admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-30T14:00:19.465883+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-30 14:03:19 +00:00
parent ef08583a8b
commit 36a9e3482b
320 changed files with 3664 additions and 1074 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-461xx/CVE-2023-46175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46175",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-26T14:15:07.247",
"lastModified": "2024-09-26T14:15:07.247",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-221xx/CVE-2024-22170.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-22170",
"sourceIdentifier": "psirt@wdc.com",
"published": "2024-09-27T17:15:12.143",
"lastModified": "2024-09-27T17:15:12.143",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102."
},
{
"lang": "es",
"value": "La vulnerabilidad de restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en Western Digital My Cloud ddns-start en Linux permite b\u00faferes de desbordamiento. Este problema afecta a My Cloud: antes de 5.29.102."
}
],
"metrics": {

8
CVE-2024/CVE-2024-235xx/CVE-2024-23586.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23586",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-09-27T22:15:12.930",
"lastModified": "2024-09-27T22:15:12.930",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Nomad is susceptible to an insufficient session expiration vulnerability. \u00a0 Under certain circumstances, an unauthenticated attacker could obtain old session information."
},
{
"lang": "es",
"value": "HCL Nomad es susceptible a una vulnerabilidad de expiraci\u00f3n de sesi\u00f3n insuficiente. En determinadas circunstancias, un atacante no autenticado podr\u00eda obtener informaci\u00f3n de sesiones antiguas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23923.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23923",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T07:15:02.440",
"lastModified": "2024-09-28T07:15:02.440",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the prh_l2_sar_data_ind function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root.\n\nWas ZDI-CAN-22945"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo Use-After-Free en prh_l2_sar_data_ind de Alpine Halo9. Esta vulnerabilidad permite a los atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los dispositivos Alpine Halo9. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la funci\u00f3n prh_l2_sar_data_ind. El problema es el resultado de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones en el objeto. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-22945"
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23924.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23924",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T07:15:02.790",
"lastModified": "2024-09-28T07:15:02.790",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the UPDM_wemCmdCreatSHA256Hash function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.\n\nWas ZDI-CAN-23105"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo mediante inyecci\u00f3n de comando UPDM_wemCmdCreatSHA256Hash en Alpine Halo9. Esta vulnerabilidad permite a atacantes f\u00edsicamente presentes ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de dispositivos Alpine Halo9. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la funci\u00f3n UPDM_wemCmdCreatSHA256Hash. El problema es el resultado de la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada del sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-23105"
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23935.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23935",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T07:15:02.997",
"lastModified": "2024-09-28T07:15:02.997",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the DecodeUTF7 function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\nWas ZDI-CAN-23249"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila en Alpine Halo9 DecodeUTF7. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en instalaciones afectadas de dispositivos Alpine Halo9. Un atacante primero debe obtener la capacidad de emparejar un dispositivo Bluetooth malicioso con el sistema de destino para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la funci\u00f3n DecodeUTF7. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-23249"
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23938.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23938",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T06:15:02.200",
"lastModified": "2024-09-28T06:15:02.200",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the debug interface. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\nWas ZDI-CAN-23184"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila en la interfaz de depuraci\u00f3n del sistema operativo Gecko de Silicon Labs. Esta vulnerabilidad permite a los atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas del sistema operativo Gecko de Silicon Labs. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la interfaz de depuraci\u00f3n. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del dispositivo. Era ZDI-CAN-23184"
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23957.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23957",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T06:15:02.787",
"lastModified": "2024-09-28T06:15:02.787",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DLB_HostHeartBeat handler of the DLB protocol implementation. When parsing an AES key, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\nWas ZDI-CAN-23241"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila DLB_HostHeartBeat en Autel MaxiCharger AC Elite Business C50. Esta vulnerabilidad permite a los atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de las estaciones de carga Autel MaxiCharger AC Elite Business C50. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro del controlador DLB_HostHeartBeat de la implementaci\u00f3n del protocolo DLB. Al analizar una clave AES, el proceso no valida correctamente la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del dispositivo. Era ZDI-CAN-23241"
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23958.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23958",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T07:15:03.183",
"lastModified": "2024-09-28T07:15:03.183",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system.\n\nWas ZDI-CAN-23196"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n de credenciales codificadas de Autel MaxiCharger AC Elite Business C50 BLE. Esta vulnerabilidad permite a los atacantes adyacentes a la red omitir la autenticaci\u00f3n en las instalaciones afectadas de las estaciones de carga Autel MaxiCharger AC Elite Business C50. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro del controlador de comandos AppAuthenRequest de BLE. El controlador usa credenciales codificadas de forma r\u00edgida como respaldo en caso de que falle una solicitud de autenticaci\u00f3n. Un atacante puede aprovechar esta vulnerabilidad para omitir la autenticaci\u00f3n en el sistema. Era ZDI-CAN-23196"
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23959.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23959",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T07:15:03.367",
"lastModified": "2024-09-28T07:15:03.367",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of the AppChargingControl BLE command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\nWas ZDI-CAN-23194"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila en el BLE AppChargingControl de Autel MaxiCharger AC Elite Business C50. Esta vulnerabilidad permite a los atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de las estaciones de carga Autel MaxiCharger AC Elite Business C50. Aunque se requiere autenticaci\u00f3n para explotar esta vulnerabilidad, se puede omitir el mecanismo de autenticaci\u00f3n existente. La falla espec\u00edfica existe en el manejo del comando AppChargingControl BLE. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del dispositivo. Era ZDI-CAN-23194"
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23960.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23960",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T07:15:03.550",
"lastModified": "2024-09-28T07:15:03.550",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.\n\nWas ZDI-CAN-23102"
},
{
"lang": "es",
"value": "Vulnerabilidad de verificaci\u00f3n incorrecta de firma criptogr\u00e1fica en Alpine Halo9. Esta vulnerabilidad permite a los atacantes f\u00edsicamente presentes eludir el mecanismo de validaci\u00f3n de firma en las instalaciones afectadas de los dispositivos Alpine Halo9. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro del mecanismo de validaci\u00f3n de firma de metadatos del firmware. El problema es el resultado de la falta de verificaci\u00f3n adecuada de una firma criptogr\u00e1fica. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-23102"
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23961.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23961",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T07:15:03.740",
"lastModified": "2024-09-28T07:15:03.740",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the UPDM_wemCmdUpdFSpeDecomp function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.\n\nWas ZDI-CAN-23306"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo mediante inyecci\u00f3n de comando UPDM_wemCmdUpdFSpeDecomp en Alpine Halo9. Esta vulnerabilidad permite a atacantes f\u00edsicamente presentes ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de dispositivos Alpine Halo9. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la funci\u00f3n UPDM_wemCmdUpdFSpeDecomp. El problema es el resultado de la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada del sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-23306"
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23967.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23967",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-28T07:15:03.937",
"lastModified": "2024-09-28T07:15:03.937",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of base64-encoded data within WebSocket messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\nWas ZDI-CAN-23230"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila de Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding. Esta vulnerabilidad permite a los atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los cargadores Autel MaxiCharger AC Elite Business C50. Aunque se requiere autenticaci\u00f3n para explotar esta vulnerabilidad, se puede eludir el mecanismo de autenticaci\u00f3n existente. La falla espec\u00edfica existe en el manejo de datos codificados en base64 dentro de los mensajes WebSocket. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del dispositivo. Era ZDI-CAN-23230"
}
],
"metrics": {

8
CVE-2024/CVE-2024-254xx/CVE-2024-25411.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25411",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T18:15:04.000",
"lastModified": "2024-09-27T20:35:09.620",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) en Flatpress v1.3 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload manipulado e inyectado en el par\u00e1metro de nombre de usuario en setup.php."
}
],
"metrics": {

8
CVE-2024/CVE-2024-254xx/CVE-2024-25412.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25412",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T18:15:04.100",
"lastModified": "2024-09-27T18:15:04.100",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) en Flatpress v1.3 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload especialmente manipulado inyectado en el campo de correo electr\u00f3nico."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-289xx/CVE-2024-28948.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-28948",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-27T18:15:04.197",
"lastModified": "2024-09-27T18:15:04.197",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same \norigin policy, which is designed to prevent different websites from \ninterfering with each other."
},
{
"lang": "es",
"value": "ADAM-5630 de Advantech contiene una vulnerabilidad de cross-site request forgery (CSRF). Permite a un atacante eludir parcialmente la misma pol\u00edtica de origen, que est\u00e1 dise\u00f1ada para evitar que distintos sitios web interfieran entre s\u00ed."
}
],
"metrics": {

4
CVE-2024/CVE-2024-301xx/CVE-2024-30134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30134",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-09-26T15:15:17.427",
"lastModified": "2024-09-26T16:35:22.707",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-318xx/CVE-2024-31899.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31899",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-26T14:15:08.433",
"lastModified": "2024-09-26T14:15:08.433",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-333xx/CVE-2024-33368.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33368",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T19:15:09.830",
"lastModified": "2024-09-27T19:35:38.347",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen"
},
{
"lang": "es",
"value": "Un problema en Plasmoapp RPShare Fabric mod v.1.0.0 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del m\u00e9todo de compilaci\u00f3n en DonwloadPromptScreen"
}
],
"metrics": {

8
CVE-2024/CVE-2024-333xx/CVE-2024-33369.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33369",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T19:15:10.040",
"lastModified": "2024-09-27T19:35:39.847",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask"
},
{
"lang": "es",
"value": "La vulnerabilidad de Directory Traversal en Plasmoapp RPShare Fabric mod v.1.0.0 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del m\u00e9todo getFileNameFromConnection en DownloadTask"
}
],
"metrics": {

8
CVE-2024/CVE-2024-33xx/CVE-2024-3373.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3373",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-09-27T15:15:14.577",
"lastModified": "2024-09-27T15:15:14.577",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.This issue affects Website Template: before 1.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en RSM Design Website Template permite la inyecci\u00f3n SQL. Este problema afecta a Website Template: anterior a 1.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-345xx/CVE-2024-34542.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34542",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-27T18:15:04.453",
"lastModified": "2024-09-27T18:15:04.453",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process."
},
{
"lang": "es",
"value": "Advantech ADAM-5630 comparte credenciales de usuario en texto plano entre el dispositivo y el dispositivo de origen del usuario durante el proceso de inicio de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-36xx/CVE-2024-3635.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3635",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-09-30T06:15:13.623",
"lastModified": "2024-09-30T06:15:13.623",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento Post Grid de WordPress anterior a la versi\u00f3n 7.5.0 no desinfecta ni escapa de algunas de las configuraciones de su cuadr\u00edcula, lo que podr\u00eda permitir que usuarios con privilegios elevados como Editor y superiores realicen ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-371xx/CVE-2024-37125.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37125",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-26T17:15:03.400",
"lastModified": "2024-09-26T17:15:03.400",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-371xx/CVE-2024-37187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37187",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-27T18:15:04.690",
"lastModified": "2024-09-27T18:15:04.690",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "ics-cert@hq.dhs.gov",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding."
},
{
"lang": "es",
"value": "Advantech ADAM-5550 comparte credenciales de usuario con un bajo nivel de cifrado, que consiste en codificaci\u00f3n base 64."
}
],
"metrics": {

8
CVE-2024/CVE-2024-383xx/CVE-2024-38308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38308",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-27T18:15:04.933",
"lastModified": "2024-09-27T18:15:04.933",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "ics-cert@hq.dhs.gov",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "Advantech ADAM 5550's web application includes a \"logs\" page where all \nthe HTTP requests received are displayed to the user. The device doesn't\n correctly neutralize malicious code when parsing HTTP requests to \ngenerate page output."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web de Advantech ADAM 5550 incluye una p\u00e1gina de \"registros\" en la que se muestran al usuario todas las solicitudes HTTP recibidas. El dispositivo no neutraliza correctamente el c\u00f3digo malicioso al analizar las solicitudes HTTP para generar la salida de la p\u00e1gina."
}
],
"metrics": {

8
CVE-2024/CVE-2024-387xx/CVE-2024-38796.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38796",
"sourceIdentifier": "infosec@edk2.groups.io",
"published": "2024-09-27T22:15:13.153",
"lastModified": "2024-09-27T22:15:13.153",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability."
},
{
"lang": "es",
"value": "EDK2 contiene una vulnerabilidad en PeCoffLoaderRelocateImage(). Un atacante puede provocar una corrupci\u00f3n de la memoria debido a un desbordamiento a trav\u00e9s de una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-388xx/CVE-2024-38809.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38809",
"sourceIdentifier": "security@vmware.com",
"published": "2024-09-27T17:15:12.393",
"lastModified": "2024-09-27T20:35:10.383",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Applications that parse ETags from \"If-Match\" or \"If-None-Match\" request headers are vulnerable to DoS attack.\n\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nUsers of older, unsupported versions could enforce a size limit on \"If-Match\" and \"If-None-Match\" headers, e.g. through a Filter."
},
{
"lang": "es",
"value": "Las aplicaciones que analizan ETags de los encabezados de solicitud \"If-Match\" o \"If-None-Match\" son vulnerables a ataques DoS. Los usuarios de las versiones afectadas deben actualizar a la versi\u00f3n corregida correspondiente. Los usuarios de versiones anteriores no compatibles podr\u00edan imponer un l\u00edmite de tama\u00f1o en los encabezados \"If-Match\" y \"If-None-Match\", por ejemplo, a trav\u00e9s de un filtro."
}
],
"metrics": {

4
CVE-2024/CVE-2024-388xx/CVE-2024-38861.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38861",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-09-27T09:15:02.873",
"lastModified": "2024-09-27T09:15:02.873",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-392xx/CVE-2024-39275.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39275",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-27T18:15:05.173",
"lastModified": "2024-09-27T18:15:05.173",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a \nsession is closed. Forging requests with a legitimate cookie, even if \nthe session was terminated, allows an unauthorized attacker to act with \nthe same level of privileges of the legitimate user."
},
{
"lang": "es",
"value": "Las cookies de los usuarios autenticados de Advantech ADAM-5630 permanecen como cookies v\u00e1lidas activas cuando se cierra una sesi\u00f3n. Falsificar solicitudes con una cookie leg\u00edtima, incluso si se termin\u00f3 la sesi\u00f3n, permite que un atacante no autorizado act\u00fae con el mismo nivel de privilegios del usuario leg\u00edtimo."
}
],
"metrics": {

4
CVE-2024/CVE-2024-393xx/CVE-2024-39319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39319",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-26T16:15:07.947",
"lastModified": "2024-09-26T16:15:07.947",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-393xx/CVE-2024-39364.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39364",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-27T18:15:05.417",
"lastModified": "2024-09-27T18:15:05.417",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advantech ADAM-5630 \nhas built-in commands that can be executed without authenticating the \nuser. These commands allow for restarting the operating system, \nrebooting the hardware, and stopping the execution. The commands can be \nsent to a simple HTTP request and are executed by the device \nautomatically, without discrimination of origin or level of privileges \nof the user sending the commands."
},
{
"lang": "es",
"value": "El ADAM-5630 de Advantech tiene comandos integrados que se pueden ejecutar sin necesidad de autenticar al usuario. Estos comandos permiten reiniciar el sistema operativo, reiniciar el hardware y detener la ejecuci\u00f3n. Los comandos se pueden enviar mediante una simple solicitud HTTP y el dispositivo los ejecuta autom\u00e1ticamente, sin discriminaci\u00f3n de origen o nivel de privilegios del usuario que env\u00eda los comandos."
}
],
"metrics": {

4
CVE-2024/CVE-2024-394xx/CVE-2024-39431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39431",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-09-27T08:15:02.513",
"lastModified": "2024-09-27T08:15:02.513",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-394xx/CVE-2024-39432.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39432",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-09-27T08:15:03.530",
"lastModified": "2024-09-27T08:15:03.530",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-394xx/CVE-2024-39433.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39433",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-09-27T08:15:03.710",
"lastModified": "2024-09-27T08:15:03.710",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-394xx/CVE-2024-39434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39434",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-09-27T08:15:03.873",
"lastModified": "2024-09-27T08:15:03.873",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-394xx/CVE-2024-39435.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39435",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-09-27T08:15:04.030",
"lastModified": "2024-09-27T08:15:04.030",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-395xx/CVE-2024-39577.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39577",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-26T18:15:05.717",
"lastModified": "2024-09-26T18:15:05.717",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-405xx/CVE-2024-40506.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40506",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T22:15:03.770",
"lastModified": "2024-09-27T19:35:41.900",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-405xx/CVE-2024-40507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40507",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T22:15:03.880",
"lastModified": "2024-09-27T19:35:42.957",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-405xx/CVE-2024-40508.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40508",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T22:15:03.963",
"lastModified": "2024-09-27T20:35:11.070",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-405xx/CVE-2024-40509.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40509",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T15:15:14.740",
"lastModified": "2024-09-27T17:35:02.243",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting en openPetra v.2023.02 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n serverMFinDev.asmx."
}
],
"metrics": {

8
CVE-2024/CVE-2024-405xx/CVE-2024-40510.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40510",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T15:15:14.820",
"lastModified": "2024-09-27T15:15:14.820",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting en openPetra v.2023.02 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n serverMCommon.asmx."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-405xx/CVE-2024-40511.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40511",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T14:15:04.343",
"lastModified": "2024-09-27T17:35:05.557",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting en openPetra v.2023.02 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n serverMServerAdmin.asmx."
}
],
"metrics": {

8
CVE-2024/CVE-2024-405xx/CVE-2024-40512.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40512",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T14:15:04.423",
"lastModified": "2024-09-27T17:35:06.970",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting en openPetra v.2023.02 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n serverMReporting.asmx."
}
],
"metrics": {

4
CVE-2024/CVE-2024-40xx/CVE-2024-4099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4099",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-26T23:15:02.873",
"lastModified": "2024-09-26T23:15:02.873",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-416xx/CVE-2024-41605.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41605",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T16:15:08.240",
"lastModified": "2024-09-27T13:15:13.227",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41715.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41715",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:05.950",
"lastModified": "2024-09-26T18:15:05.950",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41722",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:06.193",
"lastModified": "2024-09-26T18:15:06.193",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41930",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-09-27T09:15:03.550",
"lastModified": "2024-09-27T09:15:03.550",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41931.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41931",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:06.453",
"lastModified": "2024-09-26T18:15:06.453",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-419xx/CVE-2024-41999.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41999",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-09-30T08:15:03.210",
"lastModified": "2024-09-30T08:15:03.210",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's settings, or spoof devices in other rooms."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Smart-tab para Android instalada en abril de 2023 o antes contiene una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa. Si se aprovecha esta vulnerabilidad, un atacante con acceso f\u00edsico al dispositivo puede aprovechar la funci\u00f3n de depuraci\u00f3n para obtener acceso a las funciones del sistema operativo, aumentar los privilegios, cambiar la configuraci\u00f3n del dispositivo o falsificar dispositivos en otras habitaciones."
}
],
"metrics": {

130
CVE-2024/CVE-2024-422xx/CVE-2024-42272.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42272",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.370",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T13:40:21.843",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,143 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sched: act_ct: cuida el relleno en struct zonas_ht_key El commit culpada aument\u00f3 el tama\u00f1o de la clave de b\u00fasqueda de 2 bytes a 16 bytes, porque zonas_ht_key obtuvo un puntero de red de estructura. Aseg\u00farese de que rhashtable_lookup() no est\u00e9 utilizando los bytes de relleno que no est\u00e1n inicializados. ERROR: KMSAN: valor uninit en rht_ptr_rcu include/linux/rhashtable.h:376 [en l\u00ednea] ERROR: KMSAN: valor uninit en __rhashtable_lookup include/linux/rhashtable.h:607 [en l\u00ednea] ERROR: KMSAN: valor uninit en rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] ERROR: KMSAN: valor uninit en rhashtable_lookup_fast include/linux/rhashtable.h:672 [en l\u00ednea] ERROR: KMSAN: valor uninit en tcf_ct_flow_table_get+0x611/0x2260 net/sched /act_ct.c:329 rht_ptr_rcu include/linux/rhashtable.h:376 [en l\u00ednea] __rhashtable_lookup include/linux/rhashtable.h:607 [en l\u00ednea] rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] rhashtable_lookup_fast include/linux/ rhashtable.h:672 [en l\u00ednea] tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408 tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425 tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488 tcf_action_add net/sched/act_api.c:2061 [en l\u00ednea] tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118 rtnetlink_rcv_msg+0x12fc/0x1410 net /n\u00facleo/ rtnetlink.c:6647 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [en l\u00ednea] netlink_unicast+0xf52/ 0x1260 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_s mensaje final+0x877 /0xb60 net/socket.c:2597 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651 __sys_sendmsg net/socket.c:2680 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2689 [en l\u00ednea] __se_sys_sendmsg net/socket. c: 2687 [en l\u00ednea] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687 x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea ] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f Clave de variable local creada en: tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324 tcf_ct_init+0xa67/0x2890 net /programado /act_ct.c:1408"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.221",
"versionEndExcluding": "5.10.224",
"matchCriteriaId": "301A0246-1161-4A6B-908F-525515AD5B20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.162",
"versionEndExcluding": "5.15.165",
"matchCriteriaId": "11D5C434-764B-4DCC-80A5-5AFDA2AEB21B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.96",
"versionEndExcluding": "6.1.104",
"matchCriteriaId": "8D4BD3E8-CDA7-40DB-8B42-051B214E2DE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.36",
"versionEndExcluding": "6.6.45",
"matchCriteriaId": "E7A8DCF2-5022-498A-896B-D47AD8E08E9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9.7",
"versionEndExcluding": "6.10",
"matchCriteriaId": "FA5E7970-A460-40EE-9BDE-6FFF21149DDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.10.4",
"matchCriteriaId": "58294AC2-8D9E-4C90-B6EC-7C210C28ECB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2191a54f63225b548fd8346be3611c3219a24738",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3a5b68869dbe14f1157c6a24ac71923db060eeab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3ddefcb8f75e312535e2e7d5fef9932019ba60f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7c03ab555eb1ba26c77fd7c25bdf44a0ac23edee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d06daf0ad645d9225a3ff6958dd82e1f3988fa64",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d7cc186d0973afce0e1237c37f7512c01981fb79",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

89
CVE-2024/CVE-2024-422xx/CVE-2024-42278.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42278",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.813",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T12:53:36.420",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,96 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ASoC: TAS2781: Fix tasdev_load_calibrated_data() Esta funci\u00f3n tiene una declaraci\u00f3n if invertida, por lo que no funciona o conduce a una desreferencia NULL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.33",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "720C4410-E38F-4060-A8CD-338FBB4CF4B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9.4",
"versionEndExcluding": "6.10",
"matchCriteriaId": "1AD9A837-E824-444A-8442-914E09BE6199"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "21DC7A88-E88C-4C44-9AFB-CBB30134097C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

113
CVE-2024/CVE-2024-422xx/CVE-2024-42297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42297",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.147",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T13:41:26.463",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,130 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: f2fs: soluci\u00f3n para no ensuciar el inodo para el sistema de archivos de solo lectura syzbot informa el error de f2fs como se muestra a continuaci\u00f3n: \u00a1ERROR del kernel en fs/f2fs/inode.c:933! RIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933 Seguimiento de llamadas: desalojar+0x2a4/0x620 fs/inode.c:664 dispose_list fs/inode.c:697 [en l\u00ednea] evict_inodes+0x5f8/0x690 fs /inode.c:747 generic_shutdown_super+0x9d/0x2c0 fs/super.c:675 kill_block_super+0x44/0x90 fs/super.c:1667 kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894 desactivar_locked_super+0xc1/0x130 fs /super.c:484 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256 task_work_run+0x24a/0x300 kernel/task_work.c:180 ptrace_notify+0x2cd/0x380 kernel/signal.c:2399 ptrace_report_syscall include/linux/ptrace.h :411 [en l\u00ednea] ptrace_report_syscall_exit include/linux/ptrace.h:473 [en l\u00ednea] syscall_exit_work kernel/entry/common.c:251 [en l\u00ednea] syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [en l\u00ednea] __syscall_exit_to_user_mode_work kernel/entry/common .c:283 [inline] syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296 do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88 entry_SYSCALL_64_after_hwframe+0x63/0x6b The root cause is: - do_sys_open - f2fs_lookup - __f2fs_find_entry - f2fs_i_ Depth_write - f2fs_mark_inode_dirty_sync - f2fs_dirty_inode - set_inode_flag(inode, FI_DIRTY_INODE) - umount - kill_f2fs_super - kill_block_super - generic_shutdown_super - sync_filesystem: sb es de solo lectura, omitir sync_file sistema() - evict_inodes - iput - f2fs_evict_inode - f2fs_bug_on(sbi, is_inode_flag_set(inodo, FI_DIRTY_INODE)): desencadena el p\u00e1nico en el kernel Cuando intentamos reparar i_current_ Depth en un sistema de archivos de solo lectura, omitamos el inodo sucio para evitar el p\u00e1nico en f2fs_evict_inode()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "5C41F9D9-FD77-4351-9E80-31CDB3FB794F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2434344559f6743efb3ac15d11af9a0db9543bd3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/54162974aea37a8cae00742470a78c7f6bd6f915",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/54bc4e88447e385c4d4ffa85d93e0dce628fcfa6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9ce8135accf103f7333af472709125878704fdd4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e62ff092a42f4a1bae3b310cf46673b4f3aac3b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ec56571b4b146a1cfbedab49d5fcaf19fe8bf4f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2024/CVE-2024-423xx/CVE-2024-42320.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42320",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:11.833",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T12:54:12.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/dasd: corrige comprobaciones de errores en dasd_copy_pair_store() dasd_add_busid() puede devolver un error a trav\u00e9s de ERR_PTR() si falla una asignaci\u00f3n. Sin embargo, dos sitios de llamada en dasd_copy_pair_store() no verifican el resultado, lo que podr\u00eda provocar una desreferencia del puntero NULL. Solucione este problema verificando el resultado con IS_ERR() y devolviendo el error en la pila."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "81F7EA03-5805-43D2-9A78-820250B70B32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

8
CVE-2024/CVE-2024-424xx/CVE-2024-42496.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42496",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-09-30T08:15:03.553",
"lastModified": "2024-09-30T08:15:03.553",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device to access the related external service."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Smart-tab para Android instalada en abril de 2023 o antes contiene un problema con el almacenamiento de texto plano de una contrase\u00f1a. Si se aprovecha esta vulnerabilidad, un atacante con acceso f\u00edsico al dispositivo puede recuperar la informaci\u00f3n de credenciales y falsificar el dispositivo para acceder al servicio externo relacionado."
}
],
"metrics": {

4
CVE-2024/CVE-2024-431xx/CVE-2024-43108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43108",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:06.713",
"lastModified": "2024-09-26T18:15:06.713",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-431xx/CVE-2024-43191.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43191",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-26T16:15:08.347",
"lastModified": "2024-09-26T16:15:08.347",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

80
CVE-2024/CVE-2024-432xx/CVE-2024-43201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43201",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-09-23T20:15:04.973",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T13:55:38.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -84,6 +104,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -95,14 +125,56 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:planetfitness:planet_fitness_workouts:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.8.12",
"matchCriteriaId": "F93B99AE-0F4C-4F84-BA83-050AB739D639"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://apps.apple.com/us/app/planet-fitness-workouts/id399857015",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Product"
]
},
{
"url": "https://dontvacuum.me/bugs/pf/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-436xx/CVE-2024-43694.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43694",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:06.960",
"lastModified": "2024-09-26T18:15:06.960",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-438xx/CVE-2024-43814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43814",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:07.207",
"lastModified": "2024-09-26T18:15:07.207",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

82
CVE-2024/CVE-2024-438xx/CVE-2024-43825.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43825",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:08.533",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T13:53:21.440",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iio: corrigi\u00f3 la funcionalidad de clasificaci\u00f3n en iio_gts_build_avail_time_table La clasificaci\u00f3n en iio_gts_build_avail_time_table no funciona seg\u00fan lo previsto. Podr\u00eda resultar en un acceso fuera de los l\u00edmites cuando el tiempo sea cero. Aqu\u00ed hay m\u00e1s detalles: 1. Cuando gts->itime_table[i].time_us es cero, por ejemplo, la secuencia de tiempo es `3, 0, 1`, el bucle for interno no terminar\u00e1 y funcionar\u00e1 fuera de l\u00edmite. Esto se debe a que una vez `times[j] > new`, el valor `new` se agregar\u00e1 en la posici\u00f3n actual y `times[j]` se mover\u00e1 a la posici\u00f3n `j+1`, lo que hace que la condici\u00f3n if aguanta siempre. Mientras tanto, se agregar\u00e1 uno a idx, lo que har\u00e1 que el bucle siga ejecut\u00e1ndose sin terminaci\u00f3n ni escritura fuera de los l\u00edmites. 2. Si ninguno de los gts->itime_table[i].time_us es cero, los elementos simplemente se copiar\u00e1n sin ordenarse como se describe en el comentario \"Ordenar tiempos de todas las tablas a una y eliminar duplicados\". Para obtener m\u00e1s detalles, consulte https://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CD8C07C9-5A22-4C32-908B-211B58A46875"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

70
CVE-2024/CVE-2024-438xx/CVE-2024-43827.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43827",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:08.653",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T12:51:34.970",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: agregar verificaci\u00f3n nula antes de acceder a las estructuras. En enable_phantom_plane, ser\u00eda mejor verificar el puntero nulo antes de acceder a varias estructuras."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "38E515B9-DAD5-4A5A-9C4C-1B6873D3185A"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/081ff4c0ef1884ae55f7adb8944efd22e22d8724",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c96140000915b610d86f941450e15ca552de154a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

109
CVE-2024/CVE-2024-438xx/CVE-2024-43829.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43829",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:08.787",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T12:51:56.770",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,124 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/qxl: Agregar verificaci\u00f3n para drm_cvt_mode Agregar verificaci\u00f3n para el valor de retorno de drm_cvt_mode() y devolver el error si falla para evitar la desreferencia del puntero NULL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "FB327727-E3BB-4E46-A8EC-12AD13E62544"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e6959edff3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2024/CVE-2024-438xx/CVE-2024-43842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43842",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:09.647",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T13:55:17.007",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: corrige el error de \u00edndice de matriz en rtw89_sta_info_get_iter() En rtw89_sta_info_get_iter() 'status->he_gi' se compara con el tama\u00f1o de la matriz. Pero luego se usa 'rate->he_gi' como \u00edndice de matriz en lugar de 'status->he_gi'. Esto puede llevar a ir m\u00e1s all\u00e1 de los l\u00edmites de la matriz en caso de que 'rate->he_gi' no sea igual a 'status->he_gi' y sea mayor que el tama\u00f1o de la matriz. Parece un error de \"copiar y pegar\". Corrija este error reemplazando 'rate->he_gi' con 'status->he_gi'. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.103",
"matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2024/CVE-2024-438xx/CVE-2024-43850.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43850",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:10.157",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T13:57:33.400",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: soc: qcom: icc-bwmon: corrige el desequilibrio de recuento visto durante bwmon_remove La siguiente advertencia se ve durante bwmon_remove debido a un desequilibrio de recuento; solucione esto liberando los OPP despu\u00e9s de su uso. Registros: ADVERTENCIA: en drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158 Nombre del hardware: Qualcomm Technologies, Inc. X1E80100 CRD (DT) ... Seguimiento de llamadas: _opp_table_kref_release+0x150/0x158 dev_pm_opp_remove_table+0x100/0x1b4 devm_pm_ opp_of_table_release+ 0x10/0x1c devm_action_release+0x14/0x20 devres_release_all+0xa4/0x104 dispositivo_unbind_cleanup+0x18/0x60 dispositivo_release_driver_internal+0x1ec/0x228 driver_detach+0x50/0x98 bus_remove_driver+0x6c/0xbc driver_unregister+0x30 /0x60 plataforma_driver_unregister+0x14/0x20 bwmon_driver_exit+0x18/0x524 [icc_bwmon ] __arm64_sys_delete_module+0x184/0x264 invoke_syscall+0x48/0x118 el0_svc_common.constprop.0+0xc8/0xe8 do_el0_svc+0x20/0x2c el0_svc+0x34/0xdc el0t_64_sync_handler+0x13 c/0x158 el0t_64_sync+0x190/0x194 --[ final de seguimiento 0000000000000000 ]---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndExcluding": "6.6.44",
"matchCriteriaId": "CE117457-3A46-40BF-AE08-482CBF310F21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.3",
"matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/24086640ab39396eb1a92d1cb1cd2f31b2677c52",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4100d4d019f8e140be1d4d3a9d8d93c1285f5d1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aad41f4c169bcb800ae88123799bdf8cdec3d366",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

4
CVE-2024/CVE-2024-448xx/CVE-2024-44860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44860",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T17:15:03.713",
"lastModified": "2024-09-26T18:35:09.097",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-449xx/CVE-2024-44910.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44910",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T15:15:14.907",
"lastModified": "2024-09-27T15:15:14.907",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que NASA CryptoLib v1.3.0 contiene una lectura fuera de los l\u00edmites a trav\u00e9s del subsistema AOS (crypto_aos.c)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-449xx/CVE-2024-44911.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44911",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T15:15:14.990",
"lastModified": "2024-09-27T15:15:14.990",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_aos.c)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que NASA CryptoLib v1.3.0 contiene una lectura fuera de los l\u00edmites a trav\u00e9s del subsistema TC (crypto_aos.c)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-449xx/CVE-2024-44912.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44912",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T15:15:15.063",
"lastModified": "2024-09-27T15:15:15.063",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que NASA CryptoLib v1.3.0 contiene una lectura fuera de los l\u00edmites a trav\u00e9s del subsistema TM (crypto_tm.c)."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-450xx/CVE-2024-45042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45042",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-26T18:15:07.463",
"lastModified": "2024-09-26T18:15:07.463",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-452xx/CVE-2024-45200.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45200",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-30T08:15:03.760",
"lastModified": "2024-09-30T08:15:03.760",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the \"Wireless Play\" (or \"LAN Play\") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library,"
},
{
"lang": "es",
"value": "En Nintendo Mario Kart 8 Deluxe anterior a la versi\u00f3n 3.0.3, la implementaci\u00f3n del modo multijugador local LAN/LDN permite a un atacante remoto explotar un desbordamiento de b\u00fafer basado en pila tras la deserializaci\u00f3n de la informaci\u00f3n de la sesi\u00f3n a trav\u00e9s de un paquete de respuesta de exploraci\u00f3n mal formado, tambi\u00e9n conocido como KartLANPwn. No es necesario que la v\u00edctima se una a una sesi\u00f3n de juego con un atacante. La v\u00edctima debe abrir el men\u00fa \"Juego inal\u00e1mbrico\" (o \"Juego LAN\") desde la pantalla de t\u00edtulo del juego, y un atacante cercano (LDN) o en la misma red LAN que la v\u00edctima puede enviar un paquete de respuesta manipulado a la consola de la v\u00edctima. Esto permite a un atacante remoto obtener una denegaci\u00f3n de servicio completa en el proceso del juego o, potencialmente, la ejecuci\u00f3n remota de c\u00f3digo en la consola de la v\u00edctima. El problema se debe al uso incorrecto de la biblioteca Nintendo Pia,"
}
],
"metrics": {},

63
CVE-2024/CVE-2024-452xx/CVE-2024-45299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45299",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-06T13:15:05.253",
"lastModified": "2024-09-06T16:46:26.830",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-30T12:48:22.930",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alf:alf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0-m5",
"matchCriteriaId": "4A86C937-5E17-42BE-AB2C-8D47FD56CAED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/alfio-event/alf.io/commit/e7131c588f4ac31067a41d0e31e6a6a721b2ff4b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/alfio-event/alf.io/security/advisories/GHSA-mcx6-25f8-8rqw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-453xx/CVE-2024-45374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45374",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:07.687",
"lastModified": "2024-09-26T18:15:07.687",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-457xx/CVE-2024-45723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45723",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:07.927",
"lastModified": "2024-09-26T18:15:07.927",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-457xx/CVE-2024-45744.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45744",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-09-27T16:15:04.940",
"lastModified": "2024-09-27T17:15:12.993",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745.\u00a0At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally."
},
{
"lang": "es",
"value": "TopQuadrant TopBraid EDG almacena credenciales externas de forma insegura. Un atacante autenticado con acceso al sistema de archivos puede leer edg-setup.properites y obtener el secreto para descifrar las contrase\u00f1as externas almacenadas en edg-vault.properties. Un atacante autenticado podr\u00eda obtener acceso al sistema de archivos utilizando una vulnerabilidad independiente como CVE-2024-45745. Al menos la versi\u00f3n 7.1.3 est\u00e1 afectada. La versi\u00f3n 7.3 agrega la integraci\u00f3n de HashiCorp Vault que no almacena las contrase\u00f1as externas de forma local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-457xx/CVE-2024-45745.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45745",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-09-27T16:15:05.037",
"lastModified": "2024-09-27T17:15:13.167",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721)."
},
{
"lang": "es",
"value": "TopQuadrant TopBraid EDG anterior a la versi\u00f3n 8.0.1 permite que un atacante autenticado cargue un archivo DTD XML y ejecute JavaScript para leer archivos locales o acceder a URL (XXE). Corregido en la versi\u00f3n 8.0.1 (correcci\u00f3n de error: TBS-6721)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-457xx/CVE-2024-45772.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45772",
"sourceIdentifier": "security@apache.org",
"published": "2024-09-30T09:15:02.670",
"lastModified": "2024-09-30T09:15:02.670",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.\n\nThis issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.\nThe deprecated org.apache.lucene.replicator.http package is affected.\nThe org.apache.lucene.replicator.nrt package is not affected.\n\nUsers are recommended to upgrade to version 9.12.0, which fixes the issue.\n\nJava serialization filters (such as\u00a0-Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality."
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Apache Lucene Replicator. Este problema afecta al m\u00f3dulo replicador de Apache Lucene: desde la versi\u00f3n 4.4.0 hasta la 9.12.0. El paquete obsoleto org.apache.lucene.replicator.http est\u00e1 afectado. El paquete org.apache.lucene.replicator.nrt no est\u00e1 afectado. Se recomienda a los usuarios que actualicen a la versi\u00f3n 9.12.0, que soluciona el problema. Los filtros de serializaci\u00f3n de Java (como -Djdk.serialFilter='!*' en la l\u00ednea de comandos) pueden mitigar el problema en las versiones vulnerables sin afectar la funcionalidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-457xx/CVE-2024-45773.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45773",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2024-09-27T14:15:04.503",
"lastModified": "2024-09-27T15:35:02.620",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00."
},
{
"lang": "es",
"value": "Una vulnerabilidad de use-after-free que involucra solicitudes upgradeToRocket puede provocar que la aplicaci\u00f3n se bloquee o que se ejecute c\u00f3digo u otros efectos no deseados. Este problema afecta a Facebook Thrift antes de la versi\u00f3n v2024.09.09.00."
}
],
"metrics": {

4
CVE-2024/CVE-2024-458xx/CVE-2024-45838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45838",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:08.170",
"lastModified": "2024-09-26T18:15:08.170",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-458xx/CVE-2024-45863.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45863",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2024-09-27T14:15:04.567",
"lastModified": "2024-09-27T15:35:02.800",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desreferencia nula que implica el an\u00e1lisis de solicitudes que especifican protocolos no v\u00e1lidos puede provocar que la aplicaci\u00f3n se bloquee o potencialmente tener otros efectos no deseados. Este problema afecta a Facebook Thrift desde la versi\u00f3n v2024.09.09.00 hasta la v2024.09.23.00."
}
],
"metrics": {

21
CVE-2024/CVE-2024-459xx/CVE-2024-45920.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-45920",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-30T13:15:02.450",
"lastModified": "2024-09-30T13:15:02.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in \"Intrest\" feature."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ipxsec/10526db2cbfcb899a70dcb8f0ee53a99",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-459xx/CVE-2024-45979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45979",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T17:15:03.813",
"lastModified": "2024-09-26T19:35:18.603",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-459xx/CVE-2024-45980.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45980",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T17:15:03.917",
"lastModified": "2024-09-26T19:35:19.337",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-459xx/CVE-2024-45981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45981",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T17:15:04.003",
"lastModified": "2024-09-26T19:35:20.077",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-459xx/CVE-2024-45982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45982",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T17:15:04.100",
"lastModified": "2024-09-26T21:35:21.020",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-459xx/CVE-2024-45983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45983",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T16:15:08.653",
"lastModified": "2024-09-26T19:35:20.827",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-459xx/CVE-2024-45984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45984",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T18:15:08.420",
"lastModified": "2024-09-26T19:35:21.550",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-459xx/CVE-2024-45985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45985",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T18:15:08.497",
"lastModified": "2024-09-26T18:35:10.080",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-459xx/CVE-2024-45986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45986",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T21:15:07.663",
"lastModified": "2024-09-26T21:35:21.760",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-459xx/CVE-2024-45987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45987",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T18:15:08.583",
"lastModified": "2024-09-26T18:15:08.583",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-459xx/CVE-2024-45989.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45989",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T18:15:08.667",
"lastModified": "2024-09-27T15:35:02.983",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-460xx/CVE-2024-46097.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46097",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T18:15:05.687",
"lastModified": "2024-09-27T20:35:12.027",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges."
},
{
"lang": "es",
"value": "TestLink 1.9.20 es vulnerable a un Control de Acceso Incorrecto en la secci\u00f3n de edici\u00f3n de TestPlan. Cuando se crea un nuevo TestPlan, se genera autom\u00e1ticamente un ID con un valor incremental. Mediante la funci\u00f3n de edici\u00f3n se puede cambiar el par\u00e1metro tplan_id por otro ID. La aplicaci\u00f3n no realiza una comprobaci\u00f3n de los permisos del usuario, por lo que es posible recuperar los ID de todos los TestPlans (incluso los administrativos) y modificarlos incluso con privilegios m\u00ednimos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-462xx/CVE-2024-46256.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46256",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T18:15:05.787",
"lastModified": "2024-09-27T18:15:05.787",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comando en requestLetsEncryptSsl en NginxProxyManager 2.11.3 permite a un atacante realizar una RCE a trav\u00e9s de Agregar certificado Let's Encrypt."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-462xx/CVE-2024-46257.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46257",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-27T18:15:05.870",
"lastModified": "2024-09-27T18:15:05.870",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:45:57.823",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en requestLetsEncryptSslWithDnsChallenge en NginxProxyManager 2.11.3 permite que un atacante logre la ejecuci\u00f3n remota de c\u00f3digo mediante la adici\u00f3n de un certificado Let's Encrypt. NOTA: esto no forma parte de ning\u00fan software NGINX distribuido por F5."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-463xx/CVE-2024-46327.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46327",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T14:15:09.173",
"lastModified": "2024-09-26T15:35:24.607",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-463xx/CVE-2024-46328.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46328",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T14:15:09.273",
"lastModified": "2024-09-26T15:35:25.783",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-463xx/CVE-2024-46329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46329",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T14:15:09.360",
"lastModified": "2024-09-26T15:35:27.397",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-463xx/CVE-2024-46330.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46330",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-26T14:15:09.433",
"lastModified": "2024-09-26T15:35:28.713",
"vulnStatus": "Received",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More