un usuario autenticado con privilegios bajos con \"consola de acceso\" puede leer o reemplazar el archivo de configuraci\u00f3n del enrutador, as\u00ed como otros archivos almacenados en la tarjeta Compact Flash o SD sin usar comandos CLI. Este tipo de ataque puede provocar un compromiso o denegaci\u00f3n de servicio del enrutador despu\u00e9s de reiniciar el sistema."
}
],
"metrics": {

6
CVE-2023/CVE-2023-68xx/CVE-2023-6846.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6846",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:15:56.887",
"lastModified": "2024-02-09T16:51:01.473",
"lastModified": "2024-10-18T12:19:40.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -80,9 +80,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:filemanagerpro:file_manager_pro:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:filemanagerpro:file_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "8.3.4",
"matchCriteriaId": "FF983244-4C22-4F18-9E6D-0F8A9A746600"
"matchCriteriaId": "CFBF9751-C2D8-4EA3-87AB-B19578D113EC"
}
]
}

231
CVE-2024/CVE-2024-02xx/CVE-2024-0229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0229",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-09T07:16:00.107",
"lastModified": "2024-05-22T17:16:11.003",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-18T13:49:32.090",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,70 +81,233 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "21.1.11",
"matchCriteriaId": "049C23AF-DFA5-4F08-A3E6-BBBF75581F05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.2.4",
"matchCriteriaId": "1FE48099-1D7F-444E-8F0C-FAB71F25AD71"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7883DE07-470D-4160-9767-4F831B75B9A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5F4FA7-E5C5-4C23-BDA8-36A36972E4F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C24797C-0397-4D4F-ADC3-3B99095DBB35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF14A415-15BD-4A6C-87CF-675E09390474"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15D3CC6E-3A8F-4694-B3CC-0DB12A3E9A0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E881C927-DF96-4D2E-9887-FF12E456B1FB"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0320",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0557",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0558",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0597",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0607",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0614",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0617",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0621",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0626",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0629",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2169",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2170",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2995",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2996",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0229",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-100xx/CVE-2024-10014.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10014",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T05:15:03.713",
"lastModified": "2024-10-18T05:15:03.713",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-100xx/CVE-2024-10025.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10025",
"sourceIdentifier": "psirt@sick.de",
"published": "2024-10-17T10:15:03.127",
"lastModified": "2024-10-17T10:15:03.127",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el archivo .sdd permite a un atacante leer las contrase\u00f1as predeterminadas almacenadas en texto plano dentro del c\u00f3digo. Al explotar estas credenciales en texto plano, un atacante puede iniciar sesi\u00f3n en los productos SICK afectados como un \"cliente autorizado\" si el cliente no ha cambiado la contrase\u00f1a predeterminada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10033.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10033",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-16T17:15:13.267",
"lastModified": "2024-10-16T17:15:13.267",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en aap-gateway. Existe una vulnerabilidad de cross-site scripting (XSS) en el componente de puerta de enlace. Esta falla permite que un usuario malintencionado realice acciones que afectan a los usuarios mediante el uso del \"?next=\" en una URL, lo que puede provocar redireccionamientos, inyecci\u00f3n de secuencias de comandos maliciosas, robo de sesiones y datos."
}
],
"metrics": {

4
CVE-2024/CVE-2024-100xx/CVE-2024-10040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10040",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T05:15:04.667",
"lastModified": "2024-10-18T05:15:04.667",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-100xx/CVE-2024-10049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10049",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T05:15:04.977",
"lastModified": "2024-10-18T05:15:04.977",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-100xx/CVE-2024-10055.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10055",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T08:15:03.843",
"lastModified": "2024-10-18T08:15:03.843",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Click to Chat \u2013 WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Click to Chat \u2013 WP Support All-in-One Floating Widget para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto wpsaio_snapchat del complemento en todas las versiones hasta la 2.3.3 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10057.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10057",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T10:15:03.173",
"lastModified": "2024-10-18T10:15:03.173",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento RSS Feed Widget para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto rfw-youtube-videos del complemento en todas las versiones hasta la 2.9.9 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10068.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10068",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T11:15:10.390",
"lastModified": "2024-10-17T11:15:10.390",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en OpenSight Software FlashFXP 5.4.0.3970. Se ha clasificado como cr\u00edtica. Se trata de una funci\u00f3n desconocida en la librer\u00eda libcrypto-1_1.dll del archivo FlashFXP.exe. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda no controlada. El ataque debe abordarse localmente. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10069.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10069",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T15:15:12.857",
"lastModified": "2024-10-17T15:15:12.857",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en ESAFENET CDG 5. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n actionPassMainApplication del archivo /com/esafenet/servlet/client/MailDecryptApplicationService.java. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10070.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10070",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T15:15:13.110",
"lastModified": "2024-10-17T15:15:13.110",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en ESAFENET CDG 5. Afecta a la funci\u00f3n actionPolicyPush del archivo /com/esafenet/policy/action/PolicyPushControlAction.java. La manipulaci\u00f3n del argumento policyId provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10071.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10071",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T16:15:04.610",
"lastModified": "2024-10-17T16:15:04.610",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en ESAFENET CDG 5. Esta vulnerabilidad afecta a la funci\u00f3n actionUpdateEncryptPolicyEdit del archivo /com/esafenet/servlet/policy/EncryptPolicyService.java. La manipulaci\u00f3n del argumento encryptPolicyId provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10072.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10072",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T17:15:10.963",
"lastModified": "2024-10-17T17:15:10.963",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en ESAFENET CDG 5. Este problema afecta a la funci\u00f3n actionAddEncryptPolicyGroup del archivo /com/esafenet/servlet/policy/EncryptPolicyService.java. La manipulaci\u00f3n de la lista de verificaci\u00f3n de argumentos conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10073.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10073",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T17:15:11.253",
"lastModified": "2024-10-17T17:15:11.253",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\\models\\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "En flairNLP flair 0.14.0 se ha detectado una vulnerabilidad clasificada como cr\u00edtica. La funci\u00f3n ClusteringModel del archivo flair\\models\\clustering.py del componente Mode File Loader est\u00e1 afectada. La manipulaci\u00f3n provoca la inyecci\u00f3n de c\u00f3digo. Es posible lanzar el ataque de forma remota. La complejidad del ataque es bastante alta. Se dice que la explotaci\u00f3n es dif\u00edcil. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10078.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10078",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T08:15:04.060",
"lastModified": "2024-10-18T08:15:04.060",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts."
},
{
"lang": "es",
"value": "El complemento WP Easy Post Types para WordPress es vulnerable al acceso no autorizado, la modificaci\u00f3n y la p\u00e9rdida de datos debido a la falta de una comprobaci\u00f3n de capacidad en varias funciones en todas las versiones hasta la 1.4.4 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, agreguen, modifiquen o eliminen opciones y publicaciones del complemento."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10079.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10079",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T08:15:04.300",
"lastModified": "2024-10-18T08:15:04.300",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
},
{
"lang": "es",
"value": "El complemento WP Easy Post Types para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en versiones hasta la 1.4.4 incluida, a trav\u00e9s de la deserializaci\u00f3n de la entrada no confiable del par\u00e1metro 'text' en la funci\u00f3n 'ajax_import_content'. Esto permite a los atacantes autenticados, con permisos de nivel de suscriptor y superiores, inyectar un objeto PHP. No hay ninguna cadena POP presente en el complemento vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10080.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10080",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T08:15:04.507",
"lastModified": "2024-10-18T08:15:04.507",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WP Easy Post Types para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de metadatos de publicaciones en versiones hasta la 1.4.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en atributos proporcionados por el usuario. Esto permite que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2024/CVE-2024-100xx/CVE-2024-10093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10093",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-17T23:15:11.817",
"lastModified": "2024-10-17T23:15:11.817",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-100xx/CVE-2024-10099.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10099",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-17T19:15:21.337",
"lastModified": "2024-10-17T19:15:21.337",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en la versi\u00f3n 0.2.2 de comfyanonymous/comfyui y posiblemente en versiones anteriores. La vulnerabilidad se produce cuando un atacante carga un archivo HTML que contiene un payload XSS malicioso a trav\u00e9s del punto de conexi\u00f3n `/api/upload/image`. El payload se ejecuta cuando el archivo se visualiza a trav\u00e9s del punto de conexi\u00f3n de API `/view`, lo que lleva a la posible ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10100.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10100",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-17T19:15:21.533",
"lastModified": "2024-10-17T19:15:21.533",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en la versi\u00f3n 3.83 de binary-husky/gpt_academic. La vulnerabilidad se debe a un manejo inadecuado del par\u00e1metro de archivo, que est\u00e1 abierto al path traversal a trav\u00e9s de la codificaci\u00f3n de URL. Esto permite a los atacantes ver cualquier archivo en el sistema host, incluidos archivos confidenciales como archivos de aplicaciones cr\u00edticas, claves SSH, claves API y valores de configuraci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10101.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10101",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-17T19:15:21.713",
"lastModified": "2024-10-17T19:15:21.713",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en la versi\u00f3n 3.83 de binary-husky/gpt_academic. La vulnerabilidad se produce en el endpoint /file, que procesa archivos HTML. Los archivos HTML maliciosos que contienen payloads XSS se pueden cargar y almacenar en el backend, lo que lleva a la ejecuci\u00f3n de el payload en el navegador de la v\u00edctima cuando se accede al archivo. Esto puede provocar el robo de cookies de sesi\u00f3n u otra informaci\u00f3n confidencial."
}
],
"metrics": {

4
CVE-2024/CVE-2024-101xx/CVE-2024-10118.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10118",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-10-18T04:15:03.290",
"lastModified": "2024-10-18T04:15:03.290",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "twcert@cert.org.tw",

4
CVE-2024/CVE-2024-101xx/CVE-2024-10119.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10119",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-10-18T05:15:05.200",
"lastModified": "2024-10-18T05:15:05.200",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-202xx/CVE-2024-20280.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20280",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:13.697",
"lastModified": "2024-10-16T17:15:13.697",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files.\r\n\r\nThis vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de copia de seguridad de Cisco UCS Central Software podr\u00eda permitir que un atacante con acceso a un archivo de copia de seguridad obtenga informaci\u00f3n confidencial almacenada en los archivos de copia de seguridad de estado completo y de configuraci\u00f3n. Esta vulnerabilidad se debe a una debilidad en el m\u00e9todo de cifrado que se utiliza para la funci\u00f3n de copia de seguridad. Un atacante podr\u00eda explotar esta vulnerabilidad accediendo a un archivo de copia de seguridad y aprovechando una clave est\u00e1tica que se utiliza para la funci\u00f3n de configuraci\u00f3n de copia de seguridad. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante con acceso a un archivo de copia de seguridad obtenga informaci\u00f3n confidencial que se almacena en los archivos de copia de seguridad de estado completo y los archivos de copia de seguridad de configuraci\u00f3n, como credenciales de usuario local, contrase\u00f1as de servidor de autenticaci\u00f3n, nombres de comunidad de Protocolo simple de administraci\u00f3n de red (SNMP) y el certificado y la clave del servidor SSL del dispositivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-204xx/CVE-2024-20420.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20420",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:13.957",
"lastModified": "2024-10-16T17:15:13.957",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. \r\n\r\nThis vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del adaptador telef\u00f3nico anal\u00f3gico Cisco ATA serie 190 podr\u00eda permitir que un atacante remoto autenticado con privilegios bajos ejecute comandos como usuario administrador. Esta vulnerabilidad se debe a una verificaci\u00f3n de autorizaci\u00f3n incorrecta por parte del servidor HTTP. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud maliciosa a la interfaz de administraci\u00f3n basada en web. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante ejecute comandos como usuario administrador."
}
],
"metrics": {

8
CVE-2024/CVE-2024-204xx/CVE-2024-20421.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20421",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:14.193",
"lastModified": "2024-10-16T17:15:14.193",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del adaptador telef\u00f3nico anal\u00f3gico Cisco ATA 190 Series podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site request forgery (CSRF) y realice acciones arbitrarias en un dispositivo afectado. Esta vulnerabilidad se debe a que no hay suficientes protecciones CSRF para la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que siga un enlace creado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar acciones arbitrarias en el dispositivo afectado con los privilegios del usuario objetivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-204xx/CVE-2024-20458.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20458",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:14.423",
"lastModified": "2024-10-16T17:15:14.423",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device.\r\n\r\nThis vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the firmware."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del adaptador telef\u00f3nico anal\u00f3gico Cisco ATA serie 190 podr\u00eda permitir que un atacante remoto no autenticado vea o elimine la configuraci\u00f3n o cambie el firmware en un dispositivo afectado. Esta vulnerabilidad se debe a la falta de autenticaci\u00f3n en endpoints HTTP espec\u00edficos. Un atacante podr\u00eda aprovechar esta vulnerabilidad navegando a una URL espec\u00edfica. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ver o eliminar la configuraci\u00f3n o cambiar el firmware."
}
],
"metrics": {

8
CVE-2024/CVE-2024-204xx/CVE-2024-20459.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20459",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:14.657",
"lastModified": "2024-10-16T17:15:14.657",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system.\r\n\r\nThis vulnerability is due to a lack of input sanitization in the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del adaptador telef\u00f3nico anal\u00f3gico Cisco ATA 190 Multiplatform Series podr\u00eda permitir que un atacante remoto autenticado con privilegios elevados ejecute comandos arbitrarios como usuario ra\u00edz en el sistema operativo subyacente. Esta vulnerabilidad se debe a la falta de desinfecci\u00f3n de entradas en la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud maliciosa a la interfaz de administraci\u00f3n basada en web. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente como usuario ra\u00edz."
}
],
"metrics": {

8
CVE-2024/CVE-2024-204xx/CVE-2024-20460.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20460",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:14.880",
"lastModified": "2024-10-16T17:15:14.880",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del adaptador telef\u00f3nico anal\u00f3gico Cisco ATA 190 Series podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) reflejado contra un usuario. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada del usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que haga clic en un link manipulado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador en un dispositivo afectado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-204xx/CVE-2024-20461.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20461",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:15.127",
"lastModified": "2024-10-16T17:15:15.127",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user.\r\n\r\nThis vulnerability exists because CLI input is not properly sanitized. An attacker could exploit this vulnerability by sending malicious characters to the CLI. A successful exploit could allow the attacker to read and write to the underlying operating system as the root user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la CLI del firmware del adaptador telef\u00f3nico anal\u00f3gico Cisco ATA 190 Series podr\u00eda permitir que un atacante local autenticado con privilegios elevados ejecute comandos arbitrarios como usuario ra\u00edz. Esta vulnerabilidad existe porque la entrada de la CLI no se desinfecta correctamente. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando caracteres maliciosos a la CLI. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante leer y escribir en el sistema operativo subyacente como usuario ra\u00edz."
}
],
"metrics": {

8
CVE-2024/CVE-2024-204xx/CVE-2024-20462.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20462",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:15.357",
"lastModified": "2024-10-16T17:15:15.357",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device.\r\n\r\nThis vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del adaptador telef\u00f3nico anal\u00f3gico multiplataforma Cisco ATA 190 Series podr\u00eda permitir que un atacante local autenticado con privilegios bajos vea las contrase\u00f1as en un dispositivo afectado. Esta vulnerabilidad se debe a una desinfecci\u00f3n incorrecta del contenido HTML de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante vea las contrase\u00f1as que pertenecen a otros usuarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-204xx/CVE-2024-20463.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20463",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:15.670",
"lastModified": "2024-10-16T17:15:15.670",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device.\r\n\r\nThis vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition. "
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del adaptador telef\u00f3nico anal\u00f3gico Cisco ATA 190 Series podr\u00eda permitir que un atacante remoto no autenticado modifique la configuraci\u00f3n o reinicie un dispositivo afectado. Esta vulnerabilidad se debe a que el servidor HTTP permite cambios de estado en las solicitudes GET. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud maliciosa a la interfaz de administraci\u00f3n basada en web en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar modificaciones limitadas a la configuraci\u00f3n o reiniciar el dispositivo, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-205xx/CVE-2024-20512.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20512",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:15.913",
"lastModified": "2024-10-16T17:15:15.913",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unified Contact Center Management Portal (Unified CCMP) podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) reflejado contra un usuario de la interfaz. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida correctamente la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que haga clic en un v\u00ednculo creado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador."
}
],
"metrics": {

4
CVE-2024/CVE-2024-277xx/CVE-2024-27766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27766",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-17T22:15:02.920",
"lastModified": "2024-10-17T22:15:02.920",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-308xx/CVE-2024-30875.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30875",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-17T22:15:02.977",
"lastModified": "2024-10-17T22:15:02.977",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-31xx/CVE-2024-3184.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3184",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-10-17T08:15:01.950",
"lastModified": "2024-10-17T08:15:01.950",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS)."
},
{
"lang": "es",
"value": "Se encontraron m\u00faltiples vulnerabilidades de desreferencia de puntero nulo CWE-476 en GoAhead Web Server hasta la versi\u00f3n 6.0.0 cuando se compilaba con el indicador ME_GOAHEAD_REPLACE_MALLOC. Sin un notificador de memoria para errores de asignaci\u00f3n, los atacantes remotos pueden explotar estas vulnerabilidades enviando solicitudes maliciosas, lo que provoca un bloqueo y una denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3186.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3186",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-10-17T08:15:02.453",
"lastModified": "2024-10-17T08:15:02.453",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de puntero nulo CWE-476 en la funci\u00f3n evalExpr() de GoAhead Web Server (versi\u00f3n &lt;= 6.0.0) cuando se compila con el indicador ME_GOAHEAD_JAVASCRIPT. Esta vulnerabilidad permite que un atacante remoto con privilegios para modificar archivos de plantilla de JavaScript (JST) provoque un bloqueo y provoque una denegaci\u00f3n de servicio (DoS) al proporcionar plantillas maliciosas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3187.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3187",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-10-17T08:15:02.760",
"lastModified": "2024-10-17T08:15:02.760",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent."
},
{
"lang": "es",
"value": "Este problema se debe a dos vulnerabilidades CWE-416 de Use After Free (UAF) y una vulnerabilidad CWE-415 de doble liberaci\u00f3n en las versiones de Goahead anteriores a la 6.0.0. Estas vulnerabilidades se deben a que los valores JST no se anulan cuando se liberan durante el an\u00e1lisis de las plantillas JST. Si la bandera ME_GOAHEAD_JAVASCRIPT est\u00e1 habilitada, un atacante remoto con privilegios para modificar archivos de plantillas de JavaScript (JST) podr\u00eda aprovechar esto proporcionando plantillas maliciosas. Esto puede provocar una corrupci\u00f3n de la memoria, lo que puede provocar una denegaci\u00f3n de servicio (DoS) o, en casos excepcionales, la ejecuci\u00f3n de c\u00f3digo, aunque esto \u00faltimo depende en gran medida del contexto."
}
],
"metrics": {

4
CVE-2024/CVE-2024-334xx/CVE-2024-33453.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33453",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-17T22:15:03.040",
"lastModified": "2024-10-17T22:15:03.040",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-388xx/CVE-2024-38814.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38814",
"sourceIdentifier": "security@vmware.com",
"published": "2024-10-16T17:15:16.237",
"lastModified": "2024-10-16T17:15:16.237",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A\n malicious authenticated user with non-administrator privileges may be \nable to enter specially crafted SQL queries and perform unauthorized \nremote code execution on the HCX manager.\u00a0\nUpdates are available to remediate this vulnerability in affected VMware products."
},
{
"lang": "es",
"value": "VMware recibi\u00f3 un informe privado sobre una vulnerabilidad de inyecci\u00f3n SQL autenticada en VMware HCX. Un usuario autenticado malintencionado con privilegios que no sean de administrador podr\u00eda ingresar consultas SQL especialmente manipuladas y ejecutar c\u00f3digo remoto no autorizado en el administrador HCX. Hay actualizaciones disponibles para solucionar esta vulnerabilidad en los productos VMware afectados."
}
],
"metrics": {

4
CVE-2024/CVE-2024-388xx/CVE-2024-38820.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38820",
"sourceIdentifier": "security@vmware.com",
"published": "2024-10-18T06:15:03.333",
"lastModified": "2024-10-18T06:15:03.333",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

60
CVE-2024/CVE-2024-407xx/CVE-2024-40711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40711",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-09-07T17:15:13.260",
"lastModified": "2024-10-18T01:00:02.590",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-18T12:51:11.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2024-10-17",
"cisaActionDue": "2024-11-07",
@ -20,6 +20,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -44,6 +66,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -55,10 +87,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0.1420",
"versionEndExcluding": "12.2.0.334",
"matchCriteriaId": "E3AD538F-6D77-4528-9BD8-C06E1CD65354"
}
]
}
]
}
],
"references": [
{
"url": "https://www.veeam.com/kb4649",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-411xx/CVE-2024-41128.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41128",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-16T18:15:06.070",
"lastModified": "2024-10-16T18:15:06.070",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected."
},
{
"lang": "es",
"value": "Action Pack es un framework de trabajo para gestionar y responder a solicitudes web. A partir de la versi\u00f3n 3.1.0 y anteriores a las versiones 6.1.7.9, 7.0.8.5, 7.1.4.1 y 7.2.1.1, existe una posible vulnerabilidad de ReDoS en las rutinas de filtrado de par\u00e1metros de consulta de Action Dispatch. Los par\u00e1metros de consulta cuidadosamente manipulados pueden hacer que el filtrado de par\u00e1metros de consulta tarde una cantidad inesperada de tiempo, lo que puede dar como resultado una vulnerabilidad de DoS. Todos los usuarios que ejecuten una versi\u00f3n afectada deben actualizar a la versi\u00f3n 6.1.7.9, 7.0.8.5, 7.1.4.1 o 7.2.1.1 o aplicar el parche correspondiente de inmediato. Se puede utilizar Ruby 3.2 como workaround. Ruby 3.2 tiene mitigaciones para este problema, por lo que las aplicaciones Rails que utilizan Ruby 3.2 o versiones m\u00e1s nuevas no se ven afectadas. Rails 8.0.0.beta1 depende de Ruby 3.2 o superior, por lo que no se ve afectado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-41xx/CVE-2024-4184.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4184",
"sourceIdentifier": "security@opentext.com",
"published": "2024-10-16T17:15:17.370",
"lastModified": "2024-10-16T17:15:17.370",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below."
},
{
"lang": "es",
"value": "La vulnerabilidad de restricci\u00f3n incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyecci\u00f3n de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores."
}
],
"metrics": {

8
CVE-2024/CVE-2024-41xx/CVE-2024-4189.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4189",
"sourceIdentifier": "security@opentext.com",
"published": "2024-10-16T17:15:17.493",
"lastModified": "2024-10-16T17:15:17.493",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below."
},
{
"lang": "es",
"value": "La vulnerabilidad de restricci\u00f3n incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyecci\u00f3n de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores."
}
],
"metrics": {

8
CVE-2024/CVE-2024-42xx/CVE-2024-4211.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4211",
"sourceIdentifier": "security@opentext.com",
"published": "2024-10-16T17:15:17.617",
"lastModified": "2024-10-16T17:15:17.617",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.\n\n\nMultiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers.\n\n\nThis issue affects OpenText Application Automation Tools: 24.1.0 and below."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n incorrecta de la cantidad especificada en la entrada en OpenText Las herramientas de automatizaci\u00f3n de aplicaciones de OpenText permiten explotar niveles de seguridad de control de acceso configurados incorrectamente. Se han descubierto m\u00faltiples comprobaciones de permisos faltantes en la configuraci\u00f3n de trabajos de ALM en las herramientas de automatizaci\u00f3n de aplicaciones de OpenText. La vulnerabilidad podr\u00eda permitir que los usuarios con permiso general/de lectura enumeren los nombres de servidor de ALM, los nombres de usuario y los ID de cliente configurados para usarse con servidores de ALM. Este problema afecta a las herramientas de automatizaci\u00f3n de aplicaciones de OpenText: 24.1.0 y anteriores."
}
],
"metrics": {

4
CVE-2024/CVE-2024-433xx/CVE-2024-43300.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43300",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-18T11:15:02.430",
"lastModified": "2024-10-18T11:15:02.430",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-435xx/CVE-2024-43566.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43566",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-17T23:15:14.940",
"lastModified": "2024-10-17T23:15:14.940",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-435xx/CVE-2024-43578.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43578",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-17T23:15:15.370",
"lastModified": "2024-10-17T23:15:15.370",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-435xx/CVE-2024-43579.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43579",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-17T23:15:15.570",
"lastModified": "2024-10-17T23:15:15.570",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-435xx/CVE-2024-43580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43580",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-17T23:15:15.767",
"lastModified": "2024-10-17T23:15:15.767",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-435xx/CVE-2024-43587.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43587",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-17T23:15:16.123",
"lastModified": "2024-10-18T01:15:39.687",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-435xx/CVE-2024-43595.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43595",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-17T23:15:16.463",
"lastModified": "2024-10-17T23:15:16.463",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-435xx/CVE-2024-43596.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43596",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-17T23:15:16.657",
"lastModified": "2024-10-17T23:15:16.657",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-439xx/CVE-2024-43997.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43997",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:04.910",
"lastModified": "2024-10-17T18:15:04.910",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in easy.Jobs EasyJobs allows Reflected XSS.This issue affects EasyJobs: from n/a through 2.4.14."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en easy.Jobs EasyJobs permite XSS reflejado. Este problema afecta a EasyJobs: desde n/a hasta 2.4.14."
}
],
"metrics": {

4
CVE-2024/CVE-2024-447xx/CVE-2024-44762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44762",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-16T21:15:12.680",
"lastModified": "2024-10-17T17:35:06.750",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-450xx/CVE-2024-45071.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45071",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-10-16T17:15:16.487",
"lastModified": "2024-10-16T17:15:16.487",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite que un usuario privilegiado incorpore c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
}
],
"metrics": {

8
CVE-2024/CVE-2024-450xx/CVE-2024-45072.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45072",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-10-16T17:15:16.750",
"lastModified": "2024-10-16T17:15:16.750",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a un ataque de inyecci\u00f3n de entidad externa (XXE) de XML al procesar datos XML. Un usuario privilegiado podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria."
}
],
"metrics": {

14
CVE-2024/CVE-2024-454xx/CVE-2024-45490.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-45490",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-30T03:15:03.757",
"lastModified": "2024-09-04T14:28:19.313",
"lastModified": "2024-10-18T12:24:23.597",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -22,20 +22,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",

8
CVE-2024/CVE-2024-457xx/CVE-2024-45713.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45713",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-10-17T11:15:10.850",
"lastModified": "2024-10-17T11:15:10.850",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes."
},
{
"lang": "es",
"value": "SolarWinds Kiwi CatTools es susceptible a una vulnerabilidad de divulgaci\u00f3n de datos confidenciales cuando se ha habilitado una configuraci\u00f3n no predeterminada para fines de soluci\u00f3n de problemas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-457xx/CVE-2024-45766.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45766",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-10-17T02:15:02.273",
"lastModified": "2024-10-17T02:15:02.273",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution."
},
{
"lang": "es",
"value": "Dell OpenManage Enterprise, versi\u00f3n(es) OME 4.1 y anteriores, contiene(n) una vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\"). Un atacante con privilegios reducidos y acceso remoto podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-457xx/CVE-2024-45767.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45767",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-10-17T02:15:02.587",
"lastModified": "2024-10-17T02:15:02.587",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure."
},
{
"lang": "es",
"value": "Dell OpenManage Enterprise, versi\u00f3n(es) OME 4.1 y anteriores, contiene(n) una vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando SQL (\"inyecci\u00f3n SQL\"). Un atacante con privilegios reducidos y acceso remoto podr\u00eda aprovechar esta vulnerabilidad, lo que dar\u00eda lugar a la divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-457xx/CVE-2024-45795.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45795",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-16T19:15:26.660",
"lastModified": "2024-10-16T19:15:26.660",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented \"unset\" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, las reglas que utilizan conjuntos de datos con la opci\u00f3n \"unset\" no funcional o no implementada pueden activar una aserci\u00f3n durante el an\u00e1lisis del tr\u00e1fico, lo que genera una denegaci\u00f3n de servicio. Este problema se soluciona en la versi\u00f3n 7.0.7. Como workaround, utilice solo conjuntos de reglas confiables y bien probados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-457xx/CVE-2024-45796.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45796",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-16T19:15:26.923",
"lastModified": "2024-10-16T19:15:26.923",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, un error l\u00f3gico durante el reensamblado de fragmentos pod\u00eda provocar un reensamblado fallido para el tr\u00e1fico v\u00e1lido. Un atacante podr\u00eda crear paquetes para desencadenar este comportamiento. Este problema se ha solucionado en la versi\u00f3n 7.0.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-457xx/CVE-2024-45797.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45797",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-16T19:15:27.177",
"lastModified": "2024-10-16T19:15:27.177",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49."
},
{
"lang": "es",
"value": "LibHTP es un analizador que tiene en cuenta la seguridad del protocolo HTTP y sus componentes relacionados. Antes de la versi\u00f3n 0.5.49, el procesamiento ilimitado de los encabezados de solicitud y respuesta HTTP pod\u00eda generar un uso excesivo de la memoria y del tiempo de CPU, lo que posiblemente provocara ralentizaciones extremas. Este problema se solucion\u00f3 en la versi\u00f3n 0.5.49."
}
],
"metrics": {

4
CVE-2024/CVE-2024-462xx/CVE-2024-46212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46212",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-16T21:15:12.840",
"lastModified": "2024-10-17T17:35:07.863",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-462xx/CVE-2024-46213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46213",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-16T21:15:12.947",
"lastModified": "2024-10-17T17:35:08.640",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-466xx/CVE-2024-46605.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46605",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-16T17:15:17.023",
"lastModified": "2024-10-16T20:35:13.927",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) en el componente /admin.php?page=album de Piwigo v14.5.0 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload manipulado espec\u00edficamente para tal fin e inyectada en el campo Descripci\u00f3n."
}
],
"metrics": {

4
CVE-2024/CVE-2024-466xx/CVE-2024-46606.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46606",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-16T17:15:17.117",
"lastModified": "2024-10-17T14:35:23.400",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-468xx/CVE-2024-46897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46897",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-10-18T06:15:04.813",
"lastModified": "2024-10-18T06:15:04.813",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-46xx/CVE-2024-4690.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4690",
"sourceIdentifier": "security@opentext.com",
"published": "2024-10-16T17:15:17.740",
"lastModified": "2024-10-16T17:15:17.740",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below."
},
{
"lang": "es",
"value": "La vulnerabilidad de restricci\u00f3n incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyecci\u00f3n de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores."
}
],
"metrics": {

8
CVE-2024/CVE-2024-46xx/CVE-2024-4692.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4692",
"sourceIdentifier": "security@opentext.com",
"published": "2024-10-16T17:15:17.873",
"lastModified": "2024-10-16T17:15:17.873",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.\n\n\nMultiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names.\n\nThis issue affects OpenText Application Automation Tools: 24.1.0 and below."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n incorrecta de la cantidad especificada en la entrada en OpenText Las herramientas de automatizaci\u00f3n de aplicaciones de OpenText permiten explotar niveles de seguridad de control de acceso configurados incorrectamente. Se han descubierto m\u00faltiples comprobaciones de permisos faltantes en la configuraci\u00f3n de Service Virtualization en las herramientas de automatizaci\u00f3n de aplicaciones de OpenText. La vulnerabilidad podr\u00eda permitir que los usuarios con permiso general/de lectura enumeren los nombres de los servidores de Service Virtualization. Este problema afecta a las herramientas de automatizaci\u00f3n de aplicaciones de OpenText: 24.1.0 y anteriores."
}
],
"metrics": {

8
CVE-2024/CVE-2024-471xx/CVE-2024-47187.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47187",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-16T19:15:27.407",
"lastModified": "2024-10-16T19:15:27.407",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, la falta de inicializaci\u00f3n de la semilla aleatoria para \"thash\" provocaba que los conjuntos de datos tuvieran un comportamiento de tabla hash predecible. Esto puede provocar que la carga de archivos de conjuntos de datos utilice un tiempo excesivo para cargarse, as\u00ed como problemas de rendimiento en tiempo de ejecuci\u00f3n durante el manejo del tr\u00e1fico. Este problema se ha solucionado en la versi\u00f3n 7.0.7. Como workaround, evite cargar conjuntos de datos de fuentes no confiables. Evite las reglas de conjuntos de datos que rastrean el tr\u00e1fico en las reglas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-471xx/CVE-2024-47188.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47188",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-16T19:15:27.670",
"lastModified": "2024-10-16T19:15:27.670",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, la falta de inicializaci\u00f3n de la semilla aleatoria para \"thash\" provocaba que el seguimiento del rango de bytes tuviera un comportamiento de tabla hash predecible. Esto puede provocar que un atacante fuerce una gran cantidad de datos en un solo contenedor hash, lo que provoca una degradaci\u00f3n grave del rendimiento. Este problema se ha solucionado en la versi\u00f3n 7.0.7."
}
],
"metrics": {

56
CVE-2024/CVE-2024-472xx/CVE-2024-47240.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47240",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-10-18T12:15:02.773",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000237211/dsa-2024-407-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

8
CVE-2024/CVE-2024-473xx/CVE-2024-47304.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47304",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:07.400",
"lastModified": "2024-10-17T18:15:07.400",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support allows SQL Injection.This issue affects Fluent Support: from n/a through 1.8.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en WPManageNinja LLC Fluent Support permite la inyecci\u00f3n SQL. Este problema afecta a Fluent Support: desde n/a hasta 1.8.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-473xx/CVE-2024-47312.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47312",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:07.660",
"lastModified": "2024-10-17T18:15:07.660",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en WPGrim Classic Editor and Classic Widgets permite la inyecci\u00f3n SQL. Este problema afecta al Editor cl\u00e1sico y los Widgets cl\u00e1sicos: desde n/a hasta 1.4.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-474xx/CVE-2024-47459.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47459",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-10-17T15:15:13.400",
"lastModified": "2024-10-17T15:15:13.400",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 4.5 y anteriores de Substance3D - Sampler se ven afectadas por una vulnerabilidad de desreferencia de puntero nulo que podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n, lo que provocar\u00eda una denegaci\u00f3n de servicio. Para aprovechar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-474xx/CVE-2024-47485.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47485",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2024-10-18T09:15:03.093",
"lastModified": "2024-10-18T09:15:03.093",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de CSV en algunas versiones de HikCentral Master Lite. Si se aprovecha, un atacante podr\u00eda crear datos maliciosos para generar comandos ejecutables en el archivo CSV."
}
],
"metrics": {

8
CVE-2024/CVE-2024-474xx/CVE-2024-47486.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47486",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2024-10-18T09:15:03.217",
"lastModified": "2024-10-18T09:15:03.217",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad XSS en algunas versiones de HikCentral Master Lite. Si se aprovecha, un atacante podr\u00eda inyectar scripts en determinadas p\u00e1ginas mediante la creaci\u00f3n de datos maliciosos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-474xx/CVE-2024-47487.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47487",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2024-10-18T09:15:03.400",
"lastModified": "2024-10-18T09:15:03.400",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en algunas versiones profesionales de HikCentral. Esto podr\u00eda permitir que un usuario autenticado ejecute consultas SQL arbitrarias."
}
],
"metrics": {

8
CVE-2024/CVE-2024-475xx/CVE-2024-47522.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47522",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-16T20:15:06.083",
"lastModified": "2024-10-16T20:15:06.083",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, un ALPN no v\u00e1lido en el tr\u00e1fico TLS/QUIC cuando la coincidencia/registro de JA4 est\u00e1 habilitado puede provocar que Suricata cancele la conexi\u00f3n con un mensaje de p\u00e1nico. Este problema se ha solucionado en la versi\u00f3n 7.0.7. Se puede deshabilitar JA4 como workaround."
}
],
"metrics": {

4
CVE-2024/CVE-2024-477xx/CVE-2024-47793.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47793",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-10-18T06:15:05.230",
"lastModified": "2024-10-18T06:15:05.230",
"vulnStatus": "Received",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More