admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-10T14:00:21.253206+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-10 14:03:23 +00:00
parent 1560d320f2
commit 23ff0a7008
522 changed files with 4603 additions and 1613 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-45xx/CVE-2022-4534.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-4534",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-08T09:15:07.773",
"lastModified": "2024-10-08T09:15:07.773",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in."
},
{
"lang": "es",
"value": "El complemento Limit Login Attempts (Spam Protection) para WordPress es vulnerable a la suplantaci\u00f3n de direcciones IP en versiones hasta la 5.3 incluida. Esto se debe a restricciones insuficientes sobre d\u00f3nde se recupera la informaci\u00f3n de la direcci\u00f3n IP para el registro de solicitudes y las restricciones de inicio de sesi\u00f3n. Los atacantes pueden proporcionar el encabezado X-Forwarded-For con una direcci\u00f3n IP diferente que se registrar\u00e1 y se puede usar para eludir configuraciones que pueden haber bloqueado el inicio de sesi\u00f3n de una direcci\u00f3n IP o un pa\u00eds."
}
],
"metrics": {

8
CVE-2023/CVE-2023-363xx/CVE-2023-36325.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-36325",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T06:15:11.303",
"lastModified": "2024-10-09T06:15:11.303",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete."
},
{
"lang": "es",
"value": "i2p anterior a la versi\u00f3n 2.3.0 (Java) permite desanonimizar las direcciones IPv4 e IPv6 p\u00fablicas de los servicios ocultos de i2p (tambi\u00e9n conocidos como eepsites) mediante un ataque de correlaci\u00f3n entre las direcciones IPv4 e IPv6 que se produce cuando un mensaje tunelizado y reproducido tiene una discrepancia de comportamiento (puede descartarse o puede dar como resultado una respuesta de destino incorrecto). Un ataque tardar\u00eda d\u00edas en completarse."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-371xx/CVE-2023-37154.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37154",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T06:15:12.943",
"lastModified": "2024-10-09T22:35:00.577",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-453xx/CVE-2023-45359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45359",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T06:15:13.097",
"lastModified": "2024-10-09T22:35:01.493",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-453xx/CVE-2023-45361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45361",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T06:15:13.203",
"lastModified": "2024-10-09T14:35:07.353",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-458xx/CVE-2023-45872.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-45872",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T06:15:13.323",
"lastModified": "2024-10-09T06:15:13.323",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an SVG document."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Qt anterior a la versi\u00f3n 6.2.11 y en las versiones 6.3.x a 6.6.x anteriores a la versi\u00f3n 6.6.1. Cuando una imagen QML hace referencia a una imagen cuyo contenido a\u00fan no se conoce, se supone que se trata de un documento SVG, lo que genera una denegaci\u00f3n de servicio (falla de la aplicaci\u00f3n) si en realidad no es un documento SVG."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-465xx/CVE-2023-46586.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46586",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T06:15:13.447",
"lastModified": "2024-10-09T14:35:07.683",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

51
CVE-2023/CVE-2023-466xx/CVE-2023-46615.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46615",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-12T09:15:11.717",
"lastModified": "2024-02-12T14:19:54.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-10T13:24:23.423",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/kd-coming-soon/wordpress-kd-coming-soon-plugin-1-7-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kallidan:kd_coming_soon:*:*:*:*:wordpress:*:*:*",
"versionEndIncluding": "1.7",
"matchCriteriaId": "6D1BD50B-D0AD-43D3-8AF2-46BFB0626631"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/kd-coming-soon/wordpress-kd-coming-soon-plugin-1-7-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-513xx/CVE-2023-51370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51370",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-12T07:15:09.637",
"lastModified": "2024-02-12T14:20:03.287",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-10T12:46:36.377",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/wp-whatsapp/wordpress-wp-chat-app-plugin-3-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjateam:wp_chat_app:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.4.4",
"matchCriteriaId": "F5EBB0C7-3801-4AE1-9B1D-867AD89D838E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-whatsapp/wordpress-wp-chat-app-plugin-3-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-529xx/CVE-2023-52952.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52952",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:10.097",
"lastModified": "2024-10-08T09:15:10.097",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en HiMed Cockpit 12 pro (J31032-K2017-H259) (todas las versiones &gt;= V11.5.1 &lt; V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (todas las versiones &gt;= V11.5.1 &lt; V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (todas las versiones &gt;= V11.5.1 &lt; V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (todas las versiones &gt;= V11.5.1 &lt; V11.6.2). El modo quiosco de los dispositivos afectados contiene una vulnerabilidad de escape del entorno de escritorio restringido. Esto podr\u00eda permitir que un atacante local no autenticado escape del entorno restringido y obtenga acceso al sistema operativo subyacente."
}
],
"metrics": {

63
CVE-2024/CVE-2024-14xx/CVE-2024-1439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1439",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-02-12T11:15:08.147",
"lastModified": "2024-02-12T14:19:54.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-10T13:55:20.437",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-vulnerability-moodle",
"source": "cve-coordination@incibe.es"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.2.11",
"matchCriteriaId": "A76BD816-1BB5-48BF-996B-8F4AD1BEE3CF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-vulnerability-moodle",
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-206xx/CVE-2024-20659.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20659",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:05.220",
"lastModified": "2024-10-08T18:15:05.220",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de Windows Hyper-V"
}
],
"metrics": {

8
CVE-2024/CVE-2024-207xx/CVE-2024-20787.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20787",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-10-09T09:15:05.000",
"lastModified": "2024-10-09T09:15:05.000",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 10.0.1 y anteriores de Substance3D - Painter se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

23
CVE-2024/CVE-2024-214xx/CVE-2024-21490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21490",
"sourceIdentifier": "report@snyk.io",
"published": "2024-02-10T05:15:08.650",
"lastModified": "2024-05-14T14:54:54.393",
"vulnStatus": "Modified",
"lastModified": "2024-10-10T13:51:02.213",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:angular:angular:*:*:*:*:*:node.js:*:*",
"criteria": "cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.3.0",
"matchCriteriaId": "4615CD79-CE8C-46FF-B9CC-633B2AD05D26"
"matchCriteriaId": "BAF43CA0-8F6F-4B34-AE11-85134A4E8491"
}
]
}
@ -102,11 +102,17 @@
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113",
@ -125,7 +131,10 @@
},
{
"url": "https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-215xx/CVE-2024-21532.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21532",
"sourceIdentifier": "report@snyk.io",
"published": "2024-10-08T05:15:13.920",
"lastModified": "2024-10-08T05:15:13.920",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API."
},
{
"lang": "es",
"value": "Todas las versiones del paquete ggit son vulnerables a la inyecci\u00f3n de comandos a trav\u00e9s de la API fetchTags(branch), que permite la entrada del usuario para especificar la rama que se buscar\u00e1 y luego concatena esta cadena junto con un comando git que luego se pasa a la API del proceso secundario exec() de Node.js inseguro."
}
],
"metrics": {

4
CVE-2024/CVE-2024-215xx/CVE-2024-21533.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21533",
"sourceIdentifier": "report@snyk.io",
"published": "2024-10-08T05:15:14.180",
"lastModified": "2024-10-08T16:35:04.437",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-220xx/CVE-2024-22068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22068",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-10-10T09:15:03.190",
"lastModified": "2024-10-10T09:15:03.190",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

22
CVE-2024/CVE-2024-224xx/CVE-2024-22442.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22442",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-07-16T16:15:04.017",
"lastModified": "2024-09-05T17:12:12.433",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-10T12:47:22.213",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -83,6 +83,7 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -90,9 +91,20 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hpe:3par_service_provider:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.2",
"matchCriteriaId": "939B605C-A7C5-4AF1-9A66-7536C6100BB2"
"criteria": "cpe:2.3:o:hp:3par_service_processor_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.2.0",
"matchCriteriaId": "8294955E-CB75-4F2B-89B9-EFE1BDACA913"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:3par_service_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D241CDD7-CAA1-460D-814D-9302B76054F5"
}
]
}

51
CVE-2024/CVE-2024-248xx/CVE-2024-24875.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24875",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-12T09:15:12.110",
"lastModified": "2024-02-12T14:19:54.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-10T13:27:56.887",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ylefebvre:link_library:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.5.13",
"matchCriteriaId": "8CC556B7-656B-48C5-BF04-F96422CAD4C8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-248xx/CVE-2024-24884.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24884",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-12T09:15:12.320",
"lastModified": "2024-02-12T14:19:54.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-10T13:37:34.213",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/ari-cf7-connector/wordpress-contact-form-7-connector-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ari-soft:contact_form_7_connector:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.2",
"matchCriteriaId": "D6F2F04F-EB55-459A-82DB-48A8721CADDB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ari-cf7-connector/wordpress-contact-form-7-connector-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-252xx/CVE-2024-25282.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25282",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T04:15:07.287",
"lastModified": "2024-10-09T15:35:11.880",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-252xx/CVE-2024-25283.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25283",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T04:15:07.483",
"lastModified": "2024-10-09T15:35:12.690",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-252xx/CVE-2024-25284.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25284",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T04:15:07.597",
"lastModified": "2024-10-09T15:35:13.433",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-252xx/CVE-2024-25285.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25285",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T04:15:07.700",
"lastModified": "2024-10-09T16:35:07.700",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-252xx/CVE-2024-25286.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25286",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T04:15:07.880",
"lastModified": "2024-10-09T15:35:14.180",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-257xx/CVE-2024-25705.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25705",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-04-04T18:15:12.603",
"lastModified": "2024-10-08T17:15:30.027",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are low."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-site Scripting en Esri Portal for ArcGIS Experience Builder 11.1 y versiones anteriores en Windows y Linux que permite a un atacante remoto no autenticado crear un v\u00ednculo manipulado que, al hacer clic en \u00e9l, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. Los privilegios necesarios para ejecutar este ataque son bajos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-257xx/CVE-2024-25706.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25706",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-04-04T18:15:12.830",
"lastModified": "2024-10-08T17:15:30.303",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de HTML en Esri Portal for ArcGIS &lt;=11.0 que puede permitir que un atacante remoto no autenticado cree una URL que, al hacer clic en ella, podr\u00eda generar un mensaje que incite a una v\u00edctima desprevenida a visitar un sitio web arbitrario. Esto podr\u00eda simplificar los ataques de phishing."
}
],
"metrics": {

8
CVE-2024/CVE-2024-257xx/CVE-2024-25709.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25709",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-04-04T18:15:13.340",
"lastModified": "2024-10-08T17:15:30.607",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 \u2013 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-site Scripting Almacenado en Esri Portal for ArcGIS versiones 10.8.1 \u2013 1121 que puede permitir que un atacante remoto autenticado cree un v\u00ednculo manipulado que se puede guardar como una nueva ubicaci\u00f3n al mover un elemento existente, lo que potencialmente ejecutar\u00e1 c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. Los privilegios necesarios para ejecutar este ataque son altos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-258xx/CVE-2024-25825.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25825",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T16:15:04.277",
"lastModified": "2024-10-09T16:15:04.277",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114 y OpenFyde R114 estaban configurados con la contrase\u00f1a ra\u00edz guardada como comod\u00edn. Esto permite a los atacantes obtener acceso a la ra\u00edz sin una contrase\u00f1a."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-258xx/CVE-2024-25885.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25885",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-08T18:15:05.423",
"lastModified": "2024-10-09T15:35:14.920",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-265xx/CVE-2024-26596.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26596",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:09.500",
"lastModified": "2024-04-17T19:54:59.240",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-10T12:15:02.790",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -71,6 +71,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/69a1e2d938dbbfcff0e064269adf60ad26dbb102",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/844f104790bd69c2e4dbb9ee3eba46fde1fcea7b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

6
CVE-2024/CVE-2024-267xx/CVE-2024-26785.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26785",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:08.187",
"lastModified": "2024-04-04T12:48:41.700",
"lastModified": "2024-10-10T12:15:03.027",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -24,6 +24,10 @@
{
"url": "https://git.kernel.org/stable/c/fc719ecbca45c9c046640d72baddba3d83e0bc0b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd4d5cd7a2e8f08357c9bfc0905957cffe8ce568",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

6
CVE-2024/CVE-2024-268xx/CVE-2024-26836.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26836",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T10:15:09.713",
"lastModified": "2024-04-17T12:48:07.510",
"lastModified": "2024-10-10T12:15:03.120",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -21,6 +21,10 @@
"url": "https://git.kernel.org/stable/c/2bfbe1e0aed00ba51d58573c79452fada3f62ed4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2deb10a99671afda30f834e95e5b992a805bba6a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6f7d0f5fd8e440c3446560100ac4ff9a55eec340",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

6
CVE-2024/CVE-2024-268xx/CVE-2024-26876.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26876",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T11:15:09.777",
"lastModified": "2024-04-17T12:48:07.510",
"lastModified": "2024-10-10T12:15:03.210",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -21,6 +21,10 @@
"url": "https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

6
CVE-2024/CVE-2024-269xx/CVE-2024-26972.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26972",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T06:15:13.597",
"lastModified": "2024-05-01T13:02:20.750",
"lastModified": "2024-10-10T12:15:03.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -17,6 +17,10 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3faea7810e2b3e9a9a92ef42d7e5feaeb8ff7133",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/62b5ae00c2b835639002ce898ccb5d82c51073ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

6
CVE-2024/CVE-2024-270xx/CVE-2024-27011.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27011",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T06:15:19.583",
"lastModified": "2024-05-13T08:15:11.983",
"lastModified": "2024-10-10T12:15:03.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -24,6 +24,10 @@
{
"url": "https://git.kernel.org/stable/c/86a1471d7cde792941109b93b558b5dc078b9ee9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a1bd2a38a1c6388fc8556816dc203c3e9dc52237",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2024/CVE-2024-270xx/CVE-2024-27012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27012",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T06:15:19.743",
"lastModified": "2024-05-23T19:15:29.050",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-10T12:15:03.490",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -116,6 +116,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/164936b2fc88883341fe7a2d9c42b69020e5cafd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/86658fc7414d4b9e25c2699d751034537503d637",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

6
CVE-2024/CVE-2024-270xx/CVE-2024-27072.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27072",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:51.127",
"lastModified": "2024-05-01T19:50:25.633",
"lastModified": "2024-10-10T12:15:03.603",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -24,6 +24,10 @@
{
"url": "https://git.kernel.org/stable/c/65e6a2773d655172143cc0b927cdc89549842895",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dea46e246ef0f98d89d59a4229157cd9ffb636bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2024/CVE-2024-274xx/CVE-2024-27457.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27457",
"sourceIdentifier": "secure@intel.com",
"published": "2024-10-08T19:15:13.420",
"lastModified": "2024-10-08T19:15:13.420",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Una verificaci\u00f3n incorrecta de condiciones inusuales o excepcionales en el firmware del m\u00f3dulo Intel(R) TDX anterior a la versi\u00f3n 1.5.06 puede permitir que un usuario privilegiado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {

16
CVE-2024/CVE-2024-278xx/CVE-2024-27861.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27861",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.897",
"lastModified": "2024-09-23T18:56:59.510",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-10T13:13:53.450",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -22,19 +22,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]

8
CVE-2024/CVE-2024-281xx/CVE-2024-28168.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-28168",
"sourceIdentifier": "security@apache.org",
"published": "2024-10-09T12:15:02.850",
"lastModified": "2024-10-09T14:35:10.237",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.\n\nThis issue affects Apache XML Graphics FOP: 2.9.\n\nUsers are recommended to upgrade to version 2.10, which fixes the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de restricci\u00f3n incorrecta de referencia de entidad externa XML ('XXE') en Apache XML Graphics FOP. Este problema afecta a Apache XML Graphics FOP: 2.9. Se recomienda a los usuarios que actualicen a la versi\u00f3n 2.10, que soluciona el problema."
}
],
"metrics": {

89
CVE-2024/CVE-2024-291xx/CVE-2024-29176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29176",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-26T03:15:10.533",
"lastModified": "2024-09-23T21:11:39.197",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-10T12:04:03.843",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -66,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-787"
}
]
},
@ -83,6 +83,7 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -91,8 +92,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0",
"versionEndExcluding": "7.7.5.40",
"matchCriteriaId": "C6A0B6C8-491A-46F2-A330-15000DE501BA"
"matchCriteriaId": "6BD07CAF-9671-475C-810D-1BFBFA881E09"
},
{
"vulnerable": true,
@ -109,6 +111,85 @@
"matchCriteriaId": "8EF3066F-F378-4AA6-B50C-B33C22C57492"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:in-cloud:*:*:*",
"matchCriteriaId": "83DBF4F3-791C-48A2-B37E-6B3F6177B470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:dell:apex_protection_storage:-:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "D007B2BB-082B-4D33-A6A1-77714341C75C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4D9616-4482-4173-9507-6B8EC15F3521"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A81372F-E8DC-49AB-AC12-700F76D4C2C6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5525030D-2AA9-4AB6-8B15-D09214C1834E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C08E46D-6795-46DB-BA6C-548D7B8EBFA5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:dd9410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F820D2BB-4773-4B2F-BC50-9474B44DB8F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "105F8F20-3EB3-49E7-82BE-3A5742EAA51E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:dd9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84F58819-777E-43C1-B1EA-FFD7CDF79234"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.0.0",
"matchCriteriaId": "D655A40E-7358-4E29-BDC6-8CC2E8BA1D63"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:dm5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B15806F-F6F1-4B26-921C-FE7620B3539F"
}
]
}
]
}

8
CVE-2024/CVE-2024-300xx/CVE-2024-30092.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30092",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:05.513",
"lastModified": "2024-10-08T18:15:05.513",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Windows Hyper-V"
}
],
"metrics": {

8
CVE-2024/CVE-2024-301xx/CVE-2024-30118.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30118",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-10-09T20:15:07.570",
"lastModified": "2024-10-09T20:15:07.570",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data."
},
{
"lang": "es",
"value": "HCL Connections es vulnerable a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n que podr\u00eda permitir que un usuario obtenga informaci\u00f3n confidencial a la que no tiene derecho debido al manejo inadecuado de los datos solicitados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-30xx/CVE-2024-3057.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3057",
"sourceIdentifier": "psirt@purestorage.com",
"published": "2024-10-08T17:15:53.770",
"lastModified": "2024-10-08T17:15:53.770",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation."
},
{
"lang": "es",
"value": "Existe una falla por la cual un usuario puede realizar una llamada espec\u00edfica a un endpoint FlashArray permitiendo la escalada de privilegios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-312xx/CVE-2024-31227.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31227",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-07T20:15:05.050",
"lastModified": "2024-10-07T20:15:05.050",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Redis es una base de datos de c\u00f3digo abierto en memoria que persiste en el disco. Un usuario autenticado con privilegios suficientes puede crear un selector de ACL mal formado que, cuando se accede a \u00e9l, desencadena un p\u00e1nico del servidor y la consiguiente denegaci\u00f3n de servicio. El problema existe en Redis 7 anterior a las versiones 7.2.6 y 7.4.1. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-312xx/CVE-2024-31228.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31228",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-07T20:15:05.277",
"lastModified": "2024-10-07T20:15:05.277",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Redis es una base de datos de c\u00f3digo abierto en memoria que persiste en el disco. Los usuarios autenticados pueden desencadenar una denegaci\u00f3n de servicio mediante el uso de patrones de coincidencia de cadenas largas especialmente manipulados en comandos compatibles, como `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` y definiciones de ACL. La coincidencia de patrones extremadamente largos puede provocar una recursi\u00f3n sin l\u00edmites, lo que lleva a un desbordamiento de pila y un bloqueo del proceso. Este problema se ha solucionado en las versiones 6.2.16, 7.2.6 y 7.4.1 de Redis. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-314xx/CVE-2024-31449.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31449",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-07T20:15:05.507",
"lastModified": "2024-10-07T20:15:05.507",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Redis es una base de datos en memoria de c\u00f3digo abierto que persiste en el disco. Un usuario autenticado puede usar un script Lua especialmente manipulado para provocar un desbordamiento del b\u00fafer de pila en la librer\u00eda de bits, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo. El problema existe en todas las versiones de Redis con scripts Lua. Este problema se ha solucionado en las versiones 6.2.16, 7.2.6 y 7.4.1 de Redis. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-326xx/CVE-2024-32608.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32608",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T05:15:13.110",
"lastModified": "2024-10-09T05:15:13.110",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution."
},
{
"lang": "es",
"value": "La librer\u00eda HDF5 hasta la versi\u00f3n 1.14.3 tiene corrupci\u00f3n de memoria en H5A__close que resulta en la corrupci\u00f3n del puntero de instrucci\u00f3n y causa la denegaci\u00f3n de servicio o la posible ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-335xx/CVE-2024-33506.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33506",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-10-08T15:15:14.717",
"lastModified": "2024-10-08T15:15:14.717",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado [CWE-200] en FortiManager 7.4.2 y anteriores, 7.2.5 y anteriores, 7.0.12 y anteriores permite que un atacante remoto autenticado asignado a un dominio administrativo (ADOM) acceda al resumen del dispositivo de ADOM no autorizados a trav\u00e9s de solicitudes HTTP manipuladas."
}
],
"metrics": {

41
CVE-2024/CVE-2024-338xx/CVE-2024-33897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33897",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-06T14:16:03.870",
"lastModified": "2024-08-12T16:15:15.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-10T13:00:37.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -111,8 +111,33 @@
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32438363-2228-41D7-915C-E54343F71E84"
"criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_apac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26AE4359-63AD-4451-AACD-D621B9D422C7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A7AEB3-53A0-4B77-8DFB-8E92E4B24462"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_jp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C2B08D-D645-4C04-B010-4FF85642F7B5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_na:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B85678D5-71F7-47EA-A21F-272BA9C02B33"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_ethernet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5917C5-AD12-4FB3-9DBB-D757DC053427"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_wifi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1475F50-11AB-4290-8D1D-FFCA2245B0B3"
}
]
}
@ -122,7 +147,11 @@
"references": [
{
"url": "https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf",
@ -142,7 +171,7 @@
"url": "https://www.hms-networks.com/cyber-security",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
"Not Applicable"
]
}
]

8
CVE-2024/CVE-2024-346xx/CVE-2024-34662.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34662",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:03.037",
"lastModified": "2024-10-08T07:15:03.037",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en ActivityManager anterior a SMR Oct-2024 Release 1 en algunos Android 12 y 13 y SMR Sep-2024 Release 1 en algunos Android 14 permite que atacantes locales ejecuten comportamientos privilegiados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-346xx/CVE-2024-34663.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34663",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:03.497",
"lastModified": "2024-10-08T07:15:03.497",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory."
},
{
"lang": "es",
"value": "El desbordamiento de enteros en libSEF.quram.so anterior a SMR Oct-2024 Release 1 permite a atacantes locales escribir en la memoria fuera de los l\u00edmites."
}
],
"metrics": {

8
CVE-2024/CVE-2024-346xx/CVE-2024-34664.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34664",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:03.750",
"lastModified": "2024-10-08T07:15:03.750",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment."
},
{
"lang": "es",
"value": "Una verificaci\u00f3n incorrecta de las condiciones de excepci\u00f3n en Knox Guard antes de la versi\u00f3n 1 de SMR de octubre de 2024 permite que atacantes f\u00edsicos eludan Knox Guard en un entorno multiusuario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-346xx/CVE-2024-34665.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34665",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:04.053",
"lastModified": "2024-10-08T07:15:04.053",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el formato h.264 de an\u00e1lisis en librtppayload.so anterior a la versi\u00f3n 1 de SMR Oct-2024 permite a atacantes remotos ejecutar c\u00f3digo arbitrario con privilegios del sistema. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-346xx/CVE-2024-34666.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34666",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:04.363",
"lastModified": "2024-10-08T07:15:04.363",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el an\u00e1lisis del formato h.264 en un modo espec\u00edfico en librtppayload.so anterior a la versi\u00f3n 1 de SMR Oct-2024 permite a atacantes remotos ejecutar c\u00f3digo arbitrario con privilegios del sistema. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-346xx/CVE-2024-34667.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34667",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:04.643",
"lastModified": "2024-10-08T07:15:04.643",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el formato h.265 de an\u00e1lisis en librtppayload.so anterior a la versi\u00f3n 1 de SMR Oct-2024 permite a atacantes remotos ejecutar c\u00f3digo arbitrario con privilegios del sistema. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-346xx/CVE-2024-34668.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34668",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:04.897",
"lastModified": "2024-10-08T07:15:04.897",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el formato h.263 de an\u00e1lisis en librtppayload.so anterior a la versi\u00f3n 1 de SMR Oct-2024 permite a atacantes remotos ejecutar c\u00f3digo arbitrario con privilegios del sistema. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-346xx/CVE-2024-34669.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34669",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:05.137",
"lastModified": "2024-10-08T07:15:05.137",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability."
},
{
"lang": "es",
"value": "La escritura fuera de los l\u00edmites en el an\u00e1lisis del formato h.263+ en librtppayload.so anterior a la versi\u00f3n 1 de SMR Oct-2024 permite a atacantes remotos ejecutar c\u00f3digo arbitrario con privilegios del sistema. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-346xx/CVE-2024-34670.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34670",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:05.390",
"lastModified": "2024-10-08T07:15:05.390",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information."
},
{
"lang": "es",
"value": "El uso de intenci\u00f3n impl\u00edcita para comunicaci\u00f3n confidencial en Sound Assistant anterior a la versi\u00f3n 6.1.0.9 permite a atacantes locales obtener informaci\u00f3n confidencial."
}
],
"metrics": {

10
CVE-2024/CVE-2024-346xx/CVE-2024-34671.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34671",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:05.640",
"lastModified": "2024-10-08T07:15:05.640",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of implicit intent for sensitive communication in translation\ud63bin Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability."
"value": "Use of implicit intent for sensitive communication in translation?in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability."
},
{
"lang": "es",
"value": "El uso de la intenci\u00f3n impl\u00edcita de obtener comunicaciones confidenciales en translation?in Samsung Internet anterior a la versi\u00f3n 26.0.3.1 permite a atacantes locales obtener informaci\u00f3n confidencial. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-346xx/CVE-2024-34672.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34672",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:05.880",
"lastModified": "2024-10-08T07:15:05.880",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en SamsungVideoPlayer anterior a las versiones 7.3.29.1 en Android 12, 7.3.36.1 en Android 13 y 7.3.41.230 en Android 14 permite a atacantes locales acceder a archivos de video de otros usuarios."
}
],
"metrics": {

37
CVE-2024/CVE-2024-352xx/CVE-2024-35202.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-35202",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-10T13:15:14.077",
"lastModified": "2024-10-10T13:15:14.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance."
}
],
"metrics": {},
"references": [
{
"url": "https://bitcoincore.org/en/2024/10/08/disclose-blocktxn-crash/",
"source": "cve@mitre.org"
},
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-25.0.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bitcoin/bitcoin/pull/26898",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bitcoin/bitcoin/releases/tag/v25.0",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-352xx/CVE-2024-35215.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35215",
"sourceIdentifier": "secure@blackberry.com",
"published": "2024-10-08T18:15:05.717",
"lastModified": "2024-10-08T18:15:05.717",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process."
},
{
"lang": "es",
"value": "La desreferencia de puntero NULL en el procesamiento de opciones de socket IP de la pila de red en la plataforma de desarrollo de software (SDP) QNX versiones 7.1 y 7.0 podr\u00eda permitir que un atacante con acceso local provoque una condici\u00f3n de denegaci\u00f3n de servicio en el contexto del proceso de la pila de red."
}
],
"metrics": {

4
CVE-2024/CVE-2024-352xx/CVE-2024-35288.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35288",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T04:15:08.233",
"lastModified": "2024-10-09T21:35:09.590",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2024/CVE-2024-359xx/CVE-2024-35963.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35963",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:11.390",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-10-10T12:15:03.703",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -17,6 +17,10 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0c18a64039aa3f1c16f208d197c65076da798137",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50173882bb187e70e37bac01385b9b114019bee2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

6
CVE-2024/CVE-2024-359xx/CVE-2024-35964.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35964",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:11.457",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-10-10T12:15:03.793",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -21,6 +21,10 @@
"url": "https://git.kernel.org/stable/c/0c4a89f4690478969729c7ba5f69d53d8516aa12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6a6baa1ee7a9df33adbf932305053520b9741b35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9e8742cdfc4b0e65266bb4a901a19462bda9285e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

6
CVE-2024/CVE-2024-359xx/CVE-2024-35965.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35965",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:11.520",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-10-10T12:15:03.867",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -17,6 +17,10 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

8
CVE-2024/CVE-2024-35xx/CVE-2024-3506.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3506",
"sourceIdentifier": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"published": "2024-10-08T10:15:04.417",
"lastModified": "2024-10-08T10:15:04.417",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions."
},
{
"lang": "es",
"value": "Un posible desbordamiento de b\u00fafer en los controladores de c\u00e1maras seleccionadas de XProtect Device Pack puede permitir que un atacante con acceso a la red interna ejecute comandos en el servidor de grabaci\u00f3n bajo condiciones estrictas."
}
],
"metrics": {

25
CVE-2024/CVE-2024-360xx/CVE-2024-36051.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-36051",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-10T13:15:14.187",
"lastModified": "2024-10-10T13:15:14.187",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In btcd before 0.24.2, removeOpcodeByData mishandles the consensus rules for legacy signature verification. There can be a standard transaction that would be considered valid by Bitcoin Core but invalid by btcd."
}
],
"metrics": {},
"references": [
{
"url": "https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/btcsuite/btcd/releases/tag/v0.24.2",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-364xx/CVE-2024-36478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36478",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T11:15:10.360",
"lastModified": "2024-09-09T13:30:12.647",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-10T12:15:03.947",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -84,6 +84,10 @@
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aaadb755f2d684f715a6eb85cb7243aa0c67dfa9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

4
CVE-2024/CVE-2024-368xx/CVE-2024-36814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36814",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-08T19:15:13.753",
"lastModified": "2024-10-09T20:35:24.090",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

10
CVE-2024/CVE-2024-369xx/CVE-2024-36917.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36917",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-30T16:15:15.050",
"lastModified": "2024-05-30T18:18:58.870",
"lastModified": "2024-10-10T12:15:04.060",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -17,6 +17,10 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
@ -25,6 +29,10 @@
"url": "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

6
CVE-2024/CVE-2024-369xx/CVE-2024-36936.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36936",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-30T16:15:16.713",
"lastModified": "2024-05-30T18:18:58.870",
"lastModified": "2024-10-10T12:15:04.153",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -24,6 +24,10 @@
{
"url": "https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e115c1b5de55a105c75aba8eb08301c075fa4ef4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

7
CVE-2024/CVE-2024-369xx/CVE-2024-36996.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36996",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-07-01T17:15:08.917",
"lastModified": "2024-08-02T14:47:12.667",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-10T12:30:29.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -112,8 +112,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.2312",
"versionEndExcluding": "9.1.2312.109",
"matchCriteriaId": "9E9D55D4-74F4-4499-BAF7-2BF2AD8DEE29"
"matchCriteriaId": "F2E66C0D-BD3A-46CE-9578-068401F094C0"
}
]
}

8
CVE-2024/CVE-2024-36xx/CVE-2024-3656.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3656",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-09T19:15:13.547",
"lastModified": "2024-10-10T07:15:02.927",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Keycloak. Ciertos endpoints en la API REST de administraci\u00f3n de Keycloak permiten que usuarios con pocos privilegios accedan a funcionalidades administrativas. Esta falla permite que los usuarios realicen acciones reservadas para administradores, lo que puede provocar violaciones de datos o comprometer el sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-371xx/CVE-2024-37179.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37179",
"sourceIdentifier": "cna@sap.com",
"published": "2024-10-08T04:15:06.600",
"lastModified": "2024-10-08T04:15:06.600",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application."
},
{
"lang": "es",
"value": "SAP BusinessObjects Business Intelligence Platform permite que un usuario autenticado env\u00ede una solicitud especialmente manipulada al servidor de informes Web Intelligence para descargar cualquier archivo de la m\u00e1quina que aloja el servicio, lo que provoca un alto impacto en la confidencialidad de la aplicaci\u00f3n."
}
],
"metrics": {

14
CVE-2024/CVE-2024-375xx/CVE-2024-37547.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37547",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-06T15:15:10.500",
"lastModified": "2024-07-19T11:15:02.250",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-10T12:37:34.043",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -22,19 +22,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{

8
CVE-2024/CVE-2024-379xx/CVE-2024-37976.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37976",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:05.913",
"lastModified": "2024-10-08T18:15:05.913",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de la interfaz de firmware extensible de reanudaci\u00f3n de Windows"
}
],
"metrics": {

8
CVE-2024/CVE-2024-379xx/CVE-2024-37979.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37979",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:06.117",
"lastModified": "2024-10-08T18:15:06.117",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el kernel de Windows"
}
],
"metrics": {

8
CVE-2024/CVE-2024-379xx/CVE-2024-37982.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37982",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:06.313",
"lastModified": "2024-10-08T18:15:06.313",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de la interfaz de firmware extensible de reanudaci\u00f3n de Windows"
}
],
"metrics": {

8
CVE-2024/CVE-2024-379xx/CVE-2024-37983.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37983",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:06.520",
"lastModified": "2024-10-08T18:15:06.520",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de la interfaz de firmware extensible de reanudaci\u00f3n de Windows"
}
],
"metrics": {

8
CVE-2024/CVE-2024-380xx/CVE-2024-38029.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38029",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:06.730",
"lastModified": "2024-10-08T18:15:06.730",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft OpenSSH for Windows Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft OpenSSH para Windows"
}
],
"metrics": {

21
CVE-2024/CVE-2024-380xx/CVE-2024-38085.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38085",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:44.080",
"lastModified": "2024-07-12T15:46:00.290",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-10T12:39:30.667",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -113,23 +113,18 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "29AB4D70-37A2-4A7E-9326-79E2EF762B02"
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,

8
CVE-2024/CVE-2024-380xx/CVE-2024-38097.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38097",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:06.933",
"lastModified": "2024-10-08T18:15:06.933",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Monitor Agent Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del agente de Azure Monitor"
}
],
"metrics": {

8
CVE-2024/CVE-2024-381xx/CVE-2024-38124.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38124",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:07.127",
"lastModified": "2024-10-08T18:15:07.127",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Netlogon Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Netlogon"
}
],
"metrics": {

8
CVE-2024/CVE-2024-381xx/CVE-2024-38129.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38129",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:07.323",
"lastModified": "2024-10-08T18:15:07.323",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kerberos Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Kerberos de Windows"
}
],
"metrics": {

8
CVE-2024/CVE-2024-381xx/CVE-2024-38149.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38149",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:07.517",
"lastModified": "2024-10-08T18:15:07.517",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BranchCache Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en BranchCache"
}
],
"metrics": {

8
CVE-2024/CVE-2024-381xx/CVE-2024-38179.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38179",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:07.717",
"lastModified": "2024-10-08T18:15:07.717",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en la infraestructura hiperconvergente (HCI) de Azure Stack"
}
],
"metrics": {

8
CVE-2024/CVE-2024-382xx/CVE-2024-38212.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38212",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:07.940",
"lastModified": "2024-10-08T18:15:07.940",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-382xx/CVE-2024-38229.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38229",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:08.153",
"lastModified": "2024-10-08T18:15:08.153",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en .NET y Visual Studio"
}
],
"metrics": {

8
CVE-2024/CVE-2024-382xx/CVE-2024-38261.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38261",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:08.367",
"lastModified": "2024-10-08T18:15:08.367",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-382xx/CVE-2024-38262.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38262",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:08.593",
"lastModified": "2024-10-08T18:15:08.593",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el servicio de licencias de escritorio remoto de Windows"
}
],
"metrics": {

8
CVE-2024/CVE-2024-382xx/CVE-2024-38265.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38265",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:08.797",
"lastModified": "2024-10-08T18:15:08.797",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"metrics": {

6
CVE-2024/CVE-2024-385xx/CVE-2024-38594.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38594",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:19.467",
"lastModified": "2024-06-20T12:44:01.637",
"lastModified": "2024-10-10T12:15:04.243",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -28,6 +28,10 @@
{
"url": "https://git.kernel.org/stable/c/6f476aff2d8da1a189621c4c16a76a6c534e4312",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b538fefeb1026aad9dcdcbb410c42b56dff8aae9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2024/CVE-2024-388xx/CVE-2024-38815.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38815",
"sourceIdentifier": "security@vmware.com",
"published": "2024-10-09T20:15:07.820",
"lastModified": "2024-10-09T20:15:07.820",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX contains a content spoofing vulnerability.\u00a0\n\nAn unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure."
},
{
"lang": "es",
"value": "VMware NSX contiene una vulnerabilidad de suplantaci\u00f3n de contenido. Un actor malintencionado no autenticado podr\u00eda manipular una URL y redirigir a una v\u00edctima a un dominio controlado por un atacante, lo que dar\u00eda lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial."
}
],
"metrics": {

4
CVE-2024/CVE-2024-388xx/CVE-2024-38817.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38817",
"sourceIdentifier": "security@vmware.com",
"published": "2024-10-09T20:15:08.037",
"lastModified": "2024-10-10T08:15:03.443",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-388xx/CVE-2024-38818.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38818",
"sourceIdentifier": "security@vmware.com",
"published": "2024-10-09T20:15:08.230",
"lastModified": "2024-10-09T20:15:08.230",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX contains a local privilege escalation vulnerability.\u00a0\n\nAn authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned."
},
{
"lang": "es",
"value": "VMware NSX contiene una vulnerabilidad de escalada de privilegios locales. Un actor malintencionado autenticado puede aprovechar esta vulnerabilidad para obtener permisos de un rol de grupo distinto al asignado anteriormente."
}
],
"metrics": {

8
CVE-2024/CVE-2024-392xx/CVE-2024-39210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39210",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T16:15:05.230",
"lastModified": "2024-07-09T16:22:51.927",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-10T12:35:11.213",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -90,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:best_house_rental_management_system_project:best_house_rental_management_system:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:mayurik:best_house_rental_management_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "ED30A65B-91AB-4AE5-9563-D9B2DEA6AF5D"
"matchCriteriaId": "E9460139-A7EA-4030-BEB5-135791FD01BF"
}
]
}

8
CVE-2024/CVE-2024-394xx/CVE-2024-39436.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39436",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-10-09T07:15:06.550",
"lastModified": "2024-10-09T07:15:06.550",
"vulnStatus": "Received",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed."
},
{
"lang": "es",
"value": "En el servicio linkturbonative, es posible que se produzca una inyecci\u00f3n de comandos debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios, con la necesidad de permisos de ejecuci\u00f3n de System."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More