admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-11T02:00:16.630064+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-11 02:03:12 +00:00
parent 5c39297138
commit 1c7b5997ab
323 changed files with 1157 additions and 575 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2022/CVE-2022-331xx/CVE-2022-33167.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-30T17:15:10.020",
"lastModified": "2024-07-31T12:57:02.300",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-40xx/CVE-2022-4002.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-07-31T21:15:14.627",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-40xx/CVE-2022-4003.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-07-31T21:15:14.850",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-240xx/CVE-2023-24062.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk."
},
{
"lang": "es",
"value": "Diebold Nixdorf Vynamic Security Suite (VSS) anterior a 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02 y 4.2.0 SR01 no puede validar la estructura de directorios del sistema de archivos ra\u00edz durante el proceso de autorizaci\u00f3n previa al inicio (PBA) . Esto puede ser aprovechado por un atacante f\u00edsico que pueda manipular el contenido del disco duro del sistema."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-240xx/CVE-2023-24063.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk."
},
{
"lang": "es",
"value": "Diebold Nixdorf Vynamic Security Suite (VSS) anterior a 3.3.0 SR10 no puede validar /etc/mtab durante el proceso Pre-Boot Authorization (PBA). Esto puede ser aprovechado por un atacante f\u00edsico que pueda manipular el contenido del disco duro del sistema."
}
],
"metrics": {},

2
CVE-2023/CVE-2023-262xx/CVE-2023-26288.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-30T17:15:11.720",
"lastModified": "2024-07-31T12:57:02.300",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-262xx/CVE-2023-26289.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-30T17:15:12.740",
"lastModified": "2024-07-31T12:57:02.300",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-288xx/CVE-2023-28865.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk."
},
{
"lang": "es",
"value": "Diebold Nixdorf Vynamic Security Suite (VSS) anterior a 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03 y 4.2.0 SR02 no puede validar el contenido del directorio de ciertos directorios (por ejemplo, garantizar la suma hash esperada) durante la fase Pre-Boot Authorization (PBA). Esto puede ser aprovechado por un atacante f\u00edsico que pueda manipular el contenido del disco duro del sistema."
}
],
"metrics": {

2
CVE-2023/CVE-2023-317xx/CVE-2023-31746.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T21:15:09.610",
"lastModified": "2023-06-26T13:50:53.057",
"vulnStatus": "Analyzed",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-378xx/CVE-2023-37847.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T12:15:09.593",
"lastModified": "2023-08-18T03:21:16.680",
"vulnStatus": "Analyzed",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-380xx/CVE-2023-38001.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-30T17:15:13.000",
"lastModified": "2024-07-31T12:57:02.300",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-401xx/CVE-2023-40159.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-07-18T17:15:02.787",
"lastModified": "2024-07-19T13:01:44.567",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-402xx/CVE-2023-40223.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-07-18T17:15:03.173",
"lastModified": "2024-07-19T13:01:44.567",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-403xx/CVE-2023-40398.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T21:15:11.537",
"lastModified": "2024-07-30T13:33:30.653",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-405xx/CVE-2023-40539.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-07-18T17:15:03.553",
"lastModified": "2024-07-19T13:01:44.567",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-407xx/CVE-2023-40704.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-07-18T17:15:03.897",
"lastModified": "2024-07-19T13:01:44.567",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-429xx/CVE-2023-42925.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T21:15:11.670",
"lastModified": "2024-07-30T13:33:30.653",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-429xx/CVE-2023-42943.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T21:15:11.740",
"lastModified": "2024-07-30T13:33:30.653",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-429xx/CVE-2023-42948.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T21:15:11.803",
"lastModified": "2024-07-30T13:33:30.653",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-429xx/CVE-2023-42949.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T21:15:11.867",
"lastModified": "2024-07-30T13:33:30.653",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-429xx/CVE-2023-42957.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T21:15:11.930",
"lastModified": "2024-07-30T13:33:30.653",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-72xx/CVE-2023-7246.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento System Dashboard de WordPress anterior a 2.8.10 no sanitiza ni escapa a algunos par\u00e1metros, lo que podr\u00eda permitir a los administradores en configuraciones de WordPress multisitio realizar ataques de Cross-Site Scripting"
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0101.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-08-08T17:15:17.560",
"lastModified": "2024-08-08T18:55:19.180",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service."
},
{
"lang": "es",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 y MetroX-3 XC contienen una vulnerabilidad en ipfilter, donde definiciones incorrectas de ipfilter podr\u00edan permitir que un atacante cause una falla al atacar el conmutador. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0102.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-08-08T17:15:18.013",
"lastModified": "2024-08-08T18:55:19.180",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service."
},
{
"lang": "es",
"value": "NVIDIA CUDA Toolkit para todas las plataformas contiene una vulnerabilidad en nvdisasm, donde un atacante puede causar un problema de lectura fuera de los l\u00edmites enga\u00f1ando a un usuario para que lea un archivo ELF con formato incorrecto. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0104.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-08-08T18:15:09.800",
"lastModified": "2024-08-08T18:55:19.180",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges."
},
{
"lang": "es",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 y MetroX-3 XC contienen una vulnerabilidad en el componente LDAP AAA, donde un usuario puede provocar un acceso inadecuado. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de datos y la escalada de privilegios."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0107.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-08-08T17:15:18.240",
"lastModified": "2024-08-08T18:55:19.180",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
},
{
"lang": "es",
"value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la capa de modo de usuario, donde un usuario normal sin privilegios puede provocar una lectura fuera de los l\u00edmites. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0108.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-08-08T17:15:18.473",
"lastModified": "2024-08-08T18:55:19.180",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges."
},
{
"lang": "es",
"value": "NVIDIA Jetson Linux contiene una vulnerabilidad en NvGPU donde las rutas de manejo de errores en el c\u00f3digo de mapeo de GPU MMU no logran limpiar un intento fallido de mapeo. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar denegaci\u00f3n de servicio, ejecuci\u00f3n de c\u00f3digo y escalada de privilegios."
}
],
"metrics": {

4
CVE-2024/CVE-2024-03xx/CVE-2024-0337.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action."
},
{
"lang": "es",
"value": "El complemento Travelpayouts: All Travel Brands in One Place de WordPress hasta la versi\u00f3n 1.1.15 es vulnerable a Open Redirect debido a una validaci\u00f3n insuficiente de la variable travelpayouts_redirect. Esto hace posible que atacantes no autenticados redirijan a los usuarios a sitios potencialmente maliciosos si logran enga\u00f1arlos para que realicen una acci\u00f3n."
}
],
"metrics": {

4
CVE-2024/CVE-2024-08xx/CVE-2024-0856.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying."
},
{
"lang": "es",
"value": "El complemento Appointment Booking Calendar de WordPress anterior a 1.3.83 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados realicen acciones no deseadas a trav\u00e9s de ataques CSRF, como agregar una reserva al calendario sin pagar."
}
],
"metrics": {

2
CVE-2024/CVE-2024-14xx/CVE-2024-1427.json
View File

@ -12,7 +12,7 @@
},
{
"lang": "es",
"value": "El complemento The Post Grid \u2013 Shortcode, Gutenberg Blocks y Elementor Addon para Post Grid para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo de etiqueta de t\u00edtulo de secci\u00f3n en todas las versiones hasta la 7.7.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y salida que se escapa en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
"value": "El complemento The Post Grid \u2013 Shortcode, Gutenberg Blocks y Elementor Addon para Post Grid para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo de etiqueta de t\u00edtulo de secci\u00f3n en todas las versiones hasta la 7.7.1 incluida debido a una desinfecci\u00f3n de entrada insuficiente y salida que se escapa en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2024/CVE-2024-19xx/CVE-2024-1983.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users."
},
{
"lang": "es",
"value": "El complemento Simple Ajax Chat de WordPress anterior a 20240223 no impide que los visitantes utilicen nombres maliciosos al utilizar el chat, que se reflejar\u00e1n sin sanitizar para otros usuarios."
}
],
"metrics": {

6
CVE-2024/CVE-2024-204xx/CVE-2024-20443.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.053",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco ISE podr\u00eda permitir que un atacante remoto autenticado lleve a cabo un ataque XSS contra un usuario de la interfaz. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web de un sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad inyectando c\u00f3digo malicioso en p\u00e1ginas espec\u00edficas de la interfaz. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador. Para aprovechar esta vulnerabilidad, el atacante debe tener al menos una cuenta con pocos privilegios en un dispositivo afectado."
}
],
"metrics": {

6
CVE-2024/CVE-2024-204xx/CVE-2024-20450.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.283",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges.\r\n\r\nThese vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de los tel\u00e9fonos IP Cisco Small Business serie SPA300 y los tel\u00e9fonos IP Cisco Small Business serie SPA500 podr\u00edan permitir que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema operativo subyacente con privilegios de superusuario. Estas vulnerabilidades existen porque los paquetes HTTP entrantes no se verifican adecuadamente en busca de errores, lo que podr\u00eda provocar un desbordamiento del b\u00fafer. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP dise\u00f1ada a un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante desbordar un b\u00fafer interno y ejecutar comandos arbitrarios en el nivel de privilegio superusuario."
}
],
"metrics": {

6
CVE-2024/CVE-2024-204xx/CVE-2024-20451.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.493",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly.\r\n\r\nThese vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de los tel\u00e9fonos IP Cisco Small Business serie SPA300 y los tel\u00e9fonos IP Cisco Small Business serie SPA500 podr\u00edan permitir que un atacante remoto no autenticado provoque que un dispositivo afectado se recargue inesperadamente. Estas vulnerabilidades existen porque los paquetes HTTP no se verifican adecuadamente en busca de errores. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un paquete HTTP manipulado a la interfaz remota de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante provocar una condici\u00f3n DoS en el dispositivo."
}
],
"metrics": {

6
CVE-2024/CVE-2024-204xx/CVE-2024-20454.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.713",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges.\r\n\r\nThese vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de los tel\u00e9fonos IP Cisco Small Business serie SPA300 y los tel\u00e9fonos IP Cisco Small Business serie SPA500 podr\u00edan permitir que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema operativo subyacente con privilegios de superusuario. Estas vulnerabilidades existen porque los paquetes HTTP entrantes no se verifican adecuadamente en busca de errores, lo que podr\u00eda provocar un desbordamiento del b\u00fafer. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante desbordar un b\u00fafer interno y ejecutar comandos arbitrarios en el nivel de privilegio superusuario."
}
],
"metrics": {

6
CVE-2024/CVE-2024-204xx/CVE-2024-20479.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.930",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have Admin privileges on an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco ISE podr\u00eda permitir que un atacante remoto autenticado lleve a cabo un ataque XSS contra un usuario de la interfaz. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web de un sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad inyectando c\u00f3digo malicioso en p\u00e1ginas espec\u00edficas de la interfaz. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador. Para aprovechar esta vulnerabilidad, el atacante debe tener privilegios de administrador en un dispositivo afectado."
}
],
"metrics": {

4
CVE-2024/CVE-2024-21xx/CVE-2024-2169.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources."
},
{
"lang": "es",
"value": "Las implementaciones del protocolo de aplicaci\u00f3n UDP son vulnerables a los bucles de red. Un atacante no autenticado puede utilizar paquetes manipulados con fines malintencionados contra una implementaci\u00f3n vulnerable que puede provocar una denegaci\u00f3n de servicio (DOS) y/o un abuso de recursos."
}
],
"metrics": {

4
CVE-2024/CVE-2024-220xx/CVE-2024-22077.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en las versiones 1.1.4.15 y anteriores del registrador de fallas digital Elspec G5. El archivo de base de datos SQLite tiene permisos d\u00e9biles."
}
],
"metrics": {

4
CVE-2024/CVE-2024-220xx/CVE-2024-22078.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en las versiones 1.1.4.15 y anteriores del registrador de fallas digital Elspec G5. La escalada de privilegios puede ocurrir a trav\u00e9s de archivos grabables en todo el mundo. El script de configuraci\u00f3n de red tiene permisos d\u00e9biles para el sistema de archivos. Esto da como resultado acceso de escritura para todos los usuarios autenticados y la posibilidad de escalar desde privilegios de usuario a privilegios administrativos."
}
],
"metrics": {

4
CVE-2024/CVE-2024-220xx/CVE-2024-22079.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en las versiones 1.1.4.15 y anteriores del registrador de fallas digital Elspec G5. El Directory traversal puede ocurrir a trav\u00e9s del mecanismo de descarga de registros del sistema."
}
],
"metrics": {

4
CVE-2024/CVE-2024-220xx/CVE-2024-22080.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en las versiones 1.1.4.15 y anteriores del registrador de fallas digital Elspec G5. Durante el an\u00e1lisis del cuerpo XML se pueden producir da\u00f1os en la memoria no autenticados."
}
],
"metrics": {

4
CVE-2024/CVE-2024-220xx/CVE-2024-22081.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en las versiones 1.1.4.15 y anteriores del registrador de fallas digital Elspec G5. Puede producirse corrupci\u00f3n de memoria no autenticada en el mecanismo de an\u00e1lisis de encabezados HTTP."
}
],
"metrics": {

4
CVE-2024/CVE-2024-220xx/CVE-2024-22082.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en las versiones 1.1.4.15 y anteriores del registrador de fallas digital Elspec G5. Puede ocurrir una lista de directorios no autenticados: se puede abusar de la interfaz web para que un atacante obtenga una mejor comprensi\u00f3n del sistema operativo."
}
],
"metrics": {

4
CVE-2024/CVE-2024-220xx/CVE-2024-22084.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en las versiones 1.1.4.15 y anteriores del registrador de fallas digital Elspec G5. Las contrase\u00f1as y los hashes de texto plano se exponen a trav\u00e9s de archivos de registro."
}
],
"metrics": {

2
CVE-2024/CVE-2024-228xx/CVE-2024-22855.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-12T17:15:49.913",
"lastModified": "2024-07-22T20:12:59.693",
"vulnStatus": "Analyzed",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-230xx/CVE-2024-23091.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-30T14:15:02.730",
"lastModified": "2024-07-31T12:57:02.300",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-232xx/CVE-2024-23261.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.037",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-234xx/CVE-2024-23466.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-07-17T15:15:11.270",
"lastModified": "2024-07-18T12:28:43.707",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-234xx/CVE-2024-23467.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-07-17T15:15:11.500",
"lastModified": "2024-07-18T12:28:43.707",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-234xx/CVE-2024-23468.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-07-17T15:15:11.730",
"lastModified": "2024-07-18T12:28:43.707",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-234xx/CVE-2024-23472.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-07-17T15:15:12.627",
"lastModified": "2024-07-18T12:28:43.707",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-243xx/CVE-2024-24336.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and \u2018/members/members-home.pl\u2019 endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and \u2018Patrons Restriction\u2019 components."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) m\u00faltiple en los endpoints '/members/moremember.pl' y '/members/members-home.pl' dentro de Koha Library Management System versi\u00f3n 23.05.05 y anteriores permite que usuarios malintencionados del personal lleven realizar ataques CSRF, incluidos cambios no autorizados en los nombres de usuario y contrase\u00f1as de los usuarios que visitan la p\u00e1gina afectada, a trav\u00e9s de los componentes 'Nota de circulaci\u00f3n' y 'Restricci\u00f3n de usuarios'."
}
],
"metrics": {

4
CVE-2024/CVE-2024-275xx/CVE-2024-27515.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Osclass 5.1.2 is vulnerable to SQL Injection."
},
{
"lang": "es",
"value": "Osclass 5.1.2 es vulnerable a la inyecci\u00f3n SQL."
}
],
"metrics": {

2
CVE-2024/CVE-2024-278xx/CVE-2024-27809.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.110",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-278xx/CVE-2024-27823.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.170",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-278xx/CVE-2024-27853.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.297",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-278xx/CVE-2024-27863.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.423",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-278xx/CVE-2024-27871.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.490",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-278xx/CVE-2024-27872.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.557",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-278xx/CVE-2024-27873.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.620",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-278xx/CVE-2024-27881.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.807",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-282xx/CVE-2024-28283.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer basada en pila en la funci\u00f3n pc_change_act en la versi\u00f3n de firmware del enrutador Linksys E1000 v.2.1.03 y anteriores, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

2
CVE-2024/CVE-2024-282xx/CVE-2024-28298.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-02T19:16:30.467",
"lastModified": "2024-08-05T12:41:45.957",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-283xx/CVE-2024-28389.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en KnowBand spinwheel v.3.0.3 y anteriores permite a un atacante remoto obtener privilegios escalados y obtener informaci\u00f3n confidencial a trav\u00e9s del m\u00e9todo SpinWheelFrameSpinWheelModuleFrontController::sendEmail()."
}
],
"metrics": {

4
CVE-2024/CVE-2024-283xx/CVE-2024-28394.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module."
},
{
"lang": "es",
"value": "Un problema en Advanced Plugins reportsstatistics v1.3.20 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del m\u00f3dulo Informes de ventas, estad\u00edsticas, campos personalizados y exportaci\u00f3n."
}
],
"metrics": {

4
CVE-2024/CVE-2024-283xx/CVE-2024-28395.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Best-Kit bestkit_popup v.1.7.2 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del componente bestkit_popup.php."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28566.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n AssignPixel() al leer im\u00e1genes en formato TIFF."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28567.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n FreeImage_CreateICCProfile() al leer im\u00e1genes en formato TIFF."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28568.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n read_iptc_profile() al leer im\u00e1genes en formato TIFF."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28569.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el c\u00f3digo abierto FreeImage v.3.19.0 [r1909] permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n Imf_2_2::Xdr::read() al leer im\u00e1genes en formato EXR."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28570.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n ProcessMakerNote() al leer im\u00e1genes en formato JPEG."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28572.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n FreeImage_SetTagValue() al leer im\u00e1genes en formato JPEG."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28573.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n jpeg_read_exif_profile() al leer im\u00e1genes en formato JPEG."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28574.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n opj_j2k_copy_default_tcp_and_create_tcd() al leer im\u00e1genes en formato J2K."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28575.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n opj_j2k_read_mct() al leer im\u00e1genes en formato J2K."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28576.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n opj_j2k_tcp_destroy() al leer im\u00e1genes en formato J2K."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28577.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de puntero nulo en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n jpeg_read_exif_profile_raw() al leer im\u00e1genes en formato JPEG."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28578.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el c\u00f3digo abierto FreeImage v.3.19.0 [r1909] permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n Load() al leer im\u00e1genes en formato RAS."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28579.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n FreeImage_Unload() al leer im\u00e1genes en formato HDR."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28580.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el c\u00f3digo abierto FreeImage v.3.19.0 [r1909] permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n ReadData() al leer im\u00e1genes en formato RAS."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28581.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el c\u00f3digo abierto FreeImage v.3.19.0 [r1909] permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n _assignPixel&lt;&gt;() al leer im\u00e1genes en formato TARGA."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28582.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en FreeImage v.3.19.0 [r1909] de c\u00f3digo abierto permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n rgbe_RGBEToFloat() al leer im\u00e1genes en formato HDR."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28583.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en el c\u00f3digo abierto FreeImage v.3.19.0 [r1909] permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n readLine() al leer im\u00e1genes en formato XPM."
}
],
"metrics": {

4
CVE-2024/CVE-2024-285xx/CVE-2024-28595.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n SQL en Employee Management System v1.0 permite a los atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro admin_id en update-admin.php."
}
],
"metrics": {

2
CVE-2024/CVE-2024-289xx/CVE-2024-28962.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-06T04:16:45.810",
"lastModified": "2024-08-06T16:30:24.547",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-289xx/CVE-2024-28992.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-07-17T15:15:13.623",
"lastModified": "2024-07-18T12:28:43.707",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-29xx/CVE-2024-2937.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0."
},
{
"lang": "es",
"value": "Vulnerabilidad de Use After Free en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver permite a un usuario local sin privilegios realizar operaciones inadecuadas de procesamiento de memoria de GPU para obtener acceso a la memoria ya liberada. Este problema afecta al controlador del kernel de GPU Bifrost: desde r41p0 hasta r49p0; Controlador del kernel de GPU Valhall: desde r41p0 hasta r49p0; Controlador de kernel de arquitectura de GPU Arm de quinta generaci\u00f3n: desde r41p0 hasta r49p0."
}
],
"metrics": {

4
CVE-2024/CVE-2024-301xx/CVE-2024-30170.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,"
},
{
"lang": "es",
"value": "PrivX anterior a 34.0 permite la filtraci\u00f3n de datos y la denegaci\u00f3n de servicio a trav\u00e9s de la API REST. Esto se solucion\u00f3 en las versiones menores 33.1, 32.3, 31.3 y posteriores, y en la versi\u00f3n principal 34.0 y posteriores."
}
],
"metrics": {

2
CVE-2024/CVE-2024-30xx/CVE-2024-3056.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-08-02T21:16:30.950",
"lastModified": "2024-08-05T12:41:45.957",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-30xx/CVE-2024-3082.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-07-31T14:15:07.157",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-30xx/CVE-2024-3083.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-07-31T14:15:07.433",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-311xx/CVE-2024-31159.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-06-14T04:15:41.790",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-311xx/CVE-2024-31160.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-06-14T04:15:42.083",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-311xx/CVE-2024-31161.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-06-14T04:15:42.323",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-311xx/CVE-2024-31199.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-07-31T14:15:03.420",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-312xx/CVE-2024-31200.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-07-31T14:15:03.823",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-312xx/CVE-2024-31201.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-07-31T14:15:04.430",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-312xx/CVE-2024-31202.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-07-31T14:15:05.127",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-312xx/CVE-2024-31203.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-07-31T14:15:05.760",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-339xx/CVE-2024-33957.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter"
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en E-Negosyo System que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en 'id' en el par\u00e1metro '/admin/orders/controller.php'."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More