admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-03T04:01:59.096372+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-03 04:04:51 +00:00
parent 44c903429f
commit 19854e81eb
468 changed files with 17511 additions and 2570 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2024/CVE-2024-30xx/CVE-2024-3050.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3050",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-29T06:18:32.417",
"lastModified": "2024-05-29T13:02:09.280",
"lastModified": "2024-07-03T02:05:56.890",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "El complemento Site Reviews de WordPress anterior a 7.0.0 recupera direcciones IP de clientes de encabezados potencialmente no confiables, lo que permite a un atacante manipular su valor. Esto puede usarse para evitar el bloqueo basado en IP."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/04c1581e-fd36-49d4-8463-b49915d4b1ac/",

28
CVE-2024/CVE-2024-30xx/CVE-2024-3059.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3059",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-26T05:15:50.360",
"lastModified": "2024-04-26T12:58:17.720",
"lastModified": "2024-07-03T02:05:57.660",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "El complemento ENL Newsletter de WordPress hasta la versi\u00f3n 1.0.1 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los administradores registrados eliminen campa\u00f1as arbitrarias mediante un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/e154096d-e9b7-43ba-9a34-81a6c431025c/",

40
CVE-2024/CVE-2024-30xx/CVE-2024-3060.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3060",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-26T05:15:50.397",
"lastModified": "2024-04-26T12:58:17.720",
"lastModified": "2024-07-03T02:05:57.883",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "El complemento ENL Newsletter de WordPress hasta la versi\u00f3n 1.0.1 no sanitiza ni escapa un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que permite a admin+ realizar ataques de inyecci\u00f3n SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7740646d-f3ea-4fc7-b35e-8b4a6821e178/",

28
CVE-2024/CVE-2024-31xx/CVE-2024-3157.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3157",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-04-10T19:15:49.623",
"lastModified": "2024-04-19T23:15:11.593",
"lastModified": "2024-07-03T02:06:02.227",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "El acceso a la memoria fuera de los l\u00edmites en Compositing en Google Chrome anterior a 123.0.6312.122 permit\u00eda a un atacante remoto que hab\u00eda comprometido el proceso de la GPU realizar potencialmente un escape de la zona de pruebas mediante gestos espec\u00edficos de la interfaz de usuario. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html",

78
CVE-2024/CVE-2024-326xx/CVE-2024-32673.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-32673",
"sourceIdentifier": "PSIRT@samsung.com",
"published": "2024-07-03T02:15:10.297",
"lastModified": "2024-07-03T02:15:10.297",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.\n\nThis issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "PSIRT@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NO",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 0.0,
"baseSeverity": "NONE"
}
}
]
},
"weaknesses": [
{
"source": "PSIRT@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"references": [
{
"url": "https://github.com/Samsung/walrus/pull/241",
"source": "PSIRT@samsung.com"
}
]
}

28
CVE-2024/CVE-2024-32xx/CVE-2024-3236.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3236",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-17T06:15:08.923",
"lastModified": "2024-06-17T12:42:04.623",
"lastModified": "2024-07-03T02:06:05.707",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "El complemento Popup Builder de WordPress anterior a 1.1.33 no sanitiza ni escapa a algunos de sus campos de notificaci\u00f3n, lo que podr\u00eda permitir a usuarios como colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/a6c2da28-dc03-4bcc-a6c3-ee55a73861db/",

28
CVE-2024/CVE-2024-32xx/CVE-2024-3265.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3265",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-25T22:15:09.043",
"lastModified": "2024-04-26T12:58:17.720",
"lastModified": "2024-07-03T02:06:07.057",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "El complemento Advanced Search de WordPres hasta la versi\u00f3n 1.1.6 no escapa correctamente a los par\u00e1metros agregados a una consulta SQL, lo que hace posible que los usuarios con funci\u00f3n de administrador realicen ataques de inyecci\u00f3n SQL en el contexto de configuraciones de WordPress multisitio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/",

28
CVE-2024/CVE-2024-33xx/CVE-2024-3302.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3302",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-04-16T16:15:08.310",
"lastModified": "2024-04-24T10:15:07.417",
"lastModified": "2024-07-03T02:06:08.953",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "No hab\u00eda l\u00edmite para la cantidad de frames de CONTINUATION HTTP/2 que se procesar\u00edan. Un servidor podr\u00eda abusar de esto para crear una condici\u00f3n de falta de memoria en el navegador. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881183",

15
CVE-2024/CVE-2024-33xx/CVE-2024-3323.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3323",
"sourceIdentifier": "security@tibco.com",
"published": "2024-04-17T19:15:08.177",
"lastModified": "2024-04-17T20:08:21.887",
"lastModified": "2024-07-03T02:06:09.693",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -38,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://community.tibco.com/advisories/tibco-security-advisory-april-9-2024-tibco-jasperreports-server-cve-2024-3323-r209/",

28
CVE-2024/CVE-2024-344xx/CVE-2024-34461.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34461",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-04T05:15:06.600",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:09.560",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "Zenario anterior a 9.5.60437 usa filtros Twig de forma insegura en el complemento Twig Snippet y en los elementos HEAD y BODY de todo el sitio, lo que permite la ejecuci\u00f3n de c\u00f3digo por parte de un dise\u00f1ador o administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://zenar.io/zenario-9/blog/zenario-9560437-patch-released",

40
CVE-2024/CVE-2024-344xx/CVE-2024-34462.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34462",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-04T19:15:46.510",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:09.780",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Alinto SOGo hasta 5.10.0 permite XSS durante la vista previa del archivo adjunto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920",

40
CVE-2024/CVE-2024-344xx/CVE-2024-34470.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34470",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T15:15:24.520",
"lastModified": "2024-05-06T16:00:59.253",
"lastModified": "2024-07-03T02:00:10.887",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en HSC Mailinspector 5.2.17-3 hasta v.5.2.18. Existe una vulnerabilidad de path traversal no autenticada en el archivo /public/loader.php. El par\u00e1metro de ruta no filtra adecuadamente si el archivo y el directorio pasados son parte de la ra\u00edz web, lo que permite a un atacante leer archivos arbitrarios en el servidor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://github.com/osvaldotenorio/CVE-2024-34470",

40
CVE-2024/CVE-2024-344xx/CVE-2024-34471.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34471",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T16:15:14.137",
"lastModified": "2024-05-06T19:53:38.797",
"lastModified": "2024-07-03T02:00:12.450",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en HSC Mailinspector 5.2.17-3. Existe una vulnerabilidad de Path Traversal (que provoca la eliminaci\u00f3n de archivos) en el archivo mliRealtimeEmails.php. El par\u00e1metro de nombre de archivo en la funcionalidad de exportaci\u00f3n HTML no valida correctamente la ubicaci\u00f3n del archivo, lo que permite a un atacante leer y eliminar archivos arbitrarios en el servidor. Esto se observ\u00f3 cuando el archivo mliRealtimeEmails.php fue le\u00eddo y posteriormente eliminado, lo que result\u00f3 en un error 404 para el archivo y la interrupci\u00f3n de la carga de la informaci\u00f3n del correo electr\u00f3nico."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/osvaldotenorio/CVE-2024-34471",

40
CVE-2024/CVE-2024-344xx/CVE-2024-34472.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34472",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T15:15:24.573",
"lastModified": "2024-05-06T16:00:59.253",
"lastModified": "2024-07-03T02:00:13.630",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en HSC Mailinspector 5.2.17-3 hasta v.5.2.18. Existe una vulnerabilidad de inyecci\u00f3n SQL ciega autenticada en el archivo mliRealtimeEmails.php. El par\u00e1metro ordemGrid en una solicitud POST a /mailinspector/mliRealtimeEmails.php no sanitiza adecuadamente la entrada, lo que permite a un atacante autenticado ejecutar comandos SQL arbitrarios, lo que lleva a la posible divulgaci\u00f3n de toda la base de datos de la aplicaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/osvaldotenorio/CVE-2024-34472",

40
CVE-2024/CVE-2024-344xx/CVE-2024-34475.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34475",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T00:15:07.280",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:14.950",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Open5GS anterior a 2.7.1 es vulnerable a una afirmaci\u00f3n accesible que puede causar una falla de AMF a trav\u00e9s de mensajes NAS desde un UE: gmm_state_authentication en amf/gmm-sm.c para != OGS_ERROR."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"references": [
{
"url": "https://github.com/open5gs/open5gs/compare/v2.7.0...v2.7.1",

40
CVE-2024/CVE-2024-344xx/CVE-2024-34483.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34483",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T02:15:06.613",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:16.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "OFPGroupDescStats en parser.py en Faucet SDN Ryu 4.34 permite a los atacantes provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de OFPBucket.len=0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/faucetsdn/ryu/issues/193",

40
CVE-2024/CVE-2024-344xx/CVE-2024-34488.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34488",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T03:15:07.207",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:17.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "OFPMultipartReply en parser.py en Faucet SDN Ryu 4.34 permite a atacantes provocar una denegaci\u00f3n de servicio (bucle infinito) mediante b.length=0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"references": [
{
"url": "https://github.com/faucetsdn/ryu/issues/191",

40
CVE-2024/CVE-2024-344xx/CVE-2024-34489.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34489",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T03:15:07.250",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:18.727",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "OFPHello en parser.py en Faucet SDN Ryu 4.34 permite a los atacantes provocar una denegaci\u00f3n de servicio (bucle infinito) mediante longitud=0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"references": [
{
"url": "https://github.com/faucetsdn/ryu/issues/195",

40
CVE-2024/CVE-2024-344xx/CVE-2024-34490.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34490",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T03:15:07.293",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:19.953",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "En Maxima hasta 5.47.0 anterior a 51704c, las funciones de trazado utilizan nombres predecibles en /tmp. Por lo tanto, los contenidos pueden estar controlados por un atacante local que puede crear archivos de antemano con estos nombres. Esto afecta, por ejemplo, a plot2d."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-377"
}
]
}
],
"references": [
{
"url": "https://sourceforge.net/p/maxima/bugs/3755/",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34506.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34506",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T19:15:07.253",
"lastModified": "2024-06-10T17:16:29.427",
"lastModified": "2024-07-03T02:00:21.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en include/specials/SpecialMovePage.php en MediaWiki antes de 1.39.7, 1.40.x antes de 1.40.3 y 1.41.x antes de 1.41.1. Si un usuario con los derechos necesarios para mover la p\u00e1gina abre Special:MovePage para una p\u00e1gina con decenas de miles de subp\u00e1ginas, entonces la p\u00e1gina exceder\u00e1 el tiempo m\u00e1ximo de solicitud, lo que provocar\u00e1 una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34507.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34507",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T19:15:07.307",
"lastModified": "2024-06-10T17:16:29.483",
"lastModified": "2024-07-03T02:00:22.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en include/CommentFormatter/CommentParser.php en MediaWiki antes de 1.39.7, 1.40.x antes de 1.40.3 y 1.41.x antes de 1.41.1. XSS puede ocurrir debido a un mal manejo del car\u00e1cter 0x1b, como lo demuestra Special:RecentChanges#%1b0000000."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34517.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34517",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-07T18:15:08.467",
"lastModified": "2024-06-05T20:15:13.430",
"lastModified": "2024-07-03T02:00:23.917",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "El componente Cypher en Neo4j anterior a 5.19.0 maneja mal los privilegios IMMUTABLES."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-p343-9qwp-pqxv",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34519.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34519",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T22:15:07.563",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:25.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Avantra Server 24.x anterior a 24.0.7 y 24.1.x anterior a 24.1.1 gestiona mal la seguridad de los paneles, tambi\u00e9n conocido como XAN-5367. Si un usuario puede crear un panel con un usuario que inicia sesi\u00f3n autom\u00e1ticamente, es posible que se divulguen datos. El control de acceso se puede omitir cuando hay un panel compartido y su usuario de inicio de sesi\u00f3n autom\u00e1tico tiene privilegios que un visitante del panel no deber\u00eda tener."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-289"
}
]
}
],
"references": [
{
"url": "https://docs.avantra.com/release-notes/24/changes.html",

47
CVE-2024/CVE-2024-345xx/CVE-2024-34523.json
View File

@ -2,8 +2,16 @@
"id": "CVE-2024-34523",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-07T15:15:09.930",
"lastModified": "2024-06-04T19:20:01.453",
"lastModified": "2024-07-03T02:00:26.050",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
@ -14,7 +22,42 @@
"value": "AChecker 1.5 permite a atacantes remotos leer el contenido de archivos arbitrarios a trav\u00e9s del par\u00e1metro de ruta download.php utilizando Unuthenticated Path Traversal. Esto ocurre a trav\u00e9s de readfile en PHP. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/inclusive-design/AChecker/blob/main/checker/download.php",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34524.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34524",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T00:15:10.073",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:27.283",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "En XLANG OpenAgents hasta fe73ac4, el mecanismo de protecci\u00f3n de archivos permitidos se puede omitir utilizando una extensi\u00f3n de archivo incorrecta para la naturaleza del contenido del archivo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://github.com/xlang-ai/OpenAgents/blob/880e26adfe380e999962fc645fc8fc80bd72f103/backend/utils/utils.py#L31",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34525.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34525",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T00:15:10.143",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:29.427",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "FileCodeBox 2.0 almacena una contrase\u00f1a de OneDrive y una clave de AWS en un archivo env de texto sin cifrar."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-591"
}
]
}
],
"references": [
{
"url": "https://github.com/vastsa/FileCodeBox/issues/133",

15
CVE-2024/CVE-2024-345xx/CVE-2024-34529.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34529",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T00:15:10.320",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:30.540",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,6 +16,18 @@
}
],
"metrics": {},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/nebari-dev/nebari/blob/5463e8df9e8d53a266a7b9d3d4e27353ec43c40b/src/_nebari/deploy.py#L71",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34532.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34532",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T21:15:48.637",
"lastModified": "2024-05-07T13:39:32.710",
"lastModified": "2024-07-03T02:00:31.917",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Yvan Dotet PostgreSQL Query Deluxe (tambi\u00e9n conocido como query_deluxe) 17.x anterior a 17.0.0.4 permite a un atacante remoto obtener privilegios a trav\u00e9s del par\u00e1metro de consulta para models/querydeluxe.py:QueryDeluxe::get_result_from_query."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/luvsn/OdZoo/tree/main/exploits/query_deluxe",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34533.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34533",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T21:15:48.687",
"lastModified": "2024-05-07T13:39:32.710",
"lastModified": "2024-07-03T02:00:33.137",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo ZI PT Solusi Usaha Mudah Analytic Data Query (tambi\u00e9n conocido como izi_data) 11.0 a 17.x anterior a 17.0.3 permite a un atacante remoto obtener privilegios a trav\u00e9s de una consulta a IZITools::query_check, IZITools::query_fetch o IZITools. ::query_execute."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/luvsn/OdZoo/tree/main/exploits/izi_data",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34534.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34534",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T21:15:48.737",
"lastModified": "2024-05-07T13:39:32.710",
"lastModified": "2024-07-03T02:00:34.370",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Text Commander de Cybrosys Techno Solutions (tambi\u00e9n conocido como text_commander) 16.0 a 16.0.1 permite a un atacante remoto obtener privilegios a trav\u00e9s del par\u00e1metro de datos para models/ir_model.py:IrModel::chech_model."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/luvsn/OdZoo/tree/main/exploits/text_commander",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34538.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34538",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-06T03:15:10.010",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-07-03T02:00:35.197",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Mateso PasswordSafe hasta 8.13.9.26689 tiene criptograf\u00eda d\u00e9bil."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
}
],
"references": [
{
"url": "https://hansesecure.de/2023/02/schwachstelle-in-passwordsafe-mateso/",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34539.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34539",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-14T15:15:50.537",
"lastModified": "2024-06-17T12:42:04.623",
"lastModified": "2024-07-03T02:00:36.057",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Las credenciales codificadas en el firmware TerraMaster TOS hasta la versi\u00f3n 5.1 permiten que un atacante remoto inicie sesi\u00f3n con \u00e9xito en el servidor de correo o webmail. Estas credenciales tambi\u00e9n se pueden utilizar para iniciar sesi\u00f3n en el panel de administraci\u00f3n y realizar acciones privilegiadas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-259"
}
]
}
],
"references": [
{
"url": "https://shinnai.altervista.org/exploits/SH-20240611-CVE-2024-34539.html",

47
CVE-2024/CVE-2024-345xx/CVE-2024-34580.json
View File

@ -2,8 +2,16 @@
"id": "CVE-2024-34580",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T05:15:51.093",
"lastModified": "2024-06-26T16:15:11.437",
"lastModified": "2024-07-03T02:00:39.550",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
@ -14,7 +22,42 @@
"value": "Apache XML Security para C++ hasta 2.0.4 implementa la especificaci\u00f3n de procesamiento y sintaxis de firma XML (XMLDsig) sin protecci\u00f3n contra un payload SSRF en un elemento KeyInfo. NOTA: el proveedor cuestiona este Registro CVE con el argumento de que est\u00e1 implementando la especificaci\u00f3n \"correctamente\" y no tiene \"culpa\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://cloud.google.com/blog/topics/threat-intelligence/apache-library-allows-server-side-request-forgery",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34581.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34581",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T05:15:51.227",
"lastModified": "2024-06-26T12:44:29.693",
"lastModified": "2024-07-03T02:00:40.357",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "La especificaci\u00f3n W3C XML Signature Syntax and Processing (XMLDsig), a partir de 1.0, se public\u00f3 originalmente con una declaraci\u00f3n \"RetrievalMethod es un URI... que puede usarse para obtener informaci\u00f3n de clave y/o certificado\" y sin informaci\u00f3n adjunta sobre los riesgos de SSRF, y esto puede haber contribuido a implementaciones vulnerables como las analizadas en CVE-2023-36661 y CVE-2024-21893. NOTA: esto se mitig\u00f3 en 1.1 y 2.0 a trav\u00e9s de un documento de Mejores Pr\u00e1cticas al que se hace referencia directamente y que pide a los implementadores que tengan cuidado con la SSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2024-21893.md",

40
CVE-2024/CVE-2024-345xx/CVE-2024-34582.json
View File

@ -2,15 +2,51 @@
"id": "CVE-2024-34582",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-16T15:15:47.760",
"lastModified": "2024-05-16T15:44:44.683",
"lastModified": "2024-07-03T02:00:41.190",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/silent6trinity/CVE-2024-34582",

40
CVE-2024/CVE-2024-348xx/CVE-2024-34852.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34852",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T17:15:10.303",
"lastModified": "2024-05-29T13:02:09.280",
"lastModified": "2024-07-03T02:00:50.907",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "F-logic DataCube3 v1.0 se ve afectado por la inyecci\u00f3n de comandos debido a un filtrado inadecuado de cadenas en el punto de ejecuci\u00f3n del comando en el archivo ./admin/transceiver_schedule.php. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad enviando un nombre de archivo que contenga una inyecci\u00f3n de comando. La explotaci\u00f3n exitosa de esta vulnerabilidad puede permitir al atacante ejecutar comandos del sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md",

40
CVE-2024/CVE-2024-348xx/CVE-2024-34854.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34854",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T17:15:10.373",
"lastModified": "2024-05-29T13:02:09.280",
"lastModified": "2024-07-03T02:00:51.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "F-logic DataCube3 v1.0 es vulnerable a la carga de archivos a trav\u00e9s de `/admin/transceiver_schedule.php.`"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md",

35
CVE-2024/CVE-2024-349xx/CVE-2024-34909.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34909",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-15T20:15:13.570",
"lastModified": "2024-05-23T20:56:30.393",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-03T02:00:52.603",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -35,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -52,6 +73,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

40
CVE-2024/CVE-2024-349xx/CVE-2024-34914.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34914",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T16:17:30.530",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-07-03T02:00:53.427",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que php-censor v2.1.4 y corregido en v.2.1.5 utiliza un algoritmo hash d\u00e9bil para su valor Remember_key. Esto permite a los atacantes aplicar fuerza bruta al valor de recordar_clave para obtener acceso a cuentas que han marcado \"recordarme\" al iniciar sesi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-328"
}
]
}
],
"references": [
{
"url": "https://chmod744.super.site/redacted-vulnerability",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34919.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34919",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-17T14:15:10.963",
"lastModified": "2024-05-17T18:35:35.070",
"lastModified": "2024-07-03T02:00:54.243",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": " Una vulnerabilidad de carga de archivos arbitrarios en el componente \\modstudent\\controller.php de Pisay Online E-Learning System usando PHP/MySQL v1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/CveSecLook/cve/issues/20",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34921.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34921",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:37.937",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-07-03T02:00:55.040",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que TOTOLINK X5000R v9.1.0cu.2350_B20230313 conten\u00eda una inyecci\u00f3n de comando a trav\u00e9s de la funci\u00f3n de desconexi\u00f3nVPN."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/cainiao159357/x5000r_poc/blob/main/README.md",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34927.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34927",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T17:15:29.373",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-07-03T02:00:55.873",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /model/update_classroom.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro de nombre."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34928.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34928",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T17:15:29.460",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-07-03T02:00:56.653",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /model/update_subject_routing.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro de calificaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34930.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34930",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T17:15:29.830",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-07-03T02:00:57.490",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /model/all_events1.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro mes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34933.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34933",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T17:15:30.107",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-07-03T02:00:58.450",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /model/update_grade.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro admission_fee."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34943.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34943",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:38.153",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-07-03T02:00:59.257",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que Tenda FH1206 V1.2.0.8(8155)_EN contiene una vulnerabilidad de desbordamiento del b\u00fafer basada en pila a trav\u00e9s del par\u00e1metro de p\u00e1gina en ip/goform/NatStaticSetting."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://palm-vertebra-fe9.notion.site/fromNatStaticSetting-fae26e1bfbe64b49a46230a629b6d198",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34945.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34945",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:38.660",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-07-03T02:01:00.147",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que Tenda FH1206 V1.2.0.8(8155)_EN contiene una vulnerabilidad de desbordamiento del b\u00fafer basada en pila a trav\u00e9s del par\u00e1metro PPW en ip/goform/WizardHandle."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://palm-vertebra-fe9.notion.site/fromWizardHandle-98e188c072984620a907ea5df0d80ad5",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34946.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34946",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:38.767",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-07-03T02:01:00.960",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que Tenda FH1206 V1.2.0.8(8155)_EN contiene una vulnerabilidad de desbordamiento del b\u00fafer basada en pila a trav\u00e9s del par\u00e1metro de p\u00e1gina en ip/goform/DhcpListClient."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://palm-vertebra-fe9.notion.site/fromDhcpListClient_page-c9ee71f670534555a5ef2d99320da48e",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34950.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34950",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T16:17:30.633",
"lastModified": "2024-05-15T16:15:10.333",
"lastModified": "2024-07-03T02:01:01.753",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que D-Link DIR-822+ v1.0.5 contiene una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n SetNetworkTomographySettings. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://dear-sunshine-ba5.notion.site/D-Link-DIR-822-v1-0-5-Stack-Overflow-e77ff3d9c31f4a98bfa0fa71eca54000",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34953.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34953",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-20T14:15:09.580",
"lastModified": "2024-05-20T15:17:54.513",
"lastModified": "2024-07-03T02:01:02.633",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Un problema en taurusxin ncmdump v1.3.2 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante el agotamiento de la memoria al proporcionar un archivo .ncm manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.assets/image-20240505161831080.png",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34954.json
View File

@ -2,15 +2,51 @@
"id": "CVE-2024-34954",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-15T15:15:08.193",
"lastModified": "2024-05-15T16:40:19.330",
"lastModified": "2024-07-03T02:01:03.443",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/ethicalhackerNL/CVEs/blob/main/Budget%20Management/XSS/XSS.md",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34955.json
View File

@ -2,15 +2,51 @@
"id": "CVE-2024-34955",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-15T15:15:08.287",
"lastModified": "2024-05-15T16:40:19.330",
"lastModified": "2024-07-03T02:01:04.230",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ethicalhackerNL/CVEs/blob/main/Budget%20Management/SQLi.md",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34958.json
View File

@ -2,15 +2,51 @@
"id": "CVE-2024-34958",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-16T15:15:48.050",
"lastModified": "2024-05-16T15:44:44.683",
"lastModified": "2024-07-03T02:01:05.013",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/Gr-1m/cms/blob/main/2.md",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34959.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34959",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-17T20:15:07.243",
"lastModified": "2024-05-20T13:00:34.807",
"lastModified": "2024-07-03T02:01:05.837",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": " DedeCMS V5.7.113 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de sys_data_replace.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gitee.com/upgogo/s123/issues/I9MARO",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34974.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34974",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:38.873",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-07-03T02:01:06.613",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Tenda AC18 v15.03.05.19 es vulnerable al desbordamiento del b\u00fafer en la funci\u00f3n formSetPPTPServer a trav\u00e9s del par\u00e1metro endIp."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/hunzi0/Vullnfo/tree/main/Tenda/AC18/formSetPPTPServer",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34988.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34988",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T23:15:10.527",
"lastModified": "2024-06-25T12:24:17.873",
"lastModified": "2024-07-03T02:01:07.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo \"Completo para crear una cotizaci\u00f3n en Frontend + Backend Pro\" (askforaquotemodul) <= 1.0.51 de Comprar complementos para PrestaShop permite a atacantes ver informaci\u00f3n confidencial y causar otros impactos a trav\u00e9s de los m\u00e9todos `AskforaquotemodulcustomernewquoteModuleFrontController::run() `, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().`"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/06/20/askforaquotemodul.html",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34989.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34989",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-21T22:15:10.947",
"lastModified": "2024-06-24T12:57:36.513",
"lastModified": "2024-07-03T02:01:08.240",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "En el m\u00f3dulo Evoluci\u00f3n del cat\u00e1logo RSI PDF/HTML (prestapdf) <= 7.0.0 de RSI para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL a trav\u00e9s de `PrestaPDFProductListModuleFrontController::queryDb().'"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/06/20/prestapdf.html",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34991.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34991",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T22:15:10.290",
"lastModified": "2024-06-25T12:24:17.873",
"lastModified": "2024-07-03T02:01:09.030",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "En el m\u00f3dulo \"Axepta\" (axepta) anterior a 1.3.4 de Quadra Informatique para PrestaShop, un invitado puede descargar informaci\u00f3n parcial de la tarjeta de cr\u00e9dito (fecha de vencimiento) / direcci\u00f3n postal / correo electr\u00f3nico / etc. sin restricciones debido a la falta de control de permisos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/06/20/axepta.html",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34992.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34992",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T23:15:10.613",
"lastModified": "2024-06-25T12:24:17.873",
"lastModified": "2024-07-03T02:01:09.800",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo \"Help Desk - Customer Support Management System\" (servicio de ayuda) hasta la versi\u00f3n 2.4.0 de los m\u00f3dulos FME para PrestaShop permite a atacantes obtener informaci\u00f3n sensible y causar otros impactos a trav\u00e9s de 'Tickets::getsearchedtickets()'"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2024/06/20/helpdesk.html",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34994.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34994",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-19T21:15:57.130",
"lastModified": "2024-06-20T12:43:25.663",
"lastModified": "2024-07-03T02:01:10.570",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "En el m\u00f3dulo \"Channable\" (channable) hasta la versi\u00f3n 3.2.1 de Channable para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL a trav\u00e9s de `ChannableFeedModuleFrontController::postProcess()`."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-06-18-channable.md",

40
CVE-2024/CVE-2024-349xx/CVE-2024-34995.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-34995",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T16:15:10.460",
"lastModified": "2024-05-24T18:09:20.027",
"lastModified": "2024-07-03T02:01:11.353",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que svnWebUI v1.8.3 conten\u00eda una vulnerabilidad de eliminaci\u00f3n de archivos arbitraria a trav\u00e9s del par\u00e1metro dirTemps en com.cym.controller.UserController#importOver. Esta vulnerabilidad permite a los atacantes eliminar archivos arbitrarios mediante una solicitud POST manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-57"
}
]
}
],
"references": [
{
"url": "https://github.com/cym1102/svnWebUI/issues/8",

40
CVE-2024/CVE-2024-34xx/CVE-2024-3407.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3407",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-15T06:15:11.850",
"lastModified": "2024-05-15T16:40:19.330",
"lastModified": "2024-07-03T02:06:12.480",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "El complemento WP Prayer WordPress hasta la versi\u00f3n 2.0.9 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/262348ab-a335-4acf-8e4d-229fc0b4972f/",

28
CVE-2024/CVE-2024-34xx/CVE-2024-3411.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3411",
"sourceIdentifier": "cret@cert.org",
"published": "2024-04-30T19:15:23.353",
"lastModified": "2024-04-30T19:35:36.960",
"lastModified": "2024-07-03T02:06:13.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "Las implementaciones de sesiones autenticadas de IPMI no proporcionan suficiente aleatoriedad para proteger contra el secuestro de sesiones, lo que permite a un atacante utilizar un ID de sesi\u00f3n de IPMI predecible o un n\u00famero aleatorio de BMC d\u00e9bil para eludir los controles de seguridad utilizando paquetes IPMI falsificados para administrar el dispositivo BMC."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/163057",

40
CVE-2024/CVE-2024-34xx/CVE-2024-3472.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3472",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-02T06:15:50.453",
"lastModified": "2024-05-02T13:27:25.103",
"lastModified": "2024-07-03T02:06:14.580",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "El complemento Modal Window de WordPress anterior a 5.3.10 no tiene activada la verificaci\u00f3n CSRF cuando se eliminan modales de forma masiva, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los elimine mediante un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d42f74dd-520f-40aa-9cf0-3544db9562c7/",

15
CVE-2024/CVE-2024-34xx/CVE-2024-3477.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3477",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-02T06:15:50.950",
"lastModified": "2024-05-02T13:27:25.103",
"lastModified": "2024-07-03T02:06:15.707",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,6 +16,18 @@
}
],
"metrics": {},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ca5e59e6-c500-4129-997b-391cdf9aa9c7/",

28
CVE-2024/CVE-2024-34xx/CVE-2024-3481.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3481",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-02T06:15:51.130",
"lastModified": "2024-05-02T13:27:25.103",
"lastModified": "2024-07-03T02:06:16.693",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "El complemento Counter Box de WordPress anterior a 1.2.4 no tiene comprobaciones CSRF en algunas acciones masivas, lo que podr\u00eda permitir a los atacantes hacer que los administradores que han iniciado sesi\u00f3n realicen acciones no deseadas, como eliminar contadores mediante ataques CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/0c441293-e7f9-4634-8f3a-09925cd2b696/",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35012.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35012",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T16:17:31.100",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-07-03T02:01:12.127",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que idccms v1.35 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /admin/infoType_deal.php?mudi=add&nohrefStr=close."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/Thirtypenny77/cms/blob/main/7.md",

15
CVE-2024/CVE-2024-350xx/CVE-2024-35039.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35039",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-16T15:15:48.137",
"lastModified": "2024-05-16T15:44:44.683",
"lastModified": "2024-07-03T02:01:12.907",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -11,6 +12,18 @@
}
],
"metrics": {},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/ywf7678/cms/blob/main/1.md",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35048.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35048",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:38.973",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-07-03T02:01:13.607",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Un problema en SurveyKing v1.3.1 permite a los atacantes ejecutar un ataque de repetici\u00f3n de sesi\u00f3n despu\u00e9s de que un usuario cambia su contrase\u00f1a."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://github.com/javahuang/SurveyKing/issues/56",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35049.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35049",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:39.080",
"lastModified": "2024-05-14T16:11:39.510",
"lastModified": "2024-07-03T02:01:14.393",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que SurveyKing v1.3.1 mantiene activas las sesiones de los usuarios despu\u00e9s de cerrar sesi\u00f3n. Relacionado con una soluci\u00f3n incompleta para CVE-2022-25590."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://github.com/javahuang/SurveyKing/issues/55",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35050.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35050",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:39.180",
"lastModified": "2024-05-14T16:11:39.510",
"lastModified": "2024-07-03T02:01:15.190",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Un problema en SurveyKing v1.3.1 permite a los atacantes escalar privilegios mediante la reutilizaci\u00f3n del ID de sesi\u00f3n de un usuario que fue eliminado por un administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://github.com/javahuang/SurveyKing/issues/57",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35057.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35057",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-21T18:15:09.820",
"lastModified": "2024-05-22T12:46:53.887",
"lastModified": "2024-07-03T02:01:16.030",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": " Un problema en NASA AIT-Core v2.5.2 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35058.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35058",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-21T18:15:09.903",
"lastModified": "2024-05-22T12:46:53.887",
"lastModified": "2024-07-03T02:01:16.830",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": " Un problema en la funci\u00f3n de espera de API de NASA AIT-Core v2.5.2 permite a los atacantes ejecutar c\u00f3digo arbitrario proporcionando una cadena manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35059.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35059",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-21T19:15:10.240",
"lastModified": "2024-05-22T12:46:53.887",
"lastModified": "2024-07-03T02:01:17.657",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": " Un problema en la librer\u00eda Pickle Python de NASA AIT-Core v2.5.2 permite a los atacantes ejecutar comandos arbitrarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35060.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35060",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-21T19:15:10.313",
"lastModified": "2024-05-22T12:46:53.887",
"lastModified": "2024-07-03T02:01:18.427",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": " Un problema en la librer\u00eda YAML Python de NASA AIT-Core v2.5.2 permite a los atacantes ejecutar comandos arbitrarios proporcionando un archivo YAML manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35061.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35061",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-21T19:15:10.390",
"lastModified": "2024-05-22T18:15:10.133",
"lastModified": "2024-07-03T02:01:19.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que NASA AIT-Core v2.5.2 utiliza canales no cifrados para intercambiar datos a trav\u00e9s de la red, lo que permite a los atacantes ejecutar un ataque man in the middle."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"references": [
{
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35080.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35080",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T19:16:01.470",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-07-03T02:01:19.997",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en el m\u00e9todo gok4 de inxedu v2024.4 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo .jsp manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35080.txt",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35081.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35081",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T17:15:30.457",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-07-03T02:01:20.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que LuckyFrameWeb v3.5.2 conten\u00eda una vulnerabilidad de eliminaci\u00f3n de archivos arbitraria a trav\u00e9s del par\u00e1metro fileName en el m\u00e9todo fileDownload."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "http://www.luckyframe.cn/",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35084.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35084",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T17:15:30.733",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-07-03T02:01:21.793",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que J2EEFAST v2.7.0 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de la funci\u00f3n findPage en SysMsgPushMapper.xml."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35084.txt",

40
CVE-2024/CVE-2024-350xx/CVE-2024-35086.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35086",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T17:15:30.943",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-07-03T02:01:22.567",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que J2EEFAST v2.7.0 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de la funci\u00f3n findPage en BpmTaskFromMapper.xml."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35086.txt",

40
CVE-2024/CVE-2024-351xx/CVE-2024-35108.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35108",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-15T02:15:08.143",
"lastModified": "2024-05-15T16:40:19.330",
"lastModified": "2024-07-03T02:01:23.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que idccms v1.35 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/FirstLIF/cms/blob/main/1.md",

40
CVE-2024/CVE-2024-351xx/CVE-2024-35109.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35109",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-15T02:15:08.840",
"lastModified": "2024-05-15T16:40:19.330",
"lastModified": "2024-07-03T02:01:24.210",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que idccms v1.35 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /homePro_deal.php?mudi=add&nohrefStr=close."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/FirstLIF/cms/blob/main/2.md",

40
CVE-2024/CVE-2024-351xx/CVE-2024-35110.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35110",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-17T08:15:06.073",
"lastModified": "2024-05-17T18:36:05.263",
"lastModified": "2024-07-03T02:01:24.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": " Se ha encontrado una vulnerabilidad de XSS reflejado en YzmCMS 7.1. La vulnerabilidad existe en yzmphp/core/class/application.class.php: cuando los usuarios que han iniciado sesi\u00f3n acceden a un enlace malicioso, un atacante puede capturar sus cookies."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/yzmcms/yzmcms/issues/68",

40
CVE-2024/CVE-2024-352xx/CVE-2024-35204.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35204",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:42.917",
"lastModified": "2024-05-22T21:15:08.100",
"lastModified": "2024-07-03T02:01:28.703",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Veritas System Recovery anterior a 23.2_Hotfix tiene permisos incorrectos para la carpeta Veritas System Recovery y, por lo tanto, los usuarios con pocos privilegios pueden realizar ataques."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-272"
}
]
}
],
"references": [
{
"url": "https://www.veritas.com/support/en_US/security/VTS24-005",

40
CVE-2024/CVE-2024-352xx/CVE-2024-35298.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35298",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-19T05:15:51.907",
"lastModified": "2024-06-20T12:44:01.637",
"lastModified": "2024-07-03T02:01:32.613",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "La autorizaci\u00f3n inadecuada en el controlador para un problema de esquema de URL personalizado en la aplicaci\u00f3n 'ZOZOTOWN' para versiones de Android anteriores a 7.39.6 permite a un atacante llevar a un usuario a acceder a un sitio web arbitrario a trav\u00e9s de otra aplicaci\u00f3n instalada en el dispositivo del usuario. Como resultado, el usuario puede convertirse en v\u00edctima de un ataque de phishing."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-939"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN37818611/",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35350.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35350",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T17:15:33.300",
"lastModified": "2024-05-30T18:18:58.870",
"lastModified": "2024-07-03T02:01:34.357",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se ha descubierto una vulnerabilidad en la versi\u00f3n 2.3 de Di\u00f1o Physics School Assistant. La vulnerabilidad afecta a un c\u00f3digo no identificado dentro del archivo /admin/?page=borrow/view_borrow. La manipulaci\u00f3n del argumento id puede provocar una inyecci\u00f3n de SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298666/vuln6-blind-sql-injection-time-based",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35351.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35351",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T17:15:33.393",
"lastModified": "2024-05-30T18:18:58.870",
"lastModified": "2024-07-03T02:01:35.133",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se ha descubierto una vulnerabilidad en la versi\u00f3n 2.3 de Di\u00f1o Physics School Assistant. Esta vulnerabilidad afecta el c\u00f3digo no identificado dentro del archivo /classes/SystemSettings.php?f=update_settings. La manipulaci\u00f3n del nombre del par\u00e1metro da como resultado Cross-site Scripting."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298534/vuln2-execution-after-redirect-ear-stored-cross-site-scripting-xss",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35352.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35352",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T17:15:33.480",
"lastModified": "2024-05-30T18:18:58.870",
"lastModified": "2024-07-03T02:01:35.943",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se ha descubierto una vulnerabilidad en la versi\u00f3n 2.3 de Di\u00f1o Physics School Assistant. Esta vulnerabilidad afecta el c\u00f3digo no identificado dentro del archivo /classes/Users.php?f=save. La manipulaci\u00f3n del par\u00e1metro segundo nombre da como resultado Cross-site Scripting."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298742/vuln7-stored-cross-site-scripting-xss",

28
CVE-2024/CVE-2024-353xx/CVE-2024-35353.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35353",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T17:15:33.580",
"lastModified": "2024-05-30T18:18:58.870",
"lastModified": "2024-07-03T02:01:36.723",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "Se ha descubierto una vulnerabilidad en la versi\u00f3n 2.3 de Di\u00f1o Physics School Assistant. La vulnerabilidad afecta a un c\u00f3digo no identificado dentro del archivo /classes/Users.php?f=save. La manipulaci\u00f3n del argumento id puede dar lugar a una autorizaci\u00f3n inadecuada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298777/vuln8-insecure-direct-object-references-idor",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35356.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35356",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.593",
"lastModified": "2024-05-30T18:19:11.743",
"lastModified": "2024-07-03T02:01:36.923",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se ha descubierto una vulnerabilidad en la versi\u00f3n 2.3 de Di\u00f1o Physics School Assistant. La vulnerabilidad afecta a un c\u00f3digo no identificado dentro del archivo /classes/Master.php?f=save_item. La manipulaci\u00f3n del argumento id puede provocar una inyecci\u00f3n de SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298676/vuln11-error-based-sql-injection",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35357.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35357",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.690",
"lastModified": "2024-05-30T18:19:11.743",
"lastModified": "2024-07-03T02:01:37.703",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se ha descubierto una vulnerabilidad en la versi\u00f3n 2.3 de Di\u00f1o Physics School Assistant. La vulnerabilidad afecta a un c\u00f3digo no identificado dentro del archivo /classes/Master.php?f=delete_item. La manipulaci\u00f3n del argumento id puede provocar una inyecci\u00f3n de SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298672/vuln12-error-based-sql-injection",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35361.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35361",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-21T13:15:09.057",
"lastModified": "2024-05-21T16:54:35.880",
"lastModified": "2024-07-03T02:01:38.550",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "MTab Bookmark v1.9.5 tiene una vulnerabilidad de inyecci\u00f3n SQL en /LinkStore/getIcon. Un atacante puede ejecutar declaraciones SQL arbitrarias a trav\u00e9s de esta vulnerabilidad sin requerir ning\u00fan derecho de usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/Hebing123/cve/issues/37",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35385.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35385",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-21T14:15:12.307",
"lastModified": "2024-05-21T16:54:26.047",
"lastModified": "2024-07-03T02:01:39.520",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": " Un problema en Cesanta mjs 2.20.0 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n mjs_mk_ffi_sig en el archivo mjs.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/cesanta/mjs/issues/288",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35387.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35387",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T18:15:08.363",
"lastModified": "2024-05-28T12:39:42.673",
"lastModified": "2024-07-03T02:01:40.300",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que TOTOLINK LR350 V9.3.5u.6369_B20220309 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro http_host en la funci\u00f3n loginAuth."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/loginAuth_http_host/README.md",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35388.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35388",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T19:15:10.037",
"lastModified": "2024-05-28T12:39:42.673",
"lastModified": "2024-07-03T02:01:41.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que TOTOLINK NR1800X v9.1.0u.6681_B20230703 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro de contrase\u00f1a en la funci\u00f3n urldecode"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20NR1800X/README.md",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35395.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35395",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T16:15:10.670",
"lastModified": "2024-05-24T18:09:20.027",
"lastModified": "2024-07-03T02:01:41.880",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que TOTOLINK CP900L v4.1.5cu.798_B20221228 contiene una vulnerabilidad de contrase\u00f1a codificada en /etc/shadow.sample, que permite a los atacantes iniciar sesi\u00f3n como root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-259"
}
]
}
],
"references": [
{
"url": "http://totolink.com",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35396.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35396",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T16:15:10.897",
"lastModified": "2024-05-24T18:09:20.027",
"lastModified": "2024-07-03T02:01:42.667",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que TOTOLINK CP900L v4.1.5cu.798_B20221228 conten\u00eda una contrase\u00f1a codificada para telnet en /web_cste/cgi-bin/product.ini, que permite a los atacantes iniciar sesi\u00f3n como root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "http://totolink.com",

40
CVE-2024/CVE-2024-353xx/CVE-2024-35398.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35398",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T15:15:09.497",
"lastModified": "2024-05-28T17:11:55.903",
"lastModified": "2024-07-03T02:01:43.440",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que TOTOLINK CP900L v4.1.5cu.798_B20221228 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro desc en la funci\u00f3n setMacFilterRules."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "http://totolink.com",

40
CVE-2024/CVE-2024-354xx/CVE-2024-35403.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35403",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T17:15:11.060",
"lastModified": "2024-05-29T13:02:09.280",
"lastModified": "2024-07-03T02:01:44.377",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 que TOTOLINK CP900L v4.1.5cu.798_B20221228 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro desc en la funci\u00f3n setIpPortFilterRules"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/setIpPortFilterRules/README.md",

40
CVE-2024/CVE-2024-354xx/CVE-2024-35430.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-35430",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.877",
"lastModified": "2024-05-30T18:19:11.743",
"lastModified": "2024-07-03T02:01:45.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "En ZKTeco ZKBio CVSecurity v6.1.1, un usuario autenticado puede omitir las comprobaciones de contrase\u00f1a mientras exporta datos desde la aplicaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35430.md",

Some files were not shown because too many files have changed in this diff Show More