admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-03T16:00:38.722644+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-03 16:03:31 +00:00
parent 94e78f0792
commit 12bcf72c31
138 changed files with 1153 additions and 392 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2023/CVE-2023-424xx/CVE-2023-42427.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42427",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-03T04:15:08.830",
"lastModified": "2024-06-03T04:15:08.830",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.7, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is using the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting en UNIVERSAL PASSPORT RX versiones 1.0.0 a 1.0.7, que puede permitir que un atacante remoto autenticado ejecute un script arbitrario en el navegador web del usuario que est\u00e1 utilizando el producto."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-435xx/CVE-2023-43537.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43537",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:09.063",
"lastModified": "2024-06-03T10:15:09.063",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43538.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43538",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:09.937",
"lastModified": "2024-06-03T10:15:09.937",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43542.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43542",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:10.220",
"lastModified": "2024-06-03T10:15:10.220",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43543.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43543",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:10.467",
"lastModified": "2024-06-03T10:15:10.467",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43544.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43544",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:10.700",
"lastModified": "2024-06-03T10:15:10.700",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43545",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:10.907",
"lastModified": "2024-06-03T10:15:10.907",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43551.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43551",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:11.147",
"lastModified": "2024-06-03T10:15:11.147",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43555.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43555",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:11.420",
"lastModified": "2024-06-03T10:15:11.420",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-435xx/CVE-2023-43556.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43556",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:11.673",
"lastModified": "2024-06-03T10:15:11.673",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-487xx/CVE-2023-48789.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48789",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T08:15:08.507",
"lastModified": "2024-06-03T08:15:08.507",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests."
},
{
"lang": "es",
"value": "Una aplicaci\u00f3n de la seguridad del lado del servidor en Fortinet FortiPortal versi\u00f3n 6.0.0 a 6.0.14 permite al atacante realizar un control de acceso inadecuado a trav\u00e9s de solicitudes HTTP manipuladas."
}
],
"metrics": {

8
CVE-2023/CVE-2023-514xx/CVE-2023-51436.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51436",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-03T04:15:09.287",
"lastModified": "2024-06-03T04:15:09.287",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.8, which may allow a remote authenticated attacker with an administrative privilege to execute an arbitrary script on the web browser of the user who is using the product. "
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting en las versiones 1.0.0 a 1.0.8 de UNIVERSAL PASSPORT RX, que puede permitir que un atacante remoto autenticado con privilegios administrativos ejecute un script arbitrario en el navegador web del usuario que est\u00e1 utilizando el producto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-63xx/CVE-2023-6382.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6382",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-01T05:15:08.287",
"lastModified": "2024-06-01T05:15:08.287",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Master Slider \u2013 Responsive Touch Slider para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'ms_slide' del complemento en todas las versiones hasta la 3.9.9 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en el atributo 'css_class' proporcionado por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

32
CVE-2024/CVE-2024-03xx/CVE-2024-0336.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0336",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-06-03T14:15:08.900",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDKS: before 20240603.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0600",
"source": "iletisim@usom.gov.tr"
}
]
}

8
CVE-2024/CVE-2024-13xx/CVE-2024-1324.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1324",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-01T07:15:07.850",
"lastModified": "2024-06-01T07:15:07.850",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to retrieve the contents of arbitrary posts that may not be public."
},
{
"lang": "es",
"value": "El complemento QQWorld Auto Save Images para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n save_remote_images_get_auto_saved_results() conectada a trav\u00e9s de norpriv AJAX en todas las versiones hasta la 1.9.8 incluida. Esto hace posible que atacantes no autenticados recuperen el contenido de publicaciones arbitrarias que pueden no ser p\u00fablicas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-200xx/CVE-2024-20065.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20065",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:08.463",
"lastModified": "2024-06-03T02:15:08.463",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394."
},
{
"lang": "es",
"value": "En telefon\u00eda existe una posible divulgaci\u00f3n de informaci\u00f3n debido a la falta de una verificaci\u00f3n de permiso. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08698617; ID del problema: MSV-1394."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20066.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20066",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:08.630",
"lastModified": "2024-06-03T02:15:08.630",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477."
},
{
"lang": "es",
"value": "En el m\u00f3dem, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01267281; ID del problema: MSV-1477."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20067.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20067",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:08.770",
"lastModified": "2024-06-03T02:15:08.770",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462."
},
{
"lang": "es",
"value": "En el m\u00f3dem, existe una posible escritura fuera de los l\u00edmites debido a una invalidaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01267285; ID del problema: MSV-1462."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20068.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20068",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:08.873",
"lastModified": "2024-06-03T02:15:08.873",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: MSV-1479."
},
{
"lang": "es",
"value": "En el m\u00f3dem, existe una posible falla del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01270721; ID del problema: MSV-1479."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20069.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20069",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:08.977",
"lastModified": "2024-06-03T02:15:08.977",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430."
},
{
"lang": "es",
"value": "En el m\u00f3dem, existe una posible selecci\u00f3n de algoritmos menos seguros durante el IKE de VoWiFi debido a que falta una verificaci\u00f3n de degradaci\u00f3n de DH. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: MOLY01286330; ID del problema: MSV-1430."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20070.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20070",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:09.093",
"lastModified": "2024-06-03T02:15:09.093",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469."
},
{
"lang": "es",
"value": "En los m\u00f3dems, existe una posible divulgaci\u00f3n de informaci\u00f3n debido al uso de algoritmos criptogr\u00e1ficos riesgosos durante la negociaci\u00f3n del establecimiento de la conexi\u00f3n. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n, cuando se utiliza un algoritmo de cifrado d\u00e9bil, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY00942482; ID del problema: MSV-1469."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20071.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20071",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:09.220",
"lastModified": "2024-06-03T02:15:09.220",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331."
},
{
"lang": "es",
"value": "En el controlador WLAN, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: WCNCR00364733; ID del problema: MSV-1331."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20072.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20072",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:09.320",
"lastModified": "2024-06-03T02:15:09.320",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332."
},
{
"lang": "es",
"value": "En el controlador WLAN, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: WCNCR00364732; ID del problema: MSV-1332."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20073.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20073",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:09.420",
"lastModified": "2024-06-03T02:15:09.420",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID: MSV-1411."
},
{
"lang": "es",
"value": "En el servicio WLAN, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: WCNCR00367704; ID del problema: MSV-1411."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20074.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20074",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:09.520",
"lastModified": "2024-06-03T02:15:09.520",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In dmc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08668110; Issue ID: MSV-1333."
},
{
"lang": "es",
"value": "En dmc, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08668110; ID del problema: MSV-1333."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20075.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20075",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-06-03T02:15:09.620",
"lastModified": "2024-06-03T02:15:09.620",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In eemgpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08713302; Issue ID: MSV-1393."
},
{
"lang": "es",
"value": "En eemgpu, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08713302; ID del problema: MSV-1393."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-214xx/CVE-2024-21478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21478",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:11.907",
"lastModified": "2024-06-03T10:15:11.907",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-21xx/CVE-2024-2178.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2178",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-02T11:15:07.390",
"lastModified": "2024-06-02T11:15:07.390",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the 'lollms_personalities_infos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy to custom personas folder for editing' process. By inserting '../' sequences in these parameters, attackers can traverse the directory structure and access files outside of the intended directory. Successful exploitation results in unauthorized access to sensitive information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en parisneo/lollms-webui, espec\u00edficamente dentro del endpoint 'copy_to_custom_personas' en el archivo 'lollms_personalities_infos.py'. Esta vulnerabilidad permite a los atacantes leer archivos arbitrarios manipulando los par\u00e1metros 'categor\u00eda' y 'nombre' durante el proceso 'Copiar a la carpeta de personas personalizadas para editar'. Al insertar secuencias '../' en estos par\u00e1metros, los atacantes pueden atravesar la estructura del directorio y acceder a archivos fuera del directorio deseado. La explotaci\u00f3n exitosa da como resultado el acceso no autorizado a informaci\u00f3n confidencial."
}
],
"metrics": {

8
CVE-2024/CVE-2024-22xx/CVE-2024-2295.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2295",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-01T08:15:08.407",
"lastModified": "2024-06-01T08:15:08.407",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [xyz-cfm-form] shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Contact Form Manager para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado [xyz-cfm-form] del complemento en todas las versiones hasta la 1.6.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-231xx/CVE-2024-23107.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23107",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T08:15:08.837",
"lastModified": "2024-06-03T08:15:08.837",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands."
},
{
"lang": "es",
"value": "Una exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en FortiWeb versi\u00f3n 7.4.0, versi\u00f3n 7.2.4 e inferiores, versi\u00f3n 7.0.8 e inferiores, 6.3 todas las versiones puede permitir que un atacante autenticado lea hashes de contrase\u00f1as de otros administradores a trav\u00e9s de comandos CLI."
}
],
"metrics": {

8
CVE-2024/CVE-2024-233xx/CVE-2024-23316.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23316",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-05-31T19:15:08.723",
"lastModified": "2024-05-31T19:15:08.723",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests."
},
{
"lang": "es",
"value": "La desincronizaci\u00f3n de solicitudes HTTP en Ping Identity PingAccess, todas las versiones anteriores a 8.0.1 afectadas, permite a un atacante enviar solicitudes de encabezado http especialmente manipuladas para crear una condici\u00f3n de contrabando de solicitudes para solicitudes proxy."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-233xx/CVE-2024-23360.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23360",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:12.130",
"lastModified": "2024-06-03T10:15:12.130",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-233xx/CVE-2024-23363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23363",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-06-03T10:15:12.377",
"lastModified": "2024-06-03T10:15:12.377",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-236xx/CVE-2024-23664.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23664",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T10:15:12.620",
"lastModified": "2024-06-03T10:15:12.620",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-236xx/CVE-2024-23665.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23665",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T10:15:12.870",
"lastModified": "2024-06-03T10:15:12.870",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-236xx/CVE-2024-23667.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23667",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T10:15:13.100",
"lastModified": "2024-06-03T10:15:13.100",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-236xx/CVE-2024-23668.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23668",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T10:15:13.320",
"lastModified": "2024-06-03T10:15:13.320",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-236xx/CVE-2024-23670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23670",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T10:15:13.523",
"lastModified": "2024-06-03T10:15:13.523",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-25xx/CVE-2024-2506.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2506",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-01T07:15:08.393",
"lastModified": "2024-06-01T07:15:08.393",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Popup Builder \u2013 Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Popup Builder \u2013 Create highly converting, mobile friendly marketing popups para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la funcionalidad JS personalizada en todas las versiones hasta la 4.2.7 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-277xx/CVE-2024-27776.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27776",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-06-02T13:15:08.510",
"lastModified": "2024-06-02T13:15:08.510",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MileSight DeviceHub - \n\nCWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE"
},
{
"lang": "es",
"value": "MileSight DeviceHub: CWE-22 La limitaci\u00f3n incorrecta de un nombre de ruta a un directorio restringido (\"Path Traversal\") puede permitir RCE no autenticado"
}
],
"metrics": {

8
CVE-2024/CVE-2024-29xx/CVE-2024-2933.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2933",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-01T02:15:47.727",
"lastModified": "2024-06-01T02:15:47.727",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Social Profiles widget in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Page Builder Gutenberg Blocks \u2013 CoBlocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del widget de perfiles sociales en todas las versiones hasta la 3.1.9 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-314xx/CVE-2024-31493.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31493",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T08:15:09.097",
"lastModified": "2024-06-03T08:15:09.097",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses."
},
{
"lang": "es",
"value": "Una eliminaci\u00f3n inadecuada de informaci\u00f3n confidencial antes de la vulnerabilidad de almacenamiento o transferencia [CWE-212] en FortiSOAR versi\u00f3n 7.3.0, versi\u00f3n 7.2.2 e inferiores, versi\u00f3n 7.0.3 e inferiores puede permitir que un usuario autenticado con privilegios bajos lea las contrase\u00f1as del conector en formato texto plano a trav\u00e9s de respuestas HTTP."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3200.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3200",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-01T09:15:09.453",
"lastModified": "2024-06-01T09:15:09.453",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento wpForo Forum para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del atributo 'slug' del shortcode 'wpforo' en todas las versiones hasta la 2.3.3 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-339xx/CVE-2024-33996.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33996",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T20:15:09.647",
"lastModified": "2024-05-31T20:15:09.647",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to."
},
{
"lang": "es",
"value": "La validaci\u00f3n incorrecta de los tipos de eventos permitidos en un servicio web de calendario hizo posible que algunos usuarios crearan eventos con tipos/audiencias para los que no ten\u00edan permiso para publicar."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-339xx/CVE-2024-33997.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33997",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T20:15:09.797",
"lastModified": "2024-05-31T20:15:09.797",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation."
},
{
"lang": "es",
"value": "Se requiri\u00f3 una sanitizaci\u00f3n adicional al abrir el editor de ecuaciones para evitar un riesgo de XSS almacenado al editar la ecuaci\u00f3n de otro usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-339xx/CVE-2024-33998.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33998",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T20:15:09.890",
"lastModified": "2024-05-31T20:15:09.890",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features."
},
{
"lang": "es",
"value": "El escape insuficiente de los nombres de los participantes en la tabla de p\u00e1ginas de participantes result\u00f3 en un riesgo XSS almacenado al interactuar con algunas funciones."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-339xx/CVE-2024-33999.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33999",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T20:15:09.987",
"lastModified": "2024-05-31T20:15:09.987",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The referrer URL used by MFA required additional sanitizing, rather than being used directly."
},
{
"lang": "es",
"value": "La URL de referencia utilizada por MFA requiri\u00f3 una sanitizaci\u00f3n adicional, en lugar de usarse directamente."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34000.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34000",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T20:15:10.080",
"lastModified": "2024-05-31T20:15:10.080",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk."
},
{
"lang": "es",
"value": "Los n\u00fameros de identificaci\u00f3n que se muestran en el informe de descripci\u00f3n general de la lecci\u00f3n requirieron una sanitizaci\u00f3n adicional para evitar un riesgo de XSS almacenado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34001.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34001",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T20:15:10.183",
"lastModified": "2024-05-31T20:15:10.183",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk."
},
{
"lang": "es",
"value": "Las acciones en la herramienta preestablecida de administraci\u00f3n no inclu\u00edan el token necesario para evitar un riesgo CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34002.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34002",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.130",
"lastModified": "2024-05-31T21:15:09.130",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include."
},
{
"lang": "es",
"value": "En un entorno de alojamiento compartido que ha sido mal configurado para permitir el acceso al contenido de otros usuarios, un usuario de Moodle con acceso para restaurar m\u00f3dulos de retroalimentaci\u00f3n y acceso directo al servidor web fuera de la ra\u00edz web de Moodle podr\u00eda ejecutar una inclusi\u00f3n de archivo local."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34003.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34003",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.240",
"lastModified": "2024-05-31T21:15:09.240",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include."
},
{
"lang": "es",
"value": "En un entorno de alojamiento compartido que ha sido mal configurado para permitir el acceso al contenido de otros usuarios, un usuario de Moodle con acceso para restaurar m\u00f3dulos de taller y acceso directo al servidor web fuera de la ra\u00edz web de Moodle podr\u00eda ejecutar una inclusi\u00f3n de archivo local."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34004.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34004",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.340",
"lastModified": "2024-05-31T21:15:09.340",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include."
},
{
"lang": "es",
"value": "En un entorno de alojamiento compartido que ha sido mal configurado para permitir el acceso al contenido de otros usuarios, un usuario de Moodle con acceso para restaurar m\u00f3dulos wiki y acceso directo al servidor web fuera de la ra\u00edz web de Moodle podr\u00eda ejecutar una inclusi\u00f3n de archivo local."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34005.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34005",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.440",
"lastModified": "2024-05-31T21:15:09.440",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include."
},
{
"lang": "es",
"value": "En un entorno de alojamiento compartido que ha sido mal configurado para permitir el acceso al contenido de otros usuarios, un usuario de Moodle con acceso para restaurar los m\u00f3dulos de actividad de la base de datos y acceso directo al servidor web fuera de la ra\u00edz web de Moodle podr\u00eda ejecutar una inclusi\u00f3n de archivo local."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34006.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34006",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.533",
"lastModified": "2024-05-31T21:15:09.533",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered."
},
{
"lang": "es",
"value": "El informe de registro del sitio requiri\u00f3 codificaci\u00f3n adicional de las descripciones de eventos para garantizar que cualquier HTML en el contenido se muestre en texto plano en lugar de representarse."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34007.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34007",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.647",
"lastModified": "2024-05-31T21:15:09.647",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF."
},
{
"lang": "es",
"value": "La opci\u00f3n de cierre de sesi\u00f3n dentro de MFA no inclu\u00eda el token necesario para evitar el riesgo de que los usuarios cerraran sesi\u00f3n sin darse cuenta a trav\u00e9s de CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34008.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34008",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.743",
"lastModified": "2024-05-31T21:15:09.743",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk."
},
{
"lang": "es",
"value": "Las acciones en la gesti\u00f3n administrativa de los modelos de an\u00e1lisis no incluyeron el token necesario para prevenir un riesgo CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34009.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34009",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.833",
"lastModified": "2024-05-31T21:15:09.833",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized."
},
{
"lang": "es",
"value": "Las comprobaciones insuficientes de si ReCAPTCHA estaba habilitado hicieron posible eludir las comprobaciones en la p\u00e1gina de inicio de sesi\u00f3n. Esto no afect\u00f3 a otras p\u00e1ginas donde se utiliza ReCAPTCHA."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-343xx/CVE-2024-34385.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34385",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T12:15:08.870",
"lastModified": "2024-06-03T12:15:08.870",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34754.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34754",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:08.743",
"lastModified": "2024-06-03T11:15:08.743",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34764",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T12:15:09.120",
"lastModified": "2024-06-03T12:15:09.120",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34766",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T12:15:09.357",
"lastModified": "2024-06-03T12:15:09.357",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34767",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T12:15:09.610",
"lastModified": "2024-06-03T12:15:09.610",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34769.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34769",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T12:15:09.867",
"lastModified": "2024-06-03T12:15:09.867",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34770",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T12:15:10.120",
"lastModified": "2024-06-03T12:15:10.120",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34789.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34789",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:09.003",
"lastModified": "2024-06-03T11:15:09.003",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34790.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34790",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:09.233",
"lastModified": "2024-06-03T11:15:09.233",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34791",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:09.467",
"lastModified": "2024-06-03T11:15:09.467",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34793.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34793",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:09.687",
"lastModified": "2024-06-03T11:15:09.687",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34794.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34794",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:09.917",
"lastModified": "2024-06-03T11:15:09.917",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34795.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34795",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:10.133",
"lastModified": "2024-06-03T11:15:10.133",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34796.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34796",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:10.360",
"lastModified": "2024-06-03T11:15:10.360",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34797.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34797",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:10.580",
"lastModified": "2024-06-03T11:15:10.580",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-347xx/CVE-2024-34798.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34798",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:10.813",
"lastModified": "2024-06-03T11:15:10.813",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-348xx/CVE-2024-34801.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34801",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:11.040",
"lastModified": "2024-06-03T11:15:11.040",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-348xx/CVE-2024-34803.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34803",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:11.270",
"lastModified": "2024-06-03T11:15:11.270",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-356xx/CVE-2024-35630.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35630",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:11.520",
"lastModified": "2024-06-03T11:15:11.520",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-356xx/CVE-2024-35631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35631",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T11:15:11.740",
"lastModified": "2024-06-03T11:15:11.740",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-356xx/CVE-2024-35632.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35632",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T12:15:10.367",
"lastModified": "2024-06-03T12:15:10.367",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-356xx/CVE-2024-35633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35633",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T10:15:13.720",
"lastModified": "2024-06-03T10:15:13.720",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-356xx/CVE-2024-35635.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35635",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T10:15:14.050",
"lastModified": "2024-06-03T10:15:14.050",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-356xx/CVE-2024-35636.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35636",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-01T09:15:08.983",
"lastModified": "2024-06-01T09:15:08.983",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery (beta) uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery (beta): from n/a through 3.0.11."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Uploadcare File Uploader y Adaptive Delivery (beta). Este problema afecta a Uploadcare File Uploader y Adaptive Delivery (beta): desde n/a hasta 3.0.11."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35637.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35637",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T09:15:09.390",
"lastModified": "2024-06-03T09:15:09.390",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6."
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Church Admin. Este problema afecta a Church Admin: desde n/a hasta 4.3.6."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35638.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35638",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T09:15:09.703",
"lastModified": "2024-06-03T09:15:09.703",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en JumpDEMAND Inc. ActiveDEMAND. Este problema afecta a ActiveDEMAND: desde n/a hasta 0.2.43."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35639.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35639",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T09:15:09.947",
"lastModified": "2024-06-03T09:15:09.947",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through 1.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Webliberty Simple Spoiler permite XSS almacenado. Este problema afecta a Simple Spoiler: desde n/a hasta 1.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35640.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35640",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T08:15:09.330",
"lastModified": "2024-06-03T08:15:09.330",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tomas Cordero Safety Exit allows Stored XSS.This issue affects Safety Exit: from n/a through 1.7.0."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Tomas Cordero Safety Exit permite XSS almacenado. Este problema afecta a Safety Exit: desde n/a hasta 1.7.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35641.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35641",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T07:15:09.100",
"lastModified": "2024-06-03T07:15:09.100",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GregRoss Just Writing Statistics allows Stored XSS.This issue affects Just Writing Statistics: from n/a through 4.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en GregRoss Just Writing Statistics permite almacenar XSS. Este problema afecta a Just Writing Statistics: desde n/a hasta 4.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35642.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35642",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T07:15:09.560",
"lastModified": "2024-06-03T07:15:09.560",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Bryan Hadaway Site Favicon permite almacenar XSS. Este problema afecta a Site Favicon: desde n/a hasta 0.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35643.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35643",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T07:15:09.850",
"lastModified": "2024-06-03T07:15:09.850",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Xabier Miranda WP Back Button allows Stored XSS.This issue affects WP Back Button: from n/a through 1.1.3."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Xabier Miranda WP Back Button permite almacenar XSS. Este problema afecta a WP Back Button: desde n/a hasta 1.1.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35645.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35645",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-02T00:15:37.840",
"lastModified": "2024-06-02T00:15:37.840",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vinoth06 Random Banner allows Stored XSS.This issue affects Random Banner: from n/a through 4.2.8."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en vinoth06 Random Banner permite almacenar XSS. Este problema afecta a Random Banner: desde n/a hasta 4.2.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35646.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35646",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-02T00:15:38.097",
"lastModified": "2024-06-02T00:15:38.097",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smartarget Smartarget Message Bar allows Stored XSS.This issue affects Smartarget Message Bar: from n/a through 1.3."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Smartarget Smartarget Message Bar permite almacenar XSS. Este problema afecta a la barra de mensajes Smartarget: desde n/a hasta 1.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-356xx/CVE-2024-35647.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35647",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-02T00:15:38.310",
"lastModified": "2024-06-02T00:15:38.310",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Notification Bar allows Stored XSS.This issue affects Global Notification Bar: from n/a through 1.0.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Global Notification Bar permite almacenar XSS. Este problema afecta a Global Notification Bar: desde n/a hasta 1.0.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-35xx/CVE-2024-3564.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3564",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-01T04:15:08.743",
"lastModified": "2024-06-01T04:15:08.743",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
},
{
"lang": "es",
"value": "El complemento Content Blocks (Widget de publicaci\u00f3n personalizado) para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 3.3.0 incluida a trav\u00e9s del c\u00f3digo corto 'content_block' del complemento. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, incluyan y ejecuten archivos arbitrarios en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en los casos en que se puedan cargar e incluir im\u00e1genes y otros tipos de archivos \"seguros\"."
}
],
"metrics": {

8
CVE-2024/CVE-2024-35xx/CVE-2024-3565.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3565",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-01T04:15:09.000",
"lastModified": "2024-06-01T04:15:09.000",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_block' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Content Blocks (Widget de publicaci\u00f3n personalizado) para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'content_block' del complemento en todas las versiones hasta la 3.3.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-360xx/CVE-2024-36042.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36042",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-03T06:15:09.293",
"lastModified": "2024-06-03T06:15:09.293",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access."
},
{
"lang": "es",
"value": "Silverpeas anterior a 6.3.5 permite omitir la autenticaci\u00f3n omitiendo el campo Contrase\u00f1a en AuthenticationServlet, lo que a menudo proporciona a un usuario no autenticado acceso de superadministrador."
}
],
"metrics": {},

71
CVE-2024/CVE-2024-361xx/CVE-2024-36123.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-36123",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-03T15:15:08.843",
"lastModified": "2024-06-03T15:15:08.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterface` permission, or sysops). This vulnerability is fixed in 2.16.0.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L190-L195",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L197-L201",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4a43280242f33e54643087da4a7f40970d2640c9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/releases",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-361xx/CVE-2024-36124.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-36124",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-03T15:15:09.090",
"lastModified": "2024-06-03T15:15:09.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/dain/snappy/security/advisories/GHSA-8wh2-6qhj-h7j9",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-361xx/CVE-2024-36127.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-36127",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-03T15:15:09.307",
"lastModified": "2024-06-03T15:15:09.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
},
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://github.com/chainguard-dev/apko/commit/2c0533e4d52e83031a04f6a83ec63fc2a11eff01",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-361xx/CVE-2024-36128.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-36128",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-03T15:15:09.547",
"lastModified": "2024-06-03T15:15:09.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2024/CVE-2024-363xx/CVE-2024-36388.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36388",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-06-02T14:15:08.683",
"lastModified": "2024-06-02T14:15:08.683",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MileSight DeviceHub - \n\n\n\nCWE-305 Missing Authentication for Critical Function"
},
{
"lang": "es",
"value": "MileSight DeviceHub - Falta autenticaci\u00f3n CWE-305 para funci\u00f3n cr\u00edtica"
}
],
"metrics": {

8
CVE-2024/CVE-2024-363xx/CVE-2024-36389.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36389",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-06-02T14:15:08.933",
"lastModified": "2024-06-02T14:15:08.933",
"vulnStatus": "Received",
"lastModified": "2024-06-03T14:46:24.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MileSight DeviceHub - \n\n\n\n\n\nCWE-330 Use of Insufficiently Random Values may allow Authentication Bypass"
},
{
"lang": "es",
"value": "MileSight DeviceHub: CWE-330 El uso de valores insuficientemente aleatorios puede permitir la omisi\u00f3n de autenticaci\u00f3n"
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More