admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-15T14:00:18.334586+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-15 14:03:11 +00:00
parent 44561015a0
commit 352cdbc7af
109 changed files with 972 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2023/CVE-2023-393xx/CVE-2023-39327.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-39327",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-07-13T03:15:09.347",
"lastModified": "2024-07-13T03:15:09.347",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en OpenJPEG. Las im\u00e1genes creadas maliciosamente pueden hacer que el programa entre en un bucle grande e imprima continuamente mensajes de advertencia en el terminal."
}
],
"metrics": {

8
CVE-2023/CVE-2023-393xx/CVE-2023-39329.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-39329",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-07-13T03:15:09.597",
"lastModified": "2024-07-13T03:15:09.597",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en OpenJPEG. Puede ocurrir un agotamiento de recursos en la funci\u00f3n opj_t1_decode_cblks en tcd.c a trav\u00e9s de un archivo de imagen manipulado, provocando una denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2023/CVE-2023-410xx/CVE-2023-41093.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-41093",
"sourceIdentifier": "product-security@silabs.com",
"published": "2024-07-12T20:15:02.380",
"lastModified": "2024-07-12T20:15:02.380",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de Use After Free en el SDK Bluetooth de Silicon Labs en 32 bits, ARM puede permitir que un atacante con capacidades de sincronizaci\u00f3n precisa intercepte una peque\u00f1a cantidad de paquetes destinados a un destinatario que ha abandonado la red. Este problema afecta al SDK Bluetooth de Silabs: hasta 8.0.0."
}
],
"metrics": {

4
CVE-2023/CVE-2023-419xx/CVE-2023-41916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41916",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-15T08:15:02.107",
"lastModified": "2024-07-15T08:15:02.107",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-468xx/CVE-2023-46801.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46801",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-15T08:15:02.253",
"lastModified": "2024-07-15T08:15:02.253",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-495xx/CVE-2023-49566.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49566",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-15T08:15:02.367",
"lastModified": "2024-07-15T08:15:02.367",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-528xx/CVE-2023-52885.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52885",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-14T08:15:01.823",
"lastModified": "2024-07-14T08:15:01.823",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n Read of size 8 at addr ffff888139d96228 by task nc/102553\n CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n Call Trace:\n <IRQ>\n dump_stack_lvl+0x33/0x50\n print_address_description.constprop.0+0x27/0x310\n print_report+0x3e/0x70\n kasan_report+0xae/0xe0\n svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n tcp_data_queue+0x9f4/0x20e0\n tcp_rcv_established+0x666/0x1f60\n tcp_v4_do_rcv+0x51c/0x850\n tcp_v4_rcv+0x23fc/0x2e80\n ip_protocol_deliver_rcu+0x62/0x300\n ip_local_deliver_finish+0x267/0x350\n ip_local_deliver+0x18b/0x2d0\n ip_rcv+0x2fb/0x370\n __netif_receive_skb_one_core+0x166/0x1b0\n process_backlog+0x24c/0x5e0\n __napi_poll+0xa2/0x500\n net_rx_action+0x854/0xc90\n __do_softirq+0x1bb/0x5de\n do_softirq+0xcb/0x100\n </IRQ>\n <TASK>\n ...\n </TASK>\n\n Allocated by task 102371:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x7b/0x90\n svc_setup_socket+0x52/0x4f0 [sunrpc]\n svc_addsock+0x20d/0x400 [sunrpc]\n __write_ports_addfd+0x209/0x390 [nfsd]\n write_ports+0x239/0x2c0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n Freed by task 102551:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x50\n __kasan_slab_free+0x106/0x190\n __kmem_cache_free+0x133/0x270\n svc_xprt_free+0x1e2/0x350 [sunrpc]\n svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n nfsd_put+0x125/0x240 [nfsd]\n nfsd_svc+0x2cb/0x3c0 [nfsd]\n write_threads+0x1ac/0x2a0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: SUNRPC: corrige UAF en svc_tcp_listen_data_ready() Despu\u00e9s de que se libera el oyente svc_sock, y antes de invocar svc_tcp_accept() para el calcet\u00edn secundario establecido, hay una ventana que indica que el newsock retiene un oyente liberado. svc_sock en sk_user_data que clona desde el padre. En la ventana de ejecuci\u00f3n, si se reciben datos en el newsock, observaremos el informe de use-after-free en svc_tcp_listen_data_ready(). Reproducir mediante dos tareas: 1. while:; hacer rpc.nfsd 0; rpc.nfsd; hecho 2. mientras:; hacer eco \"\" | ncat -4 127.0.0.1 2049; Informe KASAN hecho: ================================================= ==================== ERROR: KASAN: slab-use-after-free en svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888139d96228 por tarea nc /102553 CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18 Nombre de hardware: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/11/2020 Seguimiento de llamadas: dump_stack_lvl+ 0x33/0x50 print_address_description.constprop.0+0x27/0x310 print_report+0x3e/0x70 kasan_report+0xae/0xe0 svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc] tcp_data_queue+0x9f4/0x20e0 tcp_rcv_ establecido+0x666/0x1f60 tcp_v4_do_rcv+0x51c/0x850 tcp_v4_rcv+0x23fc/0x2e80 ip_protocol_deliver_rcu+0x62/0x300 ip_local_deliver_finish+0x267/0x350 ip_local_deliver+0x18b/0x2d0 ip_rcv+0x2fb/0x370 __netif_receive_skb_one_core+0x166/0x1b0 Process_backlog+0x24c/0x5e 0 __napi_poll+0xa2/0x500 net_rx_action+0x854/0xc90 __do_softirq+0x1bb/0x5de do_softirq+0xcb/0x100 ... Asignado por la tarea 102371: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x7b/0x90 svc_setup_socket+0x52/0x4f0 [sunrpc] 0x400 [sunrpc] __write_ports_addfd+0x209/0x390 [nfsd] write_ports+0x239/0x2c0 [nfsd] nfsctl_transaction_write+0xac/0x110 [nfsd] vfs_write+0x1c3/0xae0 ksys_write+0xed/0x1c0 do_syscall_64+0x3 8/0x90 Entry_SYSCALL_64_after_hwframe+0x72/0xdc Liberado por la tarea 102551: kasan_save_stack +0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x50 __kasan_slab_free+0x106/0x190 __kmem_cache_free+0x133/0x270 svc_xprt_free+0x1e2/0x350 [sunrpc] _destroy_all+0x25a/0x440 [sunrpc] nfsd_put+0x125/0x240 [nfsd] nfsd_svc+ 0x2cb/0x3c0 [nfsd] write_threads+0x1ac/0x2a0 [nfsd] nfsctl_transaction_write+0xac/0x110 [nfsd] vfs_write+0x1c3/0xae0 ksys_write+0xed/0x1c0 do_syscall_64+0x38/0x90 entrada_SYSCALL_ 64_after_hwframe+0x72/0xdc Arregle el UAF simplemente sin hacer nada en svc_tcp_listen_data_ready() si state!= TCP_LISTEN, eso evitar\u00e1 desreferenciar svsk para todos los sockets secundarios."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-215xx/CVE-2024-21513.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21513",
"sourceIdentifier": "report@snyk.io",
"published": "2024-07-15T05:15:01.857",
"lastModified": "2024-07-15T05:15:01.857",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-237xx/CVE-2024-23794.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23794",
"sourceIdentifier": "security@otrs.com",
"published": "2024-07-15T08:15:02.470",
"lastModified": "2024-07-15T11:15:02.117",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-28xx/CVE-2024-2870.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2870",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:02.310",
"lastModified": "2024-07-13T06:15:02.310",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento socialdriver-framework de WordPress anterior al 30.04.2024 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-302xx/CVE-2024-30213.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30213",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-12T23:15:09.927",
"lastModified": "2024-07-12T23:15:09.927",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution."
},
{
"lang": "es",
"value": "StoneFly Storage Concentrator (SC y SCVM) anterior a 8.0.4.26 permite a los usuarios autenticados remotamente lograr la inyecci\u00f3n de comandos a trav\u00e9s de una URL de ping, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-30xx/CVE-2024-3026.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3026",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:02.547",
"lastModified": "2024-07-13T06:15:02.547",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento WordPress Button Plugin MaxButtons de WordPress anterior a 9.7.8 no sanitiza ni escapa a algunos par\u00e1metros, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como el de editor realizar ataques de cross-site scripting"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-319xx/CVE-2024-31947.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31947",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-12T23:15:10.000",
"lastModified": "2024-07-12T23:15:10.000",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information."
},
{
"lang": "es",
"value": "StoneFly Storage Concentrator (SC y SCVM) anterior a 8.0.4.26 permite el Directory Traversal por parte de usuarios autenticados. El uso de un par\u00e1metro de ruta manipulado con la funci\u00f3n de ayuda en l\u00ednea puede exponer informaci\u00f3n confidencial del sistema."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-329xx/CVE-2024-32945.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32945",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-07-15T09:15:02.260",
"lastModified": "2024-07-15T09:15:02.260",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-36xx/CVE-2024-3632.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3632",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:02.617",
"lastModified": "2024-07-13T06:15:02.617",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento Smart Image Gallery de WordPress anterior a 1.0.19 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-37xx/CVE-2024-3710.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3710",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:02.700",
"lastModified": "2024-07-13T06:15:02.700",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento Image Photo Gallery Final Tiles Grid de WordPress anterior a 3.6.0 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de devolverlos a la p\u00e1gina, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de Cross-Site Scripting Almacenado. que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-37xx/CVE-2024-3751.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3751",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:02.773",
"lastModified": "2024-07-13T06:15:02.773",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Seriously Simple Podcasting de WordPress anterior a 3.3.0 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-37xx/CVE-2024-3753.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3753",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:02.840",
"lastModified": "2024-07-13T06:15:02.840",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento Hostel WordPress anterior a 1.1.5.3 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-397xx/CVE-2024-39728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39728",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-15T02:15:05.440",
"lastModified": "2024-07-15T02:15:05.440",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39729.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39729",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-15T03:15:02.043",
"lastModified": "2024-07-15T03:15:02.043",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39731",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-15T02:15:05.670",
"lastModified": "2024-07-15T02:15:05.670",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-397xx/CVE-2024-39732.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39732",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-14T13:15:20.433",
"lastModified": "2024-07-14T13:15:20.433",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 almacena temporalmente datos de diferentes entornos que podr\u00eda obtener un usuario malintencionado. ID de IBM X-Force: 295791."
}
],
"metrics": {

8
CVE-2024/CVE-2024-397xx/CVE-2024-39733.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39733",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-14T13:15:21.490",
"lastModified": "2024-07-14T13:15:21.490",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 almacena las credenciales de usuario en texto plano que puede ser le\u00eddo por un usuario local. ID de IBM X-Force: 295972."
}
],
"metrics": {

8
CVE-2024/CVE-2024-397xx/CVE-2024-39734.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39734",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-14T13:15:21.860",
"lastModified": "2024-07-14T13:15:21.860",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 no establece el atributo seguro en se\u00f1ales de autorizaci\u00f3n o cookies de sesi\u00f3n. Los atacantes pueden obtener los valores de las cookies enviando un enlace http:// a un usuario o colocando este enlace en un sitio al que accede el usuario. La cookie se enviar\u00e1 al enlace inseguro y el atacante podr\u00e1 obtener el valor de la cookie espiando el tr\u00e1fico. ID de IBM X-Force: 296001."
}
],
"metrics": {

4
CVE-2024/CVE-2024-397xx/CVE-2024-39735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39735",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-15T03:15:02.307",
"lastModified": "2024-07-15T03:15:02.307",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39736",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-15T02:15:05.947",
"lastModified": "2024-07-15T02:15:05.947",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39737",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-15T02:15:06.173",
"lastModified": "2024-07-15T02:15:06.173",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39739.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39739",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-15T02:15:06.417",
"lastModified": "2024-07-15T02:15:06.417",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39740.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39740",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-15T03:15:02.557",
"lastModified": "2024-07-15T03:15:02.557",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39741",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-15T03:15:02.793",
"lastModified": "2024-07-15T03:15:02.793",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39767",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-07-15T09:15:02.573",
"lastModified": "2024-07-15T09:15:02.573",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-39xx/CVE-2024-3919.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3919",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:02.900",
"lastModified": "2024-07-13T06:15:02.900",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento OpenPGP Form Encryption para WordPress anterior a 1.5.1 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el shortcode, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-39xx/CVE-2024-3963.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3963",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:02.967",
"lastModified": "2024-07-13T06:15:02.967",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento Giveaways and Contests by RafflePress de WordPress anterior a la versi\u00f3n 1.12.14 no sanitiza ni escapa a algunos par\u00e1metros, lo que podr\u00eda permitir a los usuarios con una funci\u00f3n tan baja como la de editor realizar ataques de cross-site scripting"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-39xx/CVE-2024-3964.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3964",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.030",
"lastModified": "2024-07-13T06:15:03.030",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Product Inquiry for WooCommerce WordPress anterior a 3.1.8 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-410xx/CVE-2024-41007.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41007",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-15T09:15:02.803",
"lastModified": "2024-07-15T09:15:02.803",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-42xx/CVE-2024-4217.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4217",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.097",
"lastModified": "2024-07-13T06:15:03.097",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks."
},
{
"lang": "es",
"value": "El complemento shortcodes-ultimate-pro de WordPress anterior a 7.1.5 no escapa adecuadamente a algunas de las configuraciones de sus c\u00f3digos cortos, lo que hace posible que los atacantes con una cuenta de Contributor realicen ataques XSS almacenados."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-42xx/CVE-2024-4269.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4269",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.170",
"lastModified": "2024-07-13T06:15:03.170",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks."
},
{
"lang": "es",
"value": "El complemento SVG Block WordPress anterior a la versi\u00f3n 1.1.20 no sanitiza el contenido del archivo SVG, lo que permite a los usuarios con al menos el rol de autor de SVG con JavaScript malicioso realizar ataques XSS almacenados."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-42xx/CVE-2024-4272.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4272",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.230",
"lastModified": "2024-07-13T06:15:03.230",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks."
},
{
"lang": "es",
"value": "El complemento Support SVG WordPress anterior a 1.1.0 no sanitiza el contenido del archivo SVG, lo que permite a los usuarios con al menos el rol de autor de SVG con JavaScript malicioso realizar ataques XSS almacenados."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-46xx/CVE-2024-4602.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4602",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.297",
"lastModified": "2024-07-13T06:15:03.297",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Embed Peertube Playlist de WordPress anterior a 1.10 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-47xx/CVE-2024-4752.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4752",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.370",
"lastModified": "2024-07-13T06:15:03.370",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento EventON WordPress anterior a 2.2.15 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-49xx/CVE-2024-4977.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4977",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.440",
"lastModified": "2024-07-13T06:15:03.440",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento Index WP MySQL For Speed WordPress anterior a 1.4.18 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5002.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5002",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.500",
"lastModified": "2024-07-13T06:15:03.500",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento User Submitted Posts de WordPress anterior a 20240516 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5028.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5028",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.563",
"lastModified": "2024-07-13T06:15:03.563",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento CM WordPress Search And Replace de WordPress anterior a 1.3.9 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5032.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5032",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.633",
"lastModified": "2024-07-13T06:15:03.633",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento SULly WordPress anterior a 4.3.1 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5033.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5033",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.707",
"lastModified": "2024-07-13T06:15:03.707",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento SULly WordPress anterior a 4.3.1 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador registrado agregue payloads XSS Almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5034.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5034",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.780",
"lastModified": "2024-07-13T06:15:03.780",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento SULly WordPress anterior a 4.3.1 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5074.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5074",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.840",
"lastModified": "2024-07-13T06:15:03.840",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento wp-eMember de WordPress anterior a 10.6.6 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5075.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5075",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.910",
"lastModified": "2024-07-13T06:15:03.910",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento wp-eMember de WordPress anterior a 10.6.6 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5076.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5076",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:03.970",
"lastModified": "2024-07-13T06:15:03.970",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento wp-eMember de WordPress anterior a 10.6.6 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5077.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5077",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.033",
"lastModified": "2024-07-13T06:15:04.033",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento wp-eMember de WordPress anterior a 10.6.6 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador registrado agregue payloads XSS Almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5079.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5079",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.097",
"lastModified": "2024-07-13T06:15:04.097",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento wp-eMember de WordPress anterior a 10.6.7 no sanitiza ni escapa de algunos de los campos cuando los miembros se registran, lo que permite a usuarios no autenticados realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5080.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5080",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.163",
"lastModified": "2024-07-13T06:15:04.163",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server"
},
{
"lang": "es",
"value": "El complemento wp-eMember de WordPress anterior a 10.6.6 no valida los archivos que se cargar\u00e1n, lo que podr\u00eda permitir a los administradores cargar archivos arbitrarios como PHP en el servidor."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-51xx/CVE-2024-5151.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5151",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.237",
"lastModified": "2024-07-13T06:15:04.237",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento SULly WordPress anterior a 4.3.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-51xx/CVE-2024-5167.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5167",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.303",
"lastModified": "2024-07-13T06:15:04.303",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento CM Email Registration Blacklist y Whitelist de WordPress anterior a 1.4.9 no tiene verificaci\u00f3n CSRF al agregar o eliminar un elemento de la lista negra o blanca, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n agregue o elimine configuraciones de la lista negra o del men\u00fa de la lista blanca a trav\u00e9s de un ataque CSRF"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-52xx/CVE-2024-5280.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5280",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.360",
"lastModified": "2024-07-13T06:15:04.360",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento wp-affiliate-platform de WordPress anterior a 6.5.1 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que no han iniciado sesi\u00f3n ejecuten un payload XSS a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-52xx/CVE-2024-5281.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5281",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.430",
"lastModified": "2024-07-13T06:15:04.430",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento wp-affiliate-platform de WordPress anterior a 6.5.1 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-52xx/CVE-2024-5282.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5282",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.490",
"lastModified": "2024-07-13T06:15:04.490",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento wp-affiliate-platform de WordPress anterior a 6.5.1 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-52xx/CVE-2024-5283.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5283",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.553",
"lastModified": "2024-07-13T06:15:04.553",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento wp-affiliate-platform de WordPress anterior a 6.5.1 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-52xx/CVE-2024-5284.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5284",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.617",
"lastModified": "2024-07-13T06:15:04.617",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento wp-affiliate-platform de WordPress anterior a 6.5.1 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS Almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-52xx/CVE-2024-5286.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5286",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.700",
"lastModified": "2024-07-13T06:15:04.700",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento wp-affiliate-platform de WordPress anterior a 6.5.1 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-52xx/CVE-2024-5287.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5287",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.780",
"lastModified": "2024-07-13T06:15:04.780",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento wp-affiliate-platform de WordPress anterior a 6.5.1 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un usuario que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {},

100
CVE-2024/CVE-2024-54xx/CVE-2024-5402.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-5402",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-07-15T12:15:02.340",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Search Path or Element vulnerability in ABB Mint Workbench.\n\n\n\nA local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.\n\n\nThis issue affects Mint Workbench I versions: from 5866 before 5868."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NEGLIGIBLE",
"automatable": "YES",
"recovery": "USER",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "LOW",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@ch.abb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
}
],
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7912&LanguageCode=en&DocumentPartId=1&Action=Launch",
"source": "cybersecurity@ch.abb.com"
}
]
}

50
CVE-2024/CVE-2024-54xx/CVE-2024-5441.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5441",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-09T06:15:02.710",
"lastModified": "2024-07-09T18:19:14.047",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-15T13:39:20.267",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webnus:modern_events_calendar:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.12.0",
"matchCriteriaId": "191305A7-4F88-454B-A028-94A4B556FF06"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.5.6",
"matchCriteriaId": "0063DAEA-0705-460D-97F5-E896290E08F4"
}
]
}
]
}
],
"references": [
{
"url": "https://webnus.net/modern-events-calendar/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c007090-9d9b-4ee7-8f77-91abd4373051?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-54xx/CVE-2024-5442.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5442",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.847",
"lastModified": "2024-07-13T06:15:04.847",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento Photo Gallery, Sliders, Proofing y WordPress anterior a 3.59.3 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo en configuraci\u00f3n multisitio)."
}
],
"metrics": {},

60
CVE-2024/CVE-2024-54xx/CVE-2024-5444.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5444",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-11T06:15:02.830",
"lastModified": "2024-07-12T16:12:04.690",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-15T13:41:20.447",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,10 +59,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bible_text_project:bible_text:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.2",
"matchCriteriaId": "07BE072F-846A-49D1-ABAE-D72BA59AEB87"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/21eddf64-c71e-4aba-b1e9-fe67b4ddfb30/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-54xx/CVE-2024-5450.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5450",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:04.927",
"lastModified": "2024-07-13T06:15:04.927",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files"
},
{
"lang": "es",
"value": "El complemento Bug Library de WordPress anterior a 2.1.1 no verifica el tipo de archivo en los informes de errores enviados por los usuarios, lo que permite a un usuario no autenticado cargar archivos PHP."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-54xx/CVE-2024-5472.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5472",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:05.000",
"lastModified": "2024-07-13T06:15:05.000",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento WP QuickLaTeX WordPress anterior a 3.8.7 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-55xx/CVE-2024-5575.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5575",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:05.070",
"lastModified": "2024-07-13T06:15:05.070",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": "El complemento Ditty WordPress anterior a la versi\u00f3n 3.1.43 no sanitiza ni escapa a algunas de las configuraciones de sus bloques, lo que podr\u00eda permitir a usuarios con altos privilegios, como autores, realizar ataques de cross-site scripting incluso cuando unfiltered_html no est\u00e1 permitido."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-56xx/CVE-2024-5627.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5627",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:05.170",
"lastModified": "2024-07-13T06:15:05.170",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento Tournamatch de WordPress anterior a 4.6.1 no sanitiza ni escapa a algunos par\u00e1metros, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como el de suscriptor realizar ataques de cross-site scripting."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-56xx/CVE-2024-5630.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5630",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:01.827",
"lastModified": "2024-07-15T06:15:01.827",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites."
},
{
"lang": "es",
"value": "El complemento Insert or Embed Articulate Content into de WordPress anterior a 4.3000000024 no impide que los autores carguen archivos arbitrarios al sitio, lo que puede permitirles cargar shells PHP en los sitios afectados."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-56xx/CVE-2024-5644.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5644",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:05.243",
"lastModified": "2024-07-13T06:15:05.243",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Tournamatch de WordPress anterior a 4.6.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-57xx/CVE-2024-5713.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5713",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:05.313",
"lastModified": "2024-07-13T06:15:05.313",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers"
},
{
"lang": "es",
"value": "El complemento If-So Dynamic Content Personalization de WordPress anterior a 1.8.0.4 no escapa del par\u00e1metro $_SERVER['REQUEST_URI'] antes de devolverlo en un atributo, lo que podr\u00eda generar cross-site scripting reflejado en navegadores web antiguos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-57xx/CVE-2024-5715.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5715",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:05.393",
"lastModified": "2024-07-13T06:15:05.393",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento de WordPress wp-eMember anterior a 10.6.7 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-57xx/CVE-2024-5744.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5744",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:05.457",
"lastModified": "2024-07-13T06:15:05.457",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers"
},
{
"lang": "es",
"value": "El complemento wp-eMember anterior de WordPress a 10.6.7 no escapa del par\u00e1metro $_SERVER['REQUEST_URI'] antes de devolverlo en un atributo, lo que podr\u00eda generar cross-site scripting reflejado en navegadores web antiguos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-59xx/CVE-2024-5902.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5902",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-12T22:15:02.437",
"lastModified": "2024-07-12T22:15:02.437",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in feedback form responses that will execute whenever a high-privileged user tries to view them."
},
{
"lang": "es",
"value": "El complemento User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro de nombre en todas las versiones hasta la 1.0.15 incluida debido a una sanitizaci\u00f3n de entrada y salida de escape insuficiente. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en respuestas de formularios de comentarios que se ejecutar\u00e1n cada vez que un usuario con altos privilegios intente verlos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-60xx/CVE-2024-6070.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6070",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:05.520",
"lastModified": "2024-07-13T06:15:05.520",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento If-So Dynamic Content Personalization de WordPress anterior a 1.8.0.4 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo en configuraci\u00f3n multisitio)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-60xx/CVE-2024-6072.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6072",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.007",
"lastModified": "2024-07-15T06:15:02.007",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers"
},
{
"lang": "es",
"value": "El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no escapa del par\u00e1metro $_SERVER['REQUEST_URI'] antes de devolverlo en un atributo, lo que podr\u00eda generar cross-site scripting reflejado en navegadores web antiguos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-60xx/CVE-2024-6073.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6073",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.090",
"lastModified": "2024-07-15T06:15:02.090",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-60xx/CVE-2024-6074.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6074",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.170",
"lastModified": "2024-07-15T06:15:02.170",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-60xx/CVE-2024-6075.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6075",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.260",
"lastModified": "2024-07-15T06:15:02.260",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-60xx/CVE-2024-6076.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6076",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.340",
"lastModified": "2024-07-15T06:15:02.340",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-62xx/CVE-2024-6289.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6289",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.413",
"lastModified": "2024-07-15T06:15:02.413",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page."
},
{
"lang": "es",
"value": "El complemento WPS Hide Login WordPress anterior a 1.9.16.4 no impide las redirecciones a la p\u00e1gina de inicio de sesi\u00f3n a trav\u00e9s de la funci\u00f3n auth_redirect de WordPress, lo que permite que un visitante no autenticado acceda a la p\u00e1gina de inicio de sesi\u00f3n oculta."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-63xx/CVE-2024-6345.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6345",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-07-15T01:15:01.730",
"lastModified": "2024-07-15T01:15:01.730",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-63xx/CVE-2024-6398.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6398",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2024-07-15T09:15:02.870",
"lastModified": "2024-07-15T09:15:02.870",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-64xx/CVE-2024-6465.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6465",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-13T12:15:10.797",
"lastModified": "2024-07-13T12:15:10.797",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplf_ajax_update_screenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to regenerate the link's thumbnail image."
},
{
"lang": "es",
"value": "El complemento WP Links Page para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'wplf_ajax_update_screenshots' en todas las versiones hasta la 4.9.5 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de suscriptor y superior, regeneren la imagen en miniatura del enlace."
}
],
"metrics": {

4
CVE-2024/CVE-2024-65xx/CVE-2024-6540.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6540",
"sourceIdentifier": "security@otrs.com",
"published": "2024-07-15T08:15:02.743",
"lastModified": "2024-07-15T11:15:02.370",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-65xx/CVE-2024-6574.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6574",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-13T06:15:05.587",
"lastModified": "2024-07-13T06:15:05.587",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. This is due to the plugin not preventing direct access to several test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. This plugin is no longer being maintained and has been closed for downloads."
},
{
"lang": "es",
"value": "El complemento Laposta para WordPress es vulnerable a la divulgaci\u00f3n de ruta completa en todas las versiones hasta la 1.12 incluida. Esto se debe a que el complemento no impide el acceso directo a varios archivos de prueba. Esto hace posible que atacantes no autenticados recuperen la ruta completa de la aplicaci\u00f3n web, que puede usarse para ayudar en otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere que est\u00e9 presente otra vulnerabilidad para da\u00f1ar un sitio web afectado. Este complemento ya no recibe mantenimiento y se ha cerrado para descargas."
}
],
"metrics": {

16
CVE-2024/CVE-2024-67xx/CVE-2024-6721.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2024-6721",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-15T13:15:02.467",
"lastModified": "2024-07-15T13:15:02.467",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: Duplicate"
}
],
"metrics": {},
"references": []
}

8
CVE-2024/CVE-2024-67xx/CVE-2024-6728.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6728",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-14T01:15:01.940",
"lastModified": "2024-07-14T01:15:01.940",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file typeedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271401 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en itsourcecode Tailoring Management System 1.0. Ha sido clasificada como cr\u00edtica. Una parte desconocida del archivo typeedit.php afecta a esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-271401."
}
],
"metrics": {

8
CVE-2024/CVE-2024-67xx/CVE-2024-6729.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6729",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-14T02:15:02.117",
"lastModified": "2024-07-14T02:15:02.117",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271402 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Kortex Lite Advocate Office Management System 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /control/add_act.php. La manipulaci\u00f3n del argumento aname conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-271402 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-67xx/CVE-2024-6730.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6730",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-14T02:15:03.420",
"lastModified": "2024-07-14T02:15:03.420",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271403."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Nanjing Xingyuantu Technology SparkShop hasta 1.1.6. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /api/Common/uploadFile. La manipulaci\u00f3n del archivo de argumentos conduce a una carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-271403."
}
],
"metrics": {

4
CVE-2024/CVE-2024-67xx/CVE-2024-6731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6731",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-14T22:15:02.937",
"lastModified": "2024-07-14T22:15:02.937",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-67xx/CVE-2024-6732.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6732",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-14T23:15:01.973",
"lastModified": "2024-07-14T23:15:01.973",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-67xx/CVE-2024-6733.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6733",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-14T23:15:02.290",
"lastModified": "2024-07-14T23:15:02.290",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-67xx/CVE-2024-6734.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6734",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-15T00:15:01.913",
"lastModified": "2024-07-15T00:15:01.913",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-67xx/CVE-2024-6735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6735",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-15T00:15:02.207",
"lastModified": "2024-07-15T00:15:02.207",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-67xx/CVE-2024-6736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6736",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-15T01:15:02.003",
"lastModified": "2024-07-15T01:15:02.003",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-67xx/CVE-2024-6737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6737",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-07-15T03:15:03.027",
"lastModified": "2024-07-15T03:15:03.027",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-67xx/CVE-2024-6738.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6738",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-07-15T03:15:03.293",
"lastModified": "2024-07-15T03:15:03.293",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-67xx/CVE-2024-6739.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6739",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-07-15T04:15:02.073",
"lastModified": "2024-07-15T04:15:02.073",
"vulnStatus": "Received",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More