admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-08T16:00:19.189158+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-08 16:03:14 +00:00
parent 81efcbddd0
commit 0f8a390a57
149 changed files with 4733 additions and 475 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-2017/CVE-2017-162xx/CVE-2017-16231.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-16231",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-03-21T15:59:56.217",
"lastModified": "2024-07-03T18:15:03.970",
"lastModified": "2024-07-08T14:16:08.107",
"vulnStatus": "Modified",
"cveTags": [
{
@ -23,6 +23,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
@ -81,6 +103,16 @@
"value": "CWE-119"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [

40
CVE-2021/CVE-2021-471xx/CVE-2021-47186.json
View File

@ -2,15 +2,51 @@
"id": "CVE-2021-47186",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T19:15:47.430",
"lastModified": "2024-04-10T19:49:51.183",
"lastModified": "2024-07-08T14:16:15.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: check for null after calling kmemdup\n\nkmemdup can return a null pointer so need to check for it, otherwise\nthe null key will be dereferenced later in tipc_crypto_key_xmit as\ncan be seen in the trace [1].\n\n\n[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-690"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3e6db079751afd527bf3db32314ae938dc571916",

4
CVE-2021/CVE-2021-472xx/CVE-2021-47242.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47242",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:13.327",
"lastModified": "2024-07-03T01:37:28.667",
"lastModified": "2024-07-08T14:16:16.353",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-1281"
"value": "CWE-667"
}
]
}

34
CVE-2022/CVE-2022-28xx/CVE-2022-2856.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2856",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-09-26T16:15:11.207",
"lastModified": "2024-06-28T14:12:35.147",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:16:18.783",
"vulnStatus": "Modified",
"cveTags": [],
"cisaExploitAdd": "2022-08-18",
"cisaActionDue": "2022-09-08",
@ -40,6 +40,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -53,6 +73,16 @@
"value": "CWE-20"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [

35
CVE-2023/CVE-2023-212xx/CVE-2023-21237.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2023-21237",
"sourceIdentifier": "security@android.com",
"published": "2023-06-28T18:15:16.560",
"lastModified": "2024-03-06T02:00:02.080",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:16:24.090",
"vulnStatus": "Modified",
"cveTags": [],
"cisaExploitAdd": "2024-03-05",
"cisaActionDue": "2024-03-26",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -35,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
@ -48,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

16
CVE-2023/CVE-2023-283xx/CVE-2023-28334.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28334",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-03-23T21:15:20.193",
"lastModified": "2024-07-03T01:39:50.350",
"lastModified": "2024-07-08T14:16:28.753",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -38,20 +38,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 0.0
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},

10
CVE-2023/CVE-2023-358xx/CVE-2023-35854.json
View File

@ -2,8 +2,16 @@
"id": "CVE-2023-35854",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T12:15:09.690",
"lastModified": "2024-05-17T02:25:30.363",
"lastModified": "2024-07-08T15:15:21.063",
"vulnStatus": "Modified",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",

35
CVE-2023/CVE-2023-472xx/CVE-2023-47246.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2023-47246",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-10T06:15:30.510",
"lastModified": "2023-11-13T17:28:37.350",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:16:40.760",
"vulnStatus": "Modified",
"cveTags": [],
"cisaExploitAdd": "2023-11-13",
"cisaActionDue": "2023-12-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -39,6 +40,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -52,6 +73,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-508xx/CVE-2023-50872.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50872",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-16T16:15:08.150",
"lastModified": "2024-07-05T16:15:03.870",
"lastModified": "2024-07-08T14:16:44.317",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,42 @@
"value": "La API en Accredible Credential.net del 6 de diciembre de 2023 permite un ataque de referencia directa a objetos inseguros que revela informaci\u00f3n parcial sobre los certificados y sus respectivos titulares. NOTA: la p\u00e1gina web excellium-services.com sobre este problema menciona \"El proveedor dice que no es un problema de seguridad\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-50872",

40
CVE-2023/CVE-2023-511xx/CVE-2023-51142.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2023-51142",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-11T01:22:43.563",
"lastModified": "2024-04-11T12:47:44.137",
"lastModified": "2024-07-08T14:16:45.710",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Un problema en ZKTeco BioTime v.8.5.4 y anteriores permite a un atacante remoto obtener informaci\u00f3n confidencial."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "http://biotime.com",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0042.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0042",
"sourceIdentifier": "security@android.com",
"published": "2024-05-07T21:15:08.540",
"lastModified": "2024-07-03T01:44:33.743",
"lastModified": "2024-07-08T14:16:55.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-843"
"value": "CWE-295"
}
]
}

28
CVE-2024/CVE-2024-09xx/CVE-2024-0905.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-0905",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-26T05:15:49.907",
"lastModified": "2024-04-26T12:58:17.720",
"lastModified": "2024-07-08T14:17:00.580",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "El complemento Fancy Product Designer de WordPress anterior a 6.1.8 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera un Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios no autenticados y de nivel administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/3b9eba0d-29aa-47e4-b17f-4cf4bbf8b690/",

40
CVE-2024/CVE-2024-17xx/CVE-2024-1755.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-1755",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-15T05:15:15.083",
"lastModified": "2024-04-15T13:15:31.997",
"lastModified": "2024-07-08T14:17:11.257",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "El complemento NPS computy WordPress hasta la versi\u00f3n 2.7.5 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/481a376b-55be-4afa-94f5-c3cf8a88b8d1/",

24
CVE-2024/CVE-2024-20xx/CVE-2024-2040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2040",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-03T06:15:02.843",
"lastModified": "2024-07-03T18:23:41.487",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:18:10.367",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},

15
CVE-2024/CVE-2024-210xx/CVE-2024-21074.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-21074",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:26.370",
"lastModified": "2024-04-17T12:48:31.863",
"lastModified": "2024-07-08T14:17:20.423",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -38,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html",

15
CVE-2024/CVE-2024-210xx/CVE-2024-21076.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-21076",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:26.720",
"lastModified": "2024-04-17T12:48:31.863",
"lastModified": "2024-07-08T14:17:21.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -38,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html",

34
CVE-2024/CVE-2024-221xx/CVE-2024-22104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22104",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T15:15:11.227",
"lastModified": "2024-07-05T17:03:41.903",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:17:26.540",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

40
CVE-2024/CVE-2024-227xx/CVE-2024-22734.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-22734",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-12T06:15:06.697",
"lastModified": "2024-04-12T12:43:46.210",
"lastModified": "2024-07-08T14:17:29.360",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en AMCS Group Trux Waste Management Software anterior a la versi\u00f3n 7.19.0018.26912, que permite a atacantes locales obtener informaci\u00f3n confidencial a trav\u00e9s de un par AES Key-IV est\u00e1tico y codificado en los componentes TxUtilities.dll y TruxUser.cfg."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.redlinecybersecurity.com/blog/cve-2024-22734",

24
CVE-2024/CVE-2024-22xx/CVE-2024-2233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2233",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-03T06:15:03.227",
"lastModified": "2024-07-03T18:23:28.183",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:18:11.917",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},

24
CVE-2024/CVE-2024-22xx/CVE-2024-2234.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2234",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-03T06:15:03.307",
"lastModified": "2024-07-03T18:17:13.110",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:18:12.157",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},

24
CVE-2024/CVE-2024-22xx/CVE-2024-2235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2235",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-03T06:15:03.387",
"lastModified": "2024-07-03T18:27:18.097",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:18:12.410",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},

28
CVE-2024/CVE-2024-234xx/CVE-2024-23486.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-23486",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-15T11:15:07.820",
"lastModified": "2024-04-15T13:15:31.997",
"lastModified": "2024-07-08T14:17:34.250",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "Existe un problema de almacenamiento de texto plano de contrase\u00f1a en los routers LAN inal\u00e1mbricos BUFFALO, lo que puede permitir que un atacante no autenticado adyacente a la red con acceso a la p\u00e1gina de inicio de sesi\u00f3n del producto pueda obtener las credenciales configuradas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN58236836/",

63
CVE-2024/CVE-2024-235xx/CVE-2024-23588.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-23588",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-07-05T14:15:02.633",
"lastModified": "2024-07-05T17:10:58.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-08T15:28:10.993",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability."
},
{
"lang": "es",
"value": " El servidor HCL Nomad en Domino no maneja adecuadamente a los usuarios configurados con acceso limitado a Domino, lo que genera una posible vulnerabilidad de denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -35,10 +59,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.12",
"matchCriteriaId": "FCA48540-10B6-4BF6-AC2C-A0A28299DB33"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114193",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Not Applicable"
]
}
]
}

24
CVE-2024/CVE-2024-23xx/CVE-2024-2376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2376",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-03T06:15:03.550",
"lastModified": "2024-07-03T18:26:55.777",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:18:14.030",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

40
CVE-2024/CVE-2024-244xx/CVE-2024-24486.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-24486",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-15T19:15:09.787",
"lastModified": "2024-04-16T13:24:07.103",
"lastModified": "2024-07-08T14:17:37.030",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Un problema descubierto en silex technology DS-600 Firmware v.1.4.1, permite a un atacante remoto editar la configuraci\u00f3n del dispositivo mediante el comando SAVE EEP_DATA."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://raw.githubusercontent.com/MostafaSoliman/Security-Advisories/master/CVE-2024-24486",

27
CVE-2024/CVE-2024-247xx/CVE-2024-24791.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24791",
"sourceIdentifier": "security@golang.org",
"published": "2024-07-02T22:15:04.833",
"lastModified": "2024-07-03T12:53:24.977",
"lastModified": "2024-07-08T14:17:39.083",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El cliente net/http HTTP/1.1 manej\u00f3 mal el caso en el que un servidor responde a una solicitud con un encabezado \"Expect: 100-continue\" con un estado no informativo (200 o superior). Este mal manejo podr\u00eda dejar una conexi\u00f3n de cliente en un estado no v\u00e1lido, donde la siguiente solicitud enviada a la conexi\u00f3n fallar\u00e1. Un atacante que env\u00eda una solicitud a un proxy net/http/httputil.ReverseProxy puede aprovechar este mal manejo para provocar una denegaci\u00f3n de servicio enviando solicitudes \"Esperar: 100-continuar\" que provocan una respuesta no informativa del backend. Cada una de estas solicitudes deja al proxy con una conexi\u00f3n no v\u00e1lida y provoca que falle una solicitud posterior que utiliza esa conexi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://go.dev/cl/591255",

8
CVE-2024/CVE-2024-249xx/CVE-2024-24974.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-24974",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-07-08T11:15:10.103",
"lastModified": "2024-07-08T11:15:10.103",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service."
},
{
"lang": "es",
"value": "El servicio interactivo en OpenVPN 2.6.9 y versiones anteriores permite acceder remotamente al canal del servicio OpenVPN, lo que permite a un atacante remoto interactuar con el servicio interactivo privilegiado OpenVPN."
}
],
"metrics": {},

38
CVE-2024/CVE-2024-250xx/CVE-2024-25086.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25086",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T16:15:04.070",
"lastModified": "2024-07-05T17:04:31.943",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:17:42.020",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,20 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

40
CVE-2024/CVE-2024-253xx/CVE-2024-25343.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-25343",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-26T20:15:07.427",
"lastModified": "2024-04-29T12:42:03.667",
"lastModified": "2024-07-08T14:17:43.447",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "La vulnerabilidad del router Tenda N300 F3 permite a los usuarios eludir la pol\u00edtica de seguridad prevista y crear contrase\u00f1as d\u00e9biles."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "http://tenda.com",

40
CVE-2024/CVE-2024-253xx/CVE-2024-25376.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-25376",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-11T21:15:07.937",
"lastModified": "2024-04-12T12:43:57.400",
"lastModified": "2024-07-08T14:17:44.317",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Un problema descubierto en los instaladores basados en MSI de Thesycon Software Solutions Gmbh & Co. KG TUSBAudio anteriores a 5.68.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s del modo de reparaci\u00f3n msiexec.exe."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.thesycon.de/eng/usb_audiodriver.shtml#SecurityAdvisory",

60
CVE-2024/CVE-2024-256xx/CVE-2024-25639.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-25639",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-08T15:15:21.423",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2024/CVE-2024-274xx/CVE-2024-27459.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27459",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-07-08T11:15:10.303",
"lastModified": "2024-07-08T11:15:10.303",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges."
},
{
"lang": "es",
"value": "El servicio interactivo en OpenVPN 2.6.9 y versiones anteriores permite a un atacante enviar datos provocando un desbordamiento de pila que puede usarse para ejecutar c\u00f3digo arbitrario con m\u00e1s privilegios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-277xx/CVE-2024-27709.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27709",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:10.853",
"lastModified": "2024-07-05T17:15:10.853",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Eskooly Web Product v.3.0 permite a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n mediante el par\u00e1metro searchby del componente allstudents.php y el par\u00e1metro id del componente requestmanager.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-277xx/CVE-2024-27710.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27710",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:10.940",
"lastModified": "2024-07-05T17:15:10.940",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism."
},
{
"lang": "es",
"value": " Un problema en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del mecanismo de autenticaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-277xx/CVE-2024-27711.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27711",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.030",
"lastModified": "2024-07-05T17:15:11.030",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings."
},
{
"lang": "es",
"value": " Un problema en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s de la funci\u00f3n de proceso Sin-up en la configuraci\u00f3n de la cuenta."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-277xx/CVE-2024-27712.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27712",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.107",
"lastModified": "2024-07-05T17:15:11.107",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism."
},
{
"lang": "es",
"value": " Un problema en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del componente User Account Mangement en el mecanismo de autenticaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-277xx/CVE-2024-27713.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27713",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.183",
"lastModified": "2024-07-05T17:15:11.183",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component."
},
{
"lang": "es",
"value": " Un problema en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del componente HTTP Response Header Settings."
}
],
"metrics": {},

45
CVE-2024/CVE-2024-277xx/CVE-2024-27715.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-27715",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.270",
"lastModified": "2024-07-05T17:15:11.270",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism."
},
{
"lang": "es",
"value": "Un problema en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios mediante una solicitud manipulada al mecanismo de cambio de contrase\u00f1a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-620"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0",

45
CVE-2024/CVE-2024-277xx/CVE-2024-27716.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-27716",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.350",
"lastModified": "2024-07-05T17:15:11.350",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields."
},
{
"lang": "es",
"value": " Vulnerabilidad de Cross Site Scripting en Eskooly Web Product v.3.0 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de los campos de env\u00edo de mensajes y de entrada del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.be-hacktive.com/eskooly-cve/cve-2024-27716-cross-site-scripting-xss-in-eskooly-web-product-less-than-v3.0",

45
CVE-2024/CVE-2024-277xx/CVE-2024-27717.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-27717",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.423",
"lastModified": "2024-07-05T17:15:11.423",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component."
},
{
"lang": "es",
"value": " Vulnerabilidad de Cross Site Request Forgery en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del componente Token Handling."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.be-hacktive.com/eskooly-cve/cve-2024-27717-cross-site-request-forgery-csrf-in-eskooly-web-product-less-than-v3.0",

8
CVE-2024/CVE-2024-279xx/CVE-2024-27903.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27903",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-07-08T11:15:10.390",
"lastModified": "2024-07-08T11:15:10.390",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service."
},
{
"lang": "es",
"value": "Los complementos de OpenVPN en Windows con OpenVPN 2.6.9 y versiones anteriores se pueden cargar desde cualquier directorio, lo que permite a un atacante cargar un complemento arbitrario que puede usarse para interactuar con el servicio interactivo privilegiado OpenVPN."
}
],
"metrics": {},

40
CVE-2024/CVE-2024-295xx/CVE-2024-29500.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-29500",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-10T20:15:07.510",
"lastModified": "2024-04-11T12:47:44.137",
"lastModified": "2024-07-08T14:18:05.667",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Un problema en el modo quiosco de Secure Lockdown Multi Application Edition v2.00.219 permite a los atacantes ejecutar c\u00f3digo arbitrario ejecutando una instancia de aplicaci\u00f3n ClickOnce."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening",

39
CVE-2024/CVE-2024-295xx/CVE-2024-29510.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29510",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.320",
"lastModified": "2024-07-05T12:55:51.367",
"lastModified": "2024-07-08T14:18:07.743",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Artifex Ghostscript anterior a 10.03.1 permite la corrupci\u00f3n de la memoria y una omisi\u00f3n M\u00c1S SEGURA de la sandbox mediante la inyecci\u00f3n de cadena de formato con un dispositivo uniprint."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707662",

39
CVE-2024/CVE-2024-295xx/CVE-2024-29511.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29511",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.430",
"lastModified": "2024-07-05T12:55:51.367",
"lastModified": "2024-07-08T14:18:08.567",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Artifex Ghostscript anterior a 10.03.1, cuando se usa Tesseract para OCR, tiene un problema de directory traversal que permite la lectura de archivos arbitrarios (y la escritura de mensajes de error en archivos arbitrarios) a trav\u00e9s de OCRLanguage. Por ejemplo, la explotaci\u00f3n puede utilizar debug_file /tmp/out y user_patterns_file /etc/passwd."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-489"
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707510",

40
CVE-2024/CVE-2024-305xx/CVE-2024-30595.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-30595",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T12:15:53.593",
"lastModified": "2024-03-28T12:42:56.150",
"lastModified": "2024-07-08T14:18:21.630",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Tenda FH1202 v1.2.0.14(408) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro deviceId de la funci\u00f3n addWifiMacFilter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceId.md",

40
CVE-2024/CVE-2024-314xx/CVE-2024-31406.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-31406",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-24T06:15:13.443",
"lastModified": "2024-04-24T13:39:42.883",
"lastModified": "2024-07-08T14:18:24.767",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Existe una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa en RoamWiFi R10 anterior a 4.8.45. Si se explota esta vulnerabilidad, un atacante no autenticado adyacente a la red con acceso al dispositivo puede realizar operaciones no autorizadas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-489"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN62737544/",

40
CVE-2024/CVE-2024-318xx/CVE-2024-31839.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-31839",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-12T14:15:07.947",
"lastModified": "2024-04-15T13:15:51.577",
"lastModified": "2024-07-08T14:18:26.223",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Vulnerabilidad de cross-site scripting en tiagorlampert CHAOS v.5.0.1 permite a un atacante remoto escalar privilegios a trav\u00e9s de la funci\u00f3n sendCommandHandler en el componente handler.go."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/",

8
CVE-2024/CVE-2024-318xx/CVE-2024-31897.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31897",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-08T03:15:02.200",
"lastModified": "2024-07-08T03:15:02.200",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178."
},
{
"lang": "es",
"value": " IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1 y 23.0.2 vulnerables a Server Side Request Forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques. ID de IBM X-Force: 288178."
}
],
"metrics": {

28
CVE-2024/CVE-2024-31xx/CVE-2024-3188.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3188",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-26T05:15:50.477",
"lastModified": "2024-04-26T12:58:17.720",
"lastModified": "2024-07-08T14:19:01.160",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "El complemento WP Shortcodes Plugin \u2014 Shortcodes Ultimate para WordPress anterior a 7.1.0 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/bc273e75-7faf-4eaf-8ebd-efc5d6e9261f/",

39
CVE-2024/CVE-2024-322xx/CVE-2024-32229.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32229",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T21:15:03.553",
"lastModified": "2024-07-02T12:09:16.907",
"lastModified": "2024-07-08T14:18:28.213",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "FFmpeg 7.0 contiene un desbordamiento del b\u00fafer de mont\u00f3n en libavfilter/vf_tiltandshift.c:189:5 en copy_column."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://trac.ffmpeg.org/ticket/10950",

40
CVE-2024/CVE-2024-324xx/CVE-2024-32487.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32487",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-13T15:15:52.683",
"lastModified": "2024-06-10T18:15:33.640",
"lastModified": "2024-07-08T14:18:29.363",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "less hasta 653 permite la ejecuci\u00f3n de comandos del sistema operativo mediante un car\u00e1cter de nueva l\u00ednea en el nombre de un archivo, porque las comillas se manejan mal en filename.c. La explotaci\u00f3n normalmente requiere el uso de nombres de archivos controlados por el atacante, como los archivos extra\u00eddos de un archivo que no es de confianza. La explotaci\u00f3n tambi\u00e9n requiere la variable de entorno LESSOPEN, pero est\u00e1 configurada de forma predeterminada en muchos casos comunes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-96"
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1",

24
CVE-2024/CVE-2024-32xx/CVE-2024-3276.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3276",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-18T06:15:12.270",
"lastModified": "2024-07-05T13:39:52.460",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-08T14:19:01.997",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

8
CVE-2024/CVE-2024-338xx/CVE-2024-33862.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33862",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T23:15:10.050",
"lastModified": "2024-07-05T23:15:10.050",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system."
},
{
"lang": "es",
"value": " Una vulnerabilidad de gesti\u00f3n del b\u00fafer en OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core anterior a 1.05.374.54 podr\u00eda permitir a atacantes remotos agotar los recursos de memoria. Se activa cuando el sistema recibe una cantidad excesiva de mensajes de una fuente remota. Esto podr\u00eda conducir potencialmente a una condici\u00f3n de denegaci\u00f3n de servicio (DoS), interrumpiendo el funcionamiento normal del sistema."
}
],
"metrics": {},

39
CVE-2024/CVE-2024-338xx/CVE-2024-33871.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33871",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.943",
"lastModified": "2024-07-05T12:55:51.367",
"lastModified": "2024-07-08T14:18:32.130",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en Artifex Ghostscript antes de la versi\u00f3n 10.03.1. contrib/opvp/gdevopvp.c permite la ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de una librer\u00eda de controladores personalizada, explotable a trav\u00e9s de un documento PostScript manipulado. Esto ocurre porque el par\u00e1metro Controlador para dispositivos opvp (y oprp) puede tener un nombre arbitrario para una librer\u00eda din\u00e1mica; luego se carga esta librer\u00eda. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707754",

8
CVE-2024/CVE-2024-343xx/CVE-2024-34361.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34361",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-05T19:15:09.610",
"lastModified": "2024-07-05T19:15:09.610",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue."
},
{
"lang": "es",
"value": " Pi-hole es un sumidero de DNS que protege los dispositivos de contenido no deseado sin instalar ning\u00fan software del lado del cliente. Una vulnerabilidad en versiones anteriores a la 5.18.3 permite a un usuario autenticado realizar solicitudes internas al servidor a trav\u00e9s de la funci\u00f3n `gravity_DownloadBlocklistFromUrl()`. Dependiendo de algunas circunstancias, la vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n remota de comandos. La versi\u00f3n 5.18.3 contiene un parche para este problema."
}
],
"metrics": {

40
CVE-2024/CVE-2024-344xx/CVE-2024-34452.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34452",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-21T22:15:10.877",
"lastModified": "2024-06-24T12:57:36.513",
"lastModified": "2024-07-08T14:18:33.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "CMSimple_XH 1.7.6 permite XSS cargando un documento SVG manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/surajhacx/CVE-2024-34452/",

8
CVE-2024/CVE-2024-346xx/CVE-2024-34602.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34602",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-07-08T07:15:02.663",
"lastModified": "2024-07-08T07:15:02.663",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability."
},
{
"lang": "es",
"value": "El uso de intenci\u00f3n impl\u00edcita para comunicaciones confidenciales en Samsung Messages antes de la versi\u00f3n 1 de SMR de julio de 2024 permite a los atacantes locales obtener informaci\u00f3n confidencial. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."
}
],
"metrics": {

4
CVE-2024/CVE-2024-346xx/CVE-2024-34603.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34603",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-07-08T07:15:04.100",
"lastModified": "2024-07-08T07:15:04.100",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

40
CVE-2024/CVE-2024-361xx/CVE-2024-36103.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-36103",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-12T01:15:49.220",
"lastModified": "2024-06-13T18:36:09.013",
"lastModified": "2024-07-08T14:18:36.887",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en WRC-X5400GS-B v1.0.10 y anteriores, y WRC-X5400GSA-B v1.0.10 y anteriores permite a un atacante adyacente a la red con privilegios administrativos ejecutar comandos arbitrarios del sistema operativo enviando una solicitud especialmente manipulada al producto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU97214223/",

32
CVE-2024/CVE-2024-364xx/CVE-2024-36495.json
View File

@ -2,15 +2,43 @@
"id": "CVE-2024-36495",
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"published": "2024-06-24T09:15:09.730",
"lastModified": "2024-06-25T06:15:10.057",
"lastModified": "2024-07-08T14:18:38.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The application Faronics WINSelect (Standard + Enterprise)\u00a0saves its configuration in an encrypted file on the file system\u00a0which \"Everyone\" has read and write access to, path to file:\n\n\n\nC:\\ProgramData\\WINSelect\\WINSelect.wsd\n\nThe path for\u00a0the affected WINSelect Enterprise\u00a0configuration file is:\n\nC:\\ProgramData\\Faronics\\StorageSpace\\WS\\WINSelect.wsd"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Faronics WINSelect (Standard + Enterprise) guarda su configuraci\u00f3n en un archivo cifrado en el sistema de archivos al que \"Todos\" tiene acceso de lectura y escritura, ruta al archivo: C:\\ProgramData\\WINSelect\\WINSelect.wsd La ruta del archivo afectado El archivo de configuraci\u00f3n de WINSelect Enterprise es: C:\\ProgramData\\Faronics\\StorageSpace\\WS\\WINSelect.wsd"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",

12
CVE-2024/CVE-2024-369xx/CVE-2024-36983.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36983",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-07-01T17:15:06.257",
"lastModified": "2024-07-02T12:09:16.907",
"lastModified": "2024-07-08T14:18:39.520",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -49,6 +49,16 @@
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-75"
}
]
}
],
"references": [

12
CVE-2024/CVE-2024-369xx/CVE-2024-36985.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36985",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-07-01T17:15:06.703",
"lastModified": "2024-07-02T12:09:16.907",
"lastModified": "2024-07-08T14:18:40.360",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -49,6 +49,16 @@
"value": "CWE-687"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-253"
}
]
}
],
"references": [

12
CVE-2024/CVE-2024-369xx/CVE-2024-36997.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36997",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-07-01T17:15:09.143",
"lastModified": "2024-07-02T12:09:16.907",
"lastModified": "2024-07-08T14:18:42.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -49,6 +49,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-75"
}
]
}
],
"references": [

8
CVE-2024/CVE-2024-36xx/CVE-2024-3651.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3651",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-07-07T18:15:09.827",
"lastModified": "2024-07-07T18:15:09.827",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en la librer\u00eda kjd/idna, espec\u00edficamente dentro de la funci\u00f3n `idna.encode()`, afectando a la versi\u00f3n 3.6. El problema surge del manejo por parte de la funci\u00f3n de cadenas de entrada manipuladas, lo que puede generar complejidad cuadr\u00e1tica y, en consecuencia, una condici\u00f3n de denegaci\u00f3n de servicio. Esta vulnerabilidad se activa por una entrada manipulada que hace que la funci\u00f3n `idna.encode()` procese la entrada con una carga computacional considerable, aumentando significativamente el tiempo de procesamiento de manera cuadr\u00e1tica en relaci\u00f3n con el tama\u00f1o de la entrada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-372xx/CVE-2024-37208.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37208",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T10:15:01.907",
"lastModified": "2024-07-06T10:15:01.907",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7."
},
{
"lang": "es",
"value": " Vulnerabilidad de Server Side Request Forgery (SSRF) en Robert Macchi WP Scraper. Este problema afecta a WP Scraper: desde n/a hasta 5.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-372xx/CVE-2024-37234.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37234",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T10:15:02.913",
"lastModified": "2024-07-06T10:15:02.913",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4."
},
{
"lang": "es",
"value": " Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza (\"Open Redirect\") en Kodezen Limited Academy LMS. Este problema afecta a Academy LMS: desde n/a hasta 2.0.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-372xx/CVE-2024-37260.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37260",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T10:15:03.190",
"lastModified": "2024-07-06T10:15:03.190",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5."
},
{
"lang": "es",
"value": " Vulnerabilidad de Server Side Request Forgery (SSRF) en Theme-Ruby Foxiz. Este problema afecta a Foxiz: desde n/a hasta 2.3.5."
}
],
"metrics": {

4
CVE-2024/CVE-2024-373xx/CVE-2024-37389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37389",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-08T08:15:10.847",
"lastModified": "2024-07-08T08:15:10.847",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-375xx/CVE-2024-37528.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37528",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-08T03:15:02.450",
"lastModified": "2024-07-08T03:15:02.450",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293."
},
{
"lang": "es",
"value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1 y 23.0.2 son vulnerables a Cross Site Scripting. Esta vulnerabilidad permite a un usuario privilegiado incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 294293."
}
],
"metrics": {

8
CVE-2024/CVE-2024-375xx/CVE-2024-37539.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37539",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T13:15:10.190",
"lastModified": "2024-07-06T13:15:10.190",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Delower WP To Do permite XSS almacenado. Este problema afecta a WP To Do: desde n/a hasta 1.3.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-375xx/CVE-2024-37541.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37541",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T13:15:10.437",
"lastModified": "2024-07-06T13:15:10.437",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements \u2013 Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements \u2013 Stax: from n/a through 1.4.4.1."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en complementos, widgets y mejoras de Elementor de StaxWP: Stax permite XSS almacenado. Este problema afecta a Elementor Addons, Widgets and Enhancements \u2013 Stax: desde n/a hasta 1.4.4.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-375xx/CVE-2024-37542.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37542",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T13:15:10.640",
"lastModified": "2024-07-06T13:15:10.640",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3."
},
{
"lang": "es",
"value": " Vulnerabilidad de autorizaci\u00f3n faltante en WpDevArt Responsive Image Gallery, Gallery Album. Este problema afecta a Responsive Image Gallery, Gallery Album: desde n/a hasta 2.0.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-375xx/CVE-2024-37546.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37546",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T15:15:10.283",
"lastModified": "2024-07-06T15:15:10.283",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects - Caption Hover with Carousel: from n/a through 3.0.2."
},
{
"lang": "es",
"value": " Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en biplob018 Image Hover Effects - Caption Hover with Carousel permite XSS almacenado. Este problema afecta a Image Hover Effects - Caption Hover with Carousel: desde n/a hasta 3.0.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-375xx/CVE-2024-37547.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37547",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T15:15:10.500",
"lastModified": "2024-07-06T15:15:10.500",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.7."
},
{
"lang": "es",
"value": "Vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") en Livemesh Livemesh Addons para Elementor. Este problema afecta a Livemesh Addons para Elementor: desde n/a hasta 8.3.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-375xx/CVE-2024-37553.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37553",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T16:15:02.023",
"lastModified": "2024-07-06T16:15:02.023",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Axelerant Testimonials Widget permite el XSS almacenado. Este problema afecta el widget de testimonios: desde n/a hasta 4.0.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-375xx/CVE-2024-37554.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37554",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T17:15:09.890",
"lastModified": "2024-07-06T17:15:09.890",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode). Este problema afecta a UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): desde n/a hasta 1.1.6."
}
],
"metrics": {

8
CVE-2024/CVE-2024-377xx/CVE-2024-37767.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37767",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.533",
"lastModified": "2024-07-05T17:15:11.533",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request."
},
{
"lang": "es",
"value": " Los permisos inseguros en el componente /api/admin/user de 14Finger v1.1 permiten a los atacantes acceder a toda la informaci\u00f3n del usuario a trav\u00e9s de una solicitud GET manipulada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-379xx/CVE-2024-37903.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37903",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-05T18:15:32.093",
"lastModified": "2024-07-05T18:15:32.093",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them. Versions 4.1.18 and 4.2.10 contain a patch for this issue."
},
{
"lang": "es",
"value": " Mastodon es una plataforma de microblogging federada y autohospedada. A partir de la versi\u00f3n 2.6.0 y antes de las versiones 4.1.18 y 4.2.10, al crear actividades espec\u00edficas, un atacante puede ampliar la audiencia de una publicaci\u00f3n que no es de su propiedad a otros usuarios de Mastodon en un servidor de destino, obteniendo as\u00ed acceso al contenido de una publicaci\u00f3n no destinada a ellos. Las versiones 4.1.18 y 4.2.10 contienen un parche para este problema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-379xx/CVE-2024-37999.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37999",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-08T11:15:10.487",
"lastModified": "2024-07-08T11:15:10.487",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Medicalis Workflow Orchestrator (todas las versiones). La aplicaci\u00f3n afectada se ejecuta como una cuenta confiable con altos privilegios y acceso a la red. Esto podr\u00eda permitir que un atacante local autenticado escale privilegios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-383xx/CVE-2024-38330.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38330",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-08T02:15:01.963",
"lastModified": "2024-07-08T02:15:01.963",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227."
},
{
"lang": "es",
"value": "IBM System Management para i 7.2, 7.3 y 7.4 podr\u00eda permitir que un usuario local obtenga privilegios elevados debido a una llamada no calificada a un programa de librer\u00eda. Un actor malintencionado podr\u00eda provocar que el c\u00f3digo controlado por el usuario se ejecute con privilegios de administrador. ID de IBM X-Force: 295227."
}
],
"metrics": {

99
CVE-2024/CVE-2024-383xx/CVE-2024-38346.json
View File

@ -2,16 +2,63 @@
"id": "CVE-2024-38346",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-05T14:15:02.867",
"lastModified": "2024-07-05T17:10:58.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-08T15:48:17.710",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user.\u00a0An attacker that can reach the cluster service on the unauthenticated\u00a0port (default 9090), can exploit this to perform remote code execution on CloudStack managed hosts and result in complete\u00a0compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.\n\nUsers are recommended to restrict the network access to the cluster service port (default 9090) on a CloudStack management server host to only its peer CloudStack management server hosts.\u00a0Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.\n\n"
},
{
"lang": "es",
"value": "El servicio de cl\u00faster de CloudStack se ejecuta en un puerto no autenticado (9090 predeterminado) que puede usarse indebidamente para ejecutar comandos arbitrarios en hipervisores espec\u00edficos y hosts de servidores de administraci\u00f3n de CloudStack. Se descubri\u00f3 que algunos de estos comandos ten\u00edan vulnerabilidades de inyecci\u00f3n de comandos que pueden resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de agentes en los hosts que pueden ejecutarse como un usuario privilegiado. Un atacante que pueda acceder al servicio de cl\u00faster en el puerto no autenticado (9090 predeterminado) puede aprovechar esto para realizar la ejecuci\u00f3n remota de c\u00f3digo en hosts administrados por CloudStack y comprometer completamente la confidencialidad, integridad y disponibilidad de la infraestructura administrada por CloudStack. Se recomienda a los usuarios restringir el acceso a la red al puerto de servicio de cl\u00faster (9090 predeterminado) en un host del servidor de administraci\u00f3n de CloudStack solo a sus hosts del servidor de administraci\u00f3n de CloudStack pares. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.18.2.1, 4.19.0.2 o posterior, que soluciona este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -24,22 +71,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.18.2.1",
"matchCriteriaId": "3838B737-9231-4333-9777-8B49CBACC754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.0.0",
"versionEndExcluding": "4.19.0.2",
"matchCriteriaId": "1155DE75-1275-454F-9461-6DF70C73D1E2"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/05/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Release Notes"
]
}
]
}

27
CVE-2024/CVE-2024-384xx/CVE-2024-38471.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38471",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-04T01:15:02.400",
"lastModified": "2024-07-05T12:55:51.367",
"lastModified": "2024-07-08T14:18:45.747",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "M\u00faltiples productos TP-LINK permiten a un atacante adyacente a la red con privilegios administrativos ejecutar comandos arbitrarios del sistema operativo mediante la restauraci\u00f3n de un archivo de copia de seguridad manipulado. El dispositivo afectado, con la configuraci\u00f3n inicial, permite iniciar sesi\u00f3n \u00fanicamente desde el puerto LAN o Wi-Fi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU99784493/",

27
CVE-2024/CVE-2024-384xx/CVE-2024-38475.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38475",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-01T19:15:04.883",
"lastModified": "2024-07-02T12:09:16.907",
"lastModified": "2024-07-08T14:18:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El escape inadecuado de la salida en mod_rewrite en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante asignar URL a ubicaciones del sistema de archivos que el servidor permite servir, pero a las que no se puede acceder intencional o directamente mediante ninguna URL, dando como resultado la ejecuci\u00f3n del c\u00f3digo o la divulgaci\u00f3n del c\u00f3digo fuente. Las sustituciones en el contexto del servidor que utilizan referencias inversas o variables como primer segmento de la sustituci\u00f3n se ven afectadas. Este cambio romper\u00e1 algunas RewiteRules inseguras y el indicador de reescritura \"UnsafePrefixStat\" se puede usar para volver a participar una vez que se garantice que la sustituci\u00f3n est\u00e9 restringida adecuadamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

40
CVE-2024/CVE-2024-389xx/CVE-2024-38949.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-38949",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T20:15:16.263",
"lastModified": "2024-06-27T12:47:19.847",
"lastModified": "2024-07-08T14:18:46.730",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": " La vulnerabilidad de desbordamiento de b\u00fafer de mont\u00f3n en Libde265 v1.0.15 permite a los atacantes bloquear la aplicaci\u00f3n mediante un payload manipulado para mostrar la funci\u00f3n 444as420 en sdl.cc"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/strukturag/libde265/issues/460",

8
CVE-2024/CVE-2024-390xx/CVE-2024-39019.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39019",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T19:15:09.840",
"lastModified": "2024-07-05T19:15:09.840",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del"
},
{
"lang": "es",
"value": " Se descubri\u00f3 que idccms v1.35 contiene una vulnerabilidad de Cross Site Request Forgery (CSRF) a trav\u00e9s de /admin/idcProData_deal.php?mudi=del"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-390xx/CVE-2024-39020.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39020",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T19:15:09.920",
"lastModified": "2024-07-05T19:15:09.920",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close"
},
{
"lang": "es",
"value": " Se descubri\u00f3 que idccms v1.35 contiene una vulnerabilidad de Cross Site Request Forgery (CSRF) a trav\u00e9s de /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-390xx/CVE-2024-39021.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39021",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T19:15:10.000",
"lastModified": "2024-07-05T19:15:10.000",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://127.0.0.1:80/admin/vpsApiData_deal.php?mudi=del"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que idccms v1.35 conten\u00eda una falsificaci\u00f3n de solicitud entre sitios (CSRF) a trav\u00e9s del componente http://127.0.0.1:80/admin/vpsApiData_deal.php?mudi=del"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-390xx/CVE-2024-39022.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39022",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T19:15:10.087",
"lastModified": "2024-07-05T19:15:10.087",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal"
},
{
"lang": "es",
"value": " Se descubri\u00f3 que idccms v1.35 conten\u00eda una vulnerabilidad de Cross Site Request Forgery (CSRF) a trav\u00e9s de /admin/infoSys_deal.php?mudi=deal"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-390xx/CVE-2024-39023.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39023",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T19:15:10.167",
"lastModified": "2024-07-05T19:15:10.167",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close"
},
{
"lang": "es",
"value": " Se descubri\u00f3 que idccms v1.35 contiene una vulnerabilidad de Cross Site Request Forgery (CSRF) a trav\u00e9s de admin/info_deal.php?mudi=add&nohrefStr=close"
}
],
"metrics": {},

68
CVE-2024/CVE-2024-390xx/CVE-2024-39027.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-39027",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T14:15:02.997",
"lastModified": "2024-07-05T17:10:58.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-08T15:48:01.000",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked."
},
{
"lang": "es",
"value": "SeaCMS v12.9 tiene una vulnerabilidad de inyecci\u00f3n SQL no autorizada. La vulnerabilidad es causada por la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro cid en /js/player/dmplayer/dmku/index.php?ac=edit, lo que puede causar que se filtre informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52C0BF-703A-4BF0-A5A9-E3995C30FE0D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/seacms-net/CMS/issues/17",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2024/CVE-2024-390xx/CVE-2024-39028.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-39028",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T14:15:03.100",
"lastModified": "2024-07-05T17:10:58.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-08T15:47:26.720",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php."
},
{
"lang": "es",
"value": " Se descubri\u00f3 un problema en SeaCMS &lt;=12.9 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de admin_ping.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seacms:seacms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.9",
"matchCriteriaId": "4B114546-6AB3-471D-BB71-4AE0B0443265"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pysnow1/vul_discovery/blob/main/SeaCMS/SeaCMS%20v12.9%20admin_ping.php%20RCE.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

8
CVE-2024/CVE-2024-391xx/CVE-2024-39150.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39150",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.610",
"lastModified": "2024-07-05T17:15:11.610",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet."
},
{
"lang": "es",
"value": " vditor v.3.9.8 y anteriores es vulnerable a la lectura arbitraria de archivos a trav\u00e9s de un paquete de datos manipulado."
}
],
"metrics": {},

44
CVE-2024/CVE-2024-391xx/CVE-2024-39154.json
View File

@ -2,15 +2,55 @@
"id": "CVE-2024-39154",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-27T14:15:15.817",
"lastModified": "2024-06-27T17:11:52.390",
"lastModified": "2024-07-08T14:18:48.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que idccms v1.35 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /admin/keyWord_deal.php?mudi=del&amp;dataType=word&amp;dataTypeCN."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md",

45
CVE-2024/CVE-2024-391xx/CVE-2024-39174.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-39174",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T18:15:32.350",
"lastModified": "2024-07-05T18:15:32.350",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article."
},
{
"lang": "es",
"value": " Una vulnerabilidad de Cross Site Scripting (XSS) en la funci\u00f3n Publicar art\u00edculo de yzmcms v7.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en un art\u00edculo publicado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/0x1ang/cvepbulic/issues/1",

8
CVE-2024/CVE-2024-391xx/CVE-2024-39178.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39178",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T17:15:11.690",
"lastModified": "2024-07-05T17:15:11.690",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid."
},
{
"lang": "es",
"value": " Se descubri\u00f3 que MyPower vc8100 V100R001C00B030 conten\u00eda una vulnerabilidad de lectura de archivos arbitraria a trav\u00e9s del componente /tcpdump/tcpdump.php?menu_uuid."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-391xx/CVE-2024-39182.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39182",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T23:15:10.137",
"lastModified": "2024-07-05T23:15:10.137",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779)."
},
{
"lang": "es",
"value": " Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en ISPmanager v6.98.0 permite a los atacantes acceder a detalles confidenciales de la sesi\u00f3n del usuario root mediante un comando arbitrario (ISP6-1779)."
}
],
"metrics": {},

39
CVE-2024/CVE-2024-392xx/CVE-2024-39206.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39206",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T18:15:03.290",
"lastModified": "2024-07-03T12:53:24.977",
"lastModified": "2024-07-08T14:18:50.487",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema descubierto en MSP360 Backup Agent v7.8.5.15 y v7.9.4.84 permite a los atacantes obtener credenciales de recursos compartidos de red utilizadas en una copia de seguridad debido a que Enginesettings.list est\u00e1 cifrado con una clave codificada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.proactivelabs.com.au/2024/06/19/cloudberry.html",

76
CVE-2024/CVE-2024-393xx/CVE-2024-39308.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-39308",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-08T15:15:22.080",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released)."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/railsadminteam/rails_admin/commit/b5a287d82e2cbd1737a1a01e11ede2911cce7fef",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/railsadminteam/rails_admin/commit/d84b39884059c4ed50197cec8522cca029a17673",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/railsadminteam/rails_admin/issues/3686",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/railsadminteam/rails_admin/security/advisories/GHSA-8qgm-g2vv-vwvc",
"source": "security-advisories@github.com"
},
{
"url": "https://rubygems.org/gems/rails_admin/versions/2.3.0",
"source": "security-advisories@github.com"
},
{
"url": "https://rubygems.org/gems/rails_admin/versions/3.1.3",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2024/CVE-2024-393xx/CVE-2024-39321.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39321",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-05T18:15:32.430",
"lastModified": "2024-07-05T18:15:32.430",
"vulnStatus": "Received",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Traefik es un proxy inverso HTTP y un equilibrador de carga. Las versiones anteriores a 2.11.6, 3.0.4 y 3.1.0-rc3 tienen una vulnerabilidad que permite eludir las listas de direcciones IP permitidas a trav\u00e9s de solicitudes de datos tempranas HTTP/3 en protocolos de enlace QUIC 0-RTT enviados con direcciones IP falsificadas. Las versiones 2.11.6, 3.0.4 y 3.1.0-rc3 contienen un parche para este problema. No hay soluciones conocidas disponibles."
}
],
"metrics": {

41
CVE-2024/CVE-2024-394xx/CVE-2024-39479.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39479",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.530",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-08T14:18:53.007",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915/hwmon: deshacerse de devm Cuando tanto hwmon como hwmon drvdata (del cual depende hwmon) son recursos administrados por el dispositivo, la expectativa, al desvincular el dispositivo, es que hwmon publicarse antes que drvdata. Sin embargo, en i915 hay dos rutas de c\u00f3digo independientes, que liberan drvdata o hwmon y cualquiera de ellas puede publicarse antes que la otra. Estas rutas de c\u00f3digo (para desvincular el dispositivo) son las siguientes (consulte tambi\u00e9n el error al que se hace referencia a continuaci\u00f3n): Seguimiento de llamadas: release_nodes+0x11/0x70 devres_release_group+0xb2/0x110 componente_unbind_all+0x8d/0xa0 componente_del+0xa5/0x140 intel_pxp_tee_component_fini+0x29/0x40 [i915 ] intel_pxp_fini+0x33/0x80 [i915] i915_driver_remove+0x4c/0x120 [i915] i915_pci_remove+0x19/0x30 [i915] pci_device_remove+0x32/0xa0 dispositivo_release_driver_internal+0x19c/0x200 store+0x9c/0xb0 y seguimiento de llamadas: release_nodes+0x11/0x70 devres_release_all +0x8a/0xc0 device_unbind_cleanup+0x9/0x70 device_release_driver_internal+0x1c1/0x200 unbind_store+0x9c/0xb0 Esto significa que en i915, si usa devm, no podemos garantizar que hwmon siempre se publicar\u00e1 antes que drvdata. Lo que significa que tenemos un uaf si se accede a hwmon sysfs cuando drvdata se lanz\u00f3 pero hwmon no. La \u00fanica forma de solucionar esto parece ser deshacerse de devm_ y liberar/liberar todo expl\u00edcitamente durante la desvinculaci\u00f3n del dispositivo. v2: Cambiar mensaje de confirmaci\u00f3n y otros cambios menores de c\u00f3digo v3: Limpieza de i915_hwmon_register en caso de error (Armin Wolf) v4: Eliminar posible advertencia del analizador est\u00e1tico (Rodrigo) Eliminar fetch_and_zero (Jani) v5: Restaurar la l\u00f3gica anterior para el retorno de error ddat_gt-&gt;hwmon_dev (Andi )"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5bc9de065b8bb9b8dd8799ecb4592d0403b54281",

Some files were not shown because too many files have changed in this diff Show More