admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-28T14:00:39.174226+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-28 14:03:31 +00:00
parent 5edb06de88
commit 4be4a343ca
161 changed files with 1436 additions and 479 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2022/CVE-2022-42xx/CVE-2022-4259.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4259",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-05-04T11:15:08.930",
"lastModified": "2023-05-10T18:03:45.453",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:08.623",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",

8
CVE-2022/CVE-2022-486xx/CVE-2022-48681.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-48681",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-05-28T04:15:08.623",
"lastModified": "2024-05-28T07:15:08.470",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail."
},
{
"lang": "es",
"value": "Algunos parlantes inteligentes de Huawei tienen una vulnerabilidad de desbordamiento de memoria. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar que ciertas funciones fallen."
}
],
"metrics": {

8
CVE-2022/CVE-2022-49xx/CVE-2022-4969.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-4969",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-27T17:15:09.157",
"lastModified": "2024-05-27T17:15:09.157",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local access is required to approach this attack. Upgrading to version 0.2.0 is able to address this issue. The name of the patch is 1a15fad5e06ae693eb9b8908363d2c8ef455104e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266312."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en bwoodsend rockhopper hasta 0.1.2 y clasificada como cr\u00edtica. La funci\u00f3n count_rows del archivo rockhopper/src/ragged_array.c del componente Binary Parser es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento raw provoca un desbordamiento del buffer. Se requiere acceso local para abordar este ataque. La actualizaci\u00f3n a la versi\u00f3n 0.2.0 puede solucionar este problema. El nombre del parche es 1a15fad5e06ae693eb9b8908363d2c8ef455104e. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-266312."
}
],
"metrics": {

6
CVE-2023/CVE-2023-223xx/CVE-2023-22378.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-22378",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T09:15:13.507",
"lastModified": "2023-08-15T16:06:35.373",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:08.783",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way.\n\n"
"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-228xx/CVE-2023-22843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22843",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T09:15:13.667",
"lastModified": "2023-08-16T21:06:13.870",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:08.937",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-235xx/CVE-2023-23574.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-23574",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T09:15:13.767",
"lastModified": "2023-08-15T16:07:24.603",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:09.070",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way.\n\n"
"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-239xx/CVE-2023-23903.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-23903",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T10:15:09.687",
"lastModified": "2023-08-16T19:44:20.300",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:09.210",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.\n\nThe whole application in rendered unusable until a console intervention.\n\n"
"value": "An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.\n\nThe whole application in rendered unusable until a console intervention."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-240xx/CVE-2023-24015.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-24015",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T10:15:09.890",
"lastModified": "2023-08-16T16:45:15.760",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:09.340",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.\n\n"
"value": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-244xx/CVE-2023-24471.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-24471",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T09:15:13.860",
"lastModified": "2023-08-16T19:46:55.460",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:09.460",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.\n\nAn authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.\n\n"
"value": "An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.\n\nAn authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-244xx/CVE-2023-24477.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-24477",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T08:15:09.280",
"lastModified": "2023-08-15T16:09:11.937",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:09.593",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.\n\n"
"value": "In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session."
}
],
"metrics": {

6
CVE-2023/CVE-2023-25xx/CVE-2023-2567.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-2567",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-09-19T11:16:19.333",
"lastModified": "2023-09-21T18:59:18.827",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:09.857",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way.\n\n\n\n"
"value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-292xx/CVE-2023-29245.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-29245",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-09-19T11:16:18.100",
"lastModified": "2023-09-21T18:52:45.453",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:09.717",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.\n\nMalicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.\n\n\n\n"
"value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.\n\nMalicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-326xx/CVE-2023-32649.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-32649",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-09-19T11:16:20.297",
"lastModified": "2023-09-21T19:04:51.733",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:09.970",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.\n\nDuring the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.\n\n\n\n"
"value": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.\n\nDuring the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed."
},
{
"lang": "es",

59
CVE-2023/CVE-2023-374xx/CVE-2023-37411.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37411",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-05-28T12:15:08.360",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260139",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7154977",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2023/CVE-2023-509xx/CVE-2023-50977.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50977",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T14:15:09.380",
"lastModified": "2024-05-27T14:15:09.380",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In GNOME Shell through 45.2, unauthenticated remote code execution can be achieved by intercepting two DNS requests (GNOME Network Manager and GNOME Shell Portal Helper connectivity checks), and responding with attacker-specific IP addresses. This DNS hijacking causes GNOME Captive Portal to be launched via a WebKitGTK browser, by default, on the victim system; this can run JavaScript code inside a sandbox. NOTE: the vendor's position is that this is not a vulnerability because running JavaScript code inside a sandbox is the intended behavior."
},
{
"lang": "es",
"value": "En GNOME Shell hasta la versi\u00f3n 45.2, se puede lograr la ejecuci\u00f3n remota de c\u00f3digo no autenticado interceptando dos solicitudes de DNS (verificaciones de conectividad de GNOME Network Manager y GNOME Shell Portal Helper) y respondiendo con direcciones IP espec\u00edficas del atacante. Este secuestro de DNS hace que GNOME Captive Portal se inicie a trav\u00e9s de un navegador WebKitGTK, de forma predeterminada, en el sistema v\u00edctima; esto puede ejecutar c\u00f3digo JavaScript dentro de una zona de pruebas. NOTA: la posici\u00f3n del proveedor es que esto no es una vulnerabilidad porque el comportamiento previsto es ejecutar c\u00f3digo JavaScript dentro de un entorno limitado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-525xx/CVE-2023-52547.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52547",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-05-28T07:15:08.930",
"lastModified": "2024-05-28T07:15:08.930",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM."
},
{
"lang": "es",
"value": "Huawei Matebook D16 (Modelo: CREM-WXX9, BIOS: v2.26. Corrupci\u00f3n de la memoria en el controlador SMI del m\u00f3dulo SMM HddPassword. Un atacante malicioso del sistema operativo puede aprovechar esto para corromper las estructuras de datos almacenadas al comienzo de SMRAM y puede conducir potencialmente a Ejecuci\u00f3n de c\u00f3digo en SMM."
}
],
"metrics": {

8
CVE-2023/CVE-2023-525xx/CVE-2023-52548.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52548",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-05-28T07:15:09.753",
"lastModified": "2024-05-28T07:15:09.753",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS attacker to corrupt arbitrary SMRAM memory and, in turn, lead to code execution in SMM"
},
{
"lang": "es",
"value": "Huawei Matebook D16 (Modelo: CREM-WXX9, BIOS: v2.26) Corrupci\u00f3n arbitraria de la memoria en el controlador SMI del m\u00f3dulo SMM ThisiServicesSmm. Un atacante malicioso del sistema operativo puede aprovechar esto para corromper la memoria SMRAM arbitraria y, a su vez, provocar la ejecuci\u00f3n de c\u00f3digo en SMM."
}
],
"metrics": {

8
CVE-2023/CVE-2023-526xx/CVE-2023-52656.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52656",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-14T14:23:13.810",
"lastModified": "2024-05-25T16:15:08.213",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: drop any code related to SCM_RIGHTS\n\nThis is dead code after we dropped support for passing io_uring fds\nover SCM_RIGHTS, get rid of it."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: elimina cualquier c\u00f3digo relacionado con SCM_RIGHTS. Este es un c\u00f3digo inactivo despu\u00e9s de que dejamos de admitir el paso de io_uring fds sobre SCM_RIGHTS, deshazte de \u00e9l."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-527xx/CVE-2023-52710.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52710",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-05-28T07:15:10.100",
"lastModified": "2024-05-28T07:15:10.100",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn\u2019t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM."
},
{
"lang": "es",
"value": "Huawei Matebook D16 (Modelo: CREM-WXX9, BIOS: v2.26). Como el tama\u00f1o del b\u00fafer de comunicaci\u00f3n no se ha validado correctamente para que sea del tama\u00f1o esperado, puede superponerse parcialmente con la SMRAM inicial. Esto se puede aprovechar mediante un atacante malicioso del sistema operativo corrompe las estructuras de datos almacenadas al comienzo de SMRAM y puede conducir potencialmente a la ejecuci\u00f3n de c\u00f3digo en SMM."
}
],
"metrics": {

8
CVE-2023/CVE-2023-527xx/CVE-2023-52711.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52711",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-05-28T07:15:10.490",
"lastModified": "2024-05-28T07:15:10.490",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM"
},
{
"lang": "es",
"value": "Varios problemas debido a la exposici\u00f3n del controlador SMI en AmdPspP2CmboxV2. El primer problema se puede aprovechar para evitar las protecciones implementadas en fases anteriores de UEFI para evitar el acceso directo a la memoria flash SPI. El segundo problema se puede utilizar para filtrar y corromper la memoria de SMM, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en SMM."
}
],
"metrics": {

4
CVE-2023/CVE-2023-527xx/CVE-2023-52712.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52712",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-05-28T07:15:10.810",
"lastModified": "2024-05-28T07:15:10.810",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-52xx/CVE-2023-5253.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5253",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-01-15T11:15:08.627",
"lastModified": "2024-01-22T19:56:01.273",
"vulnStatus": "Analyzed",
"lastModified": "2024-05-28T13:15:10.223",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.\n\n\n\nMalicious unauthenticated users with knowledge on the underlying system may be able to extract asset information.\n\n\n\n"
"value": "A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.\n\n\n\nMalicious unauthenticated users with knowledge on the underlying system may be able to extract asset information."
},
{
"lang": "es",

2
CVE-2023/CVE-2023-59xx/CVE-2023-5935.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5935",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-05-15T16:15:09.020",
"lastModified": "2024-05-15T16:40:19.330",
"lastModified": "2024-05-28T13:15:10.383",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2023/CVE-2023-59xx/CVE-2023-5936.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5936",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-05-15T16:15:09.350",
"lastModified": "2024-05-15T16:40:19.330",
"lastModified": "2024-05-28T13:15:10.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2023/CVE-2023-59xx/CVE-2023-5937.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5937",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-05-15T16:15:09.577",
"lastModified": "2024-05-15T16:40:19.330",
"lastModified": "2024-05-28T13:15:10.607",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2023/CVE-2023-59xx/CVE-2023-5938.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5938",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-05-15T17:15:09.733",
"lastModified": "2024-05-15T18:35:11.453",
"lastModified": "2024-05-28T13:15:10.700",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

8
CVE-2023/CVE-2023-63xx/CVE-2023-6349.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6349",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2024-05-27T12:15:08.810",
"lastModified": "2024-05-27T12:15:08.810",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow vulnerability exists in libvpx -\u00a0Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.\nWe recommend upgrading to version 1.13.1 or above"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de mont\u00f3n en libvpx codificar un frame que tiene dimensiones mayores que el tama\u00f1o configurado originalmente con VP9 puede resultar en un desbordamiento de mont\u00f3n en libvpx. Recomendamos actualizar a la versi\u00f3n 1.13.1 o superior."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-69xx/CVE-2023-6916.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6916",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-04-10T16:15:09.190",
"lastModified": "2024-04-10T19:49:51.183",
"lastModified": "2024-05-28T13:15:10.800",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Audit records for OpenAPI requests may include sensitive information.\n\nThis could lead to unauthorized accesses and privilege escalation."
"value": "Audit records for OpenAPI requests may include sensitive information.\n\n\n\nThis could lead to unauthorized accesses and privilege escalation."
}
],
"metrics": {

4
CVE-2024/CVE-2024-02xx/CVE-2024-0218.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-0218",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-04-10T16:15:09.413",
"lastModified": "2024-04-10T19:49:51.183",
"lastModified": "2024-05-28T13:15:10.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.\n\nNetwork traffic may not be analyzed until the IDS module is restarted.\n\n"
"value": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.\n\n\n\nNetwork traffic may not be analyzed until the IDS module is restarted."
}
],
"metrics": {

8
CVE-2024/CVE-2024-08xx/CVE-2024-0851.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0851",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-05-27T15:15:08.780",
"lastModified": "2024-05-27T15:15:08.780",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through V24.05.27."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de Comando SQL ('Inyecci\u00f3n SQL') en Grup Arge Energy and Control Systems Smartpower permite la Inyecci\u00f3n SQL. Este problema afecta a Smartpower: hasta V24.05.27."
}
],
"metrics": {},

59
CVE-2024/CVE-2024-21xx/CVE-2024-2199.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2199",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-05-28T12:15:08.950",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-2199",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267976",
"source": "secalert@redhat.com"
}
]
}

8
CVE-2024/CVE-2024-262xx/CVE-2024-26289.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-26289",
"sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"published": "2024-05-27T07:15:08.807",
"lastModified": "2024-05-27T07:15:08.807",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18."
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en PMB Services PMB permite la inclusi\u00f3n remota de c\u00f3digo. Este problema afecta a PMB: desde 7.5.1 anterior a 7.5.6-2, desde 7.4.1 anterior a 7.4.9, desde 7.3.1 anterior a 7.3.18."
}
],
"metrics": {

8
CVE-2024/CVE-2024-273xx/CVE-2024-27310.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27310",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-05-27T18:15:09.693",
"lastModified": "2024-05-27T18:15:09.693",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine\u00a0ADSelfService Plus versions below\u00a06401 are vulnerable to the DOS attack due to the malicious LDAP query."
},
{
"lang": "es",
"value": "Las versiones de Zoho ManageEngine ADSelfService Plus inferiores a 6401 son vulnerables al ataque de DOS debido a la consulta LDAP maliciosa."
}
],
"metrics": {

8
CVE-2024/CVE-2024-273xx/CVE-2024-27314.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27314",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-05-27T07:15:09.297",
"lastModified": "2024-05-27T07:15:09.297",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine\u00a0ServiceDesk Plus versions below\u00a014730,\u00a0ServiceDesk Plus MSP below 14720 and\u00a0SupportCenter Plus below\u00a014730 are vulnerable to\u00a0stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users."
},
{
"lang": "es",
"value": "Las versiones de Zoho ManageEngine ServiceDesk Plus inferiores a 14730, ServiceDesk Plus MSP inferiores a 14720 y SupportCenter Plus inferiores a 14730 son vulnerables a XSS almacenado en el men\u00fa Acciones personalizadas en los detalles de la solicitud. Esta vulnerabilidad solo puede ser aprovechada por los usuarios de la funci\u00f3n SDAdmin."
}
],
"metrics": {

59
CVE-2024/CVE-2024-287xx/CVE-2024-28793.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-28793",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-05-28T12:15:08.717",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286830."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/286830",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7154955",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2024/CVE-2024-288xx/CVE-2024-28880.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28880",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-28T00:15:08.407",
"lastModified": "2024-05-28T00:15:08.407",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the product."
},
{
"lang": "es",
"value": "Vulnerabilidad de Path traversal en MosP kintai kanri V4.6.6 y versiones anteriores permite a un atacante remoto que puede iniciar sesi\u00f3n en el producto obtener informaci\u00f3n confidencial del producto."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-288xx/CVE-2024-28886.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28886",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-28T03:15:08.470",
"lastModified": "2024-05-28T03:15:08.470",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be executed."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo existe en versiones de UTAU anteriores a la v0.4.19. Si un usuario del producto abre un archivo de proyecto UTAU manipulado (archivo .ust), se puede ejecutar un comando arbitrario del sistema operativo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-290xx/CVE-2024-29078.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-29078",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-28T00:15:08.497",
"lastModified": "2024-05-28T00:15:08.497",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings."
},
{
"lang": "es",
"value": "Existe una asignaci\u00f3n de permisos incorrecta para un problema de recursos cr\u00edticos en MosP kintai kanri V4.6.6 y versiones anteriores, lo que puede permitir que un atacante remoto no autenticado con acceso al producto altere la configuraci\u00f3n del producto."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-292xx/CVE-2024-29215.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-29215",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-05-26T14:15:08.627",
"lastModified": "2024-05-26T14:15:08.627",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook task command."
},
{
"lang": "es",
"value": "Las versiones de Mattermost 9.5.x &lt;= 9.5.3, 9.7.x &lt;= 9.7.1, 9.6.x &lt;= 9.6.1, 8.1.x &lt;= 8.1.12 no aplican el control de acceso adecuado que permite a un usuario ejecutar un comando de barra diagonal en un canal del que no son miembros vinculando una ejecuci\u00f3n del libro de jugadas a ese canal y ejecutando un comando de barra diagonal como un comando de tarea del libro de jugadas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-294xx/CVE-2024-29415.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-29415",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T20:15:08.970",
"lastModified": "2024-05-27T20:15:08.970",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282."
},
{
"lang": "es",
"value": "El paquete ip hasta la versi\u00f3n 2.0.1 para Node.js podr\u00eda permitir SSRF porque algunas direcciones IP (como 127.1, 01200034567, 012.1.2.3, 000:0:0000::01 y ::fFFf:127.0.0.1) Est\u00e1n incorrectamente categorizadas como enrutable globalmente a trav\u00e9s de isPublic. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2023-42282."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-300xx/CVE-2024-30056.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30056",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-05-25T18:15:13.347",
"lastModified": "2024-05-25T18:15:13.347",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Edge (basado en Chromium)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-318xx/CVE-2024-31859.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31859",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-05-26T14:15:08.907",
"lastModified": "2024-05-26T14:15:08.907",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin"
},
{
"lang": "es",
"value": "Las versiones 9.5.x &lt;= 9.5.3, 9.6.x &lt;= 9.6.1 y 8.1.x &lt;= 8.1.12 de Mattermost no realizan las comprobaciones de autorizaci\u00f3n adecuadas, lo que permite que un miembro que ejecuta un libro de estrategias en un canal existente sea promovido a un administrador del canal"
}
],
"metrics": {

8
CVE-2024/CVE-2024-320xx/CVE-2024-32045.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32045",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-05-26T14:15:09.137",
"lastModified": "2024-05-26T14:15:09.137",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel\u00a0which allows members to link their runs to private channels they were not members of."
},
{
"lang": "es",
"value": "Las versiones 9.5.x &lt;= 9.5.3, 9.6.x &lt;= 9.6.1, 8.1.x &lt;= 8.1.12 de Mattermost no aplican controles de acceso adecuados para la membres\u00eda del canal y del equipo al vincular la ejecuci\u00f3n de un libro de jugadas a un canal que permite a los miembros vincular sus ejecuciones a canales privados de los que no eran miembros."
}
],
"metrics": {

8
CVE-2024/CVE-2024-329xx/CVE-2024-32944.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32944",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-28T03:15:08.563",
"lastModified": "2024-05-28T03:15:08.563",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be placed."
},
{
"lang": "es",
"value": "La vulnerabilidad de Path traversal existe en versiones de UTAU anteriores a la v0.4.19. Si un usuario del producto instala un instalador de banco de voz UTAU manipulado (archivo .uar, archivo .zip) en UTAU, se puede colocar un archivo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-329xx/CVE-2024-32978.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32978",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T16:15:08.757",
"lastModified": "2024-05-27T16:15:08.757",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. Users of affected versions are advised to update to Kaminari version 1.2.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, review and adjust the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized user."
},
{
"lang": "es",
"value": "Kaminari es un paginador para marcos de aplicaciones web y asignaciones relacionales de objetos. Se ha identificado una vulnerabilidad de seguridad que involucra permisos de archivos inseguros en la librer\u00eda de paginaci\u00f3n Kaminari para Ruby on Rails, relacionada con permisos de archivos inseguros. Esta vulnerabilidad es de gravedad moderada debido al potencial de acceso de escritura no autorizado a archivos Ruby espec\u00edficos administrados por la librer\u00eda. Dicho acceso podr\u00eda provocar la alteraci\u00f3n del comportamiento de la aplicaci\u00f3n o problemas de integridad de los datos. Se recomienda a los usuarios de las versiones afectadas que actualicen a Kaminari versi\u00f3n 1.2.2 o posterior, donde los permisos de los archivos se han ajustado para mejorar la seguridad. Si la actualizaci\u00f3n no es posible de inmediato, revise y ajuste los permisos de archivo para archivos Ruby espec\u00edficos en Kaminari para asegurarse de que solo sean accesibles para usuarios autorizados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-334xx/CVE-2024-33471.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33471",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T19:15:09.973",
"lastModified": "2024-05-24T19:15:09.973",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "Un problema en la configuraci\u00f3n del sensor de AVTECH Room Alert 4E v4.4.0 permite a los atacantes obtener acceso a las credenciales SMTP en texto plano a trav\u00e9s de una solicitud AJAX manipulada. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-340xx/CVE-2024-34029.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34029",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-05-26T14:15:09.367",
"lastModified": "2024-05-26T14:15:09.367",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 fail to perform a proper authorization check in the /api/v4/groups/<group-id>/channels/<channel-id>/link endpoint\u00a0which allows a user\u00a0to learn the members of\u00a0an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team."
},
{
"lang": "es",
"value": "Las versiones 9.5.x &lt;= 9.5.3, 9.7.x &lt;= 9.7.1 y 8.1.x &lt;= 8.1.12 de Mattermost no realizan una verificaci\u00f3n de autorizaci\u00f3n adecuada en /api/v4/groups// canales//link endpoint que permite a un usuario conocer los miembros de un grupo AD/LDAP que est\u00e1 vinculado a un equipo agregando el grupo a un canal, incluso si el usuario no tiene acceso al equipo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-341xx/CVE-2024-34152.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34152",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-05-26T14:15:09.607",
"lastModified": "2024-05-26T14:15:09.607",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to\u00a0get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server"
},
{
"lang": "es",
"value": "Las versiones de Mattermost 9.5.x &lt;= 9.5.3, 9.6.x &lt;= 9.6.1 y 8.1.x &lt;= 8.1.12 no realizan el control de acceso adecuado que permite a un invitado obtener los metadatos de una ejecuci\u00f3n de libro de jugadas p\u00fablico que se vincula a el canal en el que son invitados enviando una solicitud de consulta RHSRuns GraphQL al servidor"
}
],
"metrics": {

8
CVE-2024/CVE-2024-344xx/CVE-2024-34454.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34454",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-26T22:15:08.650",
"lastModified": "2024-05-26T22:15:08.650",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name)."
},
{
"lang": "es",
"value": "Nintendo Wii U OS 5.5.5 permite a los atacantes intermediarios falsificar certificados SSL como si vinieran de una CA ra\u00edz, porque existe un mecanismo de verificaci\u00f3n secundario que solo verifica si se conoce una CA e ignora los detalles de la CA y firma (y porque * se acepta como nombre com\u00fan)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-344xx/CVE-2024-34477.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34477",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T14:15:09.470",
"lastModified": "2024-05-27T14:15:09.470",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file."
},
{
"lang": "es",
"value": "configureNFS en lib/common/functions.sh en FOG hasta 1.5.10 permite a los usuarios locales obtener privilegios al montar un recurso compartido NFS manipulado (debido a no_root_squash e inseguro). Para aprovechar la vulnerabilidad, alguien necesita montar un recurso compartido NFS para agregar un archivo ejecutable como root. Adem\u00e1s, se debe agregar el bit SUID a este archivo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-349xx/CVE-2024-34923.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34923",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T20:15:09.060",
"lastModified": "2024-05-27T20:15:09.060",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS)."
},
{
"lang": "es",
"value": "En el firmware del dispositivo Avocent DSR2030 03.04.00.07 anterior a 03.07.01.23 y en el firmware del dispositivo SVIP1020 01.06.00.03 anterior a 01.07.00.00, hay un cross-site scripting (XSS) Reflejado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-351xx/CVE-2024-35181.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35181",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T19:15:08.620",
"lastModified": "2024-05-27T19:15:08.620",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may be able to access and modify any data stored in the database, like performance profiles (which may contain session cookies), Meshery application data, or any Kubernetes configuration added to the system. The Meshery project exposes the function `GetMeshSyncResourcesKinds` at the API URL `/api/system/meshsync/resources/kinds`. The order query parameter is directly used to build a SQL query in `meshync_handler.go`. Version 0.7.22 fixes this issue."
},
{
"lang": "es",
"value": "Meshery es un administrador nativo de la nube de c\u00f3digo abierto que permite el dise\u00f1o y la administraci\u00f3n de infraestructura y aplicaciones basadas en Kubernetes. Una vulnerabilidad de inyecci\u00f3n SQL en Meshery anterior a la versi\u00f3n 0.7.22 puede provocar la escritura arbitraria de archivos mediante el uso de un payload de consultas apiladas de inyecci\u00f3n SQL y el comando ATTACH DATABASE. Adem\u00e1s, los atacantes pueden acceder y modificar cualquier dato almacenado en la base de datos, como perfiles de rendimiento (que pueden contener cookies de sesi\u00f3n), datos de la aplicaci\u00f3n Meshery o cualquier configuraci\u00f3n de Kubernetes agregada al sistema. El proyecto Meshery expone la funci\u00f3n `GetMeshSyncResourcesKinds` en la URL de API `/api/system/meshsync/resources/kinds`. El par\u00e1metro de consulta de pedido se utiliza directamente para crear una consulta SQL en `meshync_handler.go`. La versi\u00f3n 0.7.22 soluciona este problema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-351xx/CVE-2024-35182.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35182",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T19:15:08.890",
"lastModified": "2024-05-27T19:15:08.890",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Additionally, attackers may be able to access and modify any data stored in the database, like performance profiles (which may contain session cookies), Meshery application data, or any Kubernetes configuration added to the system. The Meshery project exposes the function `GetAllEvents` at the API URL `/api/v2/events`. The sort query parameter read in `events_streamer.go` is directly used to build a SQL query in `events_persister.go`. Version 0.7.22 fixes this issue by using the `SanitizeOrderInput` function."
},
{
"lang": "es",
"value": "Meshery es un administrador nativo de la nube de c\u00f3digo abierto que permite el dise\u00f1o y la administraci\u00f3n de infraestructura y aplicaciones basadas en Kubernetes. Una vulnerabilidad de inyecci\u00f3n SQL en Meshery anterior a la versi\u00f3n 0.7.22 puede provocar la escritura arbitraria de archivos mediante un payload de consultas apiladas de inyecci\u00f3n SQL y el comando ATTACH DATABASE. Adem\u00e1s, los atacantes pueden acceder y modificar cualquier dato almacenado en la base de datos, como perfiles de rendimiento (que pueden contener cookies de sesi\u00f3n), datos de la aplicaci\u00f3n Meshery o cualquier configuraci\u00f3n de Kubernetes agregada al sistema. El proyecto Meshery expone la funci\u00f3n `GetAllEvents` en la URL de API `/api/v2/events`. El par\u00e1metro de consulta de clasificaci\u00f3n le\u00eddo en `events_streamer.go` se usa directamente para crear una consulta SQL en `events_persister.go`. La versi\u00f3n 0.7.22 soluciona este problema mediante el uso de la funci\u00f3n `SanitizeOrderInput`."
}
],
"metrics": {

8
CVE-2024/CVE-2024-352xx/CVE-2024-35219.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35219",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T16:15:09.027",
"lastModified": "2024-05-27T16:15:09.027",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available."
},
{
"lang": "es",
"value": "OpenAPI Generator permite la generaci\u00f3n de librer\u00edas de cliente API (generaci\u00f3n de SDK), c\u00f3digos auxiliares de servidor, documentaci\u00f3n y configuraci\u00f3n autom\u00e1ticamente dada una especificaci\u00f3n OpenAPI. Antes de la versi\u00f3n 7.6.0, los atacantes pod\u00edan aprovechar una vulnerabilidad de path traversal para leer y eliminar archivos y carpetas de un directorio grabable arbitrario, ya que cualquiera pod\u00eda configurar la carpeta de salida al enviar la solicitud a trav\u00e9s de la opci\u00f3n `outputFolder`. El problema se solucion\u00f3 en la versi\u00f3n 7.6.0 eliminando el uso de la opci\u00f3n `outputFolder`. No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-352xx/CVE-2024-35229.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35229",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T17:15:09.510",
"lastModified": "2024-05-27T17:15:09.510",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts.\n"
},
{
"lang": "es",
"value": "ZKsync Era es un paquete acumulativo de capa 2 que utiliza pruebas de conocimiento cero para escalar Ethereum. Antes de la versi\u00f3n 1.3.10, exist\u00eda un patr\u00f3n muy espec\u00edfico `f(a(),b()); check_if_a_executed_last()` en Yul que expone un error en el orden de evaluaci\u00f3n de los argumentos de la funci\u00f3n Yul. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 1.3.10. Como workaround, actualice y vuelva a implementar los contratos afectados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-352xx/CVE-2024-35231.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35231",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T17:15:09.760",
"lastModified": "2024-05-27T17:15:09.760",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue."
},
{
"lang": "es",
"value": "rack-contrib proporciona middleware y utilidades de rack para Rack, una interfaz de servidor web Ruby. Las versiones de rack-contrib anteriores a la 2.5.0 son vulnerables a la denegaci\u00f3n de servicio debido al hecho de que los datos controlados por el usuario \"profiler_runs\" no estaban sujetos a ninguna limitaci\u00f3n. Esto conducir\u00eda a la asignaci\u00f3n de recursos en el lado del servidor sin limitaci\u00f3n y a una posible denegaci\u00f3n de servicio mediante datos controlados remotamente por el usuario. La versi\u00f3n 2.5.0 contiene un parche para el problema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-352xx/CVE-2024-35232.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35232",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-24T21:15:59.450",
"lastModified": "2024-05-24T21:15:59.450",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.\n"
},
{
"lang": "es",
"value": "github.com/huandu/facebook es un paquete Go que es totalmente compatible con la API Graph de Facebook con carga de archivos, solicitud por lotes y API de marketing. access_token puede exponerse en un mensaje de error si falla la solicitud HTTP. Este problema se solucion\u00f3 en la versi\u00f3n 2.7.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-352xx/CVE-2024-35236.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35236",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T17:15:09.990",
"lastModified": "2024-05-27T17:15:09.990",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability."
},
{
"lang": "es",
"value": "Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. Antes de la versi\u00f3n 2.10.0, abrir un libro electr\u00f3nico con scripts maliciosos en su interior provocaba la ejecuci\u00f3n del c\u00f3digo dentro del contexto de navegaci\u00f3n. Atacar a un usuario con altos privilegios (carga, creaci\u00f3n de librer\u00edas) puede provocar la ejecuci\u00f3n remota de c\u00f3digo (RCE) en el peor de los casos. Esto se prob\u00f3 en la versi\u00f3n 2.9.0 en Windows, pero una escritura de archivo arbitraria es lo suficientemente potente como est\u00e1 y deber\u00eda conducir f\u00e1cilmente a RCE tambi\u00e9n en Linux. La versi\u00f3n 2.10.0 contiene un parche para la vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-352xx/CVE-2024-35237.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35237",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T17:15:10.230",
"lastModified": "2024-05-27T17:15:10.230",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e impacts all users who have performed verification with an instance of MIT IdentiBot that meets the following conditions: The instance of IdentiBot is tied to a \"public\" Discord application\u2014i.e., users other than the API access registrant can add it to servers; *and* the instance has not yet been patched. In affected versions, IdentiBot does not check that a server is authorized before allowing members to execute slash and user commands in that server. As a result, any user can join IdentiBot to their server and then use commands (e.g., `/kerbid`) to reveal the full name and other information about a Discord user who has verified their affiliation with MIT using IdentiBot. The latest version of MIT IdentiBot contains a patch for this vulnerability (implemented in commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e). There is no way to prevent exploitation of the vulnerability without the patch. To prevent exploitation of the vulnerability, all vulnerable instances of IdentiBot should be taken offline until they have been updated."
},
{
"lang": "es",
"value": "MIT IdentiBot es un bot de Discord de c\u00f3digo abierto escrito en Node.js que verifica las afiliaciones de las personas con el MIT, les otorga roles en un servidor de Discord y almacena informaci\u00f3n sobre ellos en una base de datos. Una vulnerabilidad que existe antes del commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e afecta a todos los usuarios que han realizado la verificaci\u00f3n con una instancia de MIT IdentiBot que cumple las siguientes condiciones: La instancia de IdentiBot est\u00e1 vinculada a una aplicaci\u00f3n Discord \"p\u00fablica\", es decir, usuarios distintos del registrante de acceso a la API. puede agregarlo a los servidores; *y* la instancia a\u00fan no ha sido parcheada. En las versiones afectadas, IdentiBot no verifica que un servidor est\u00e9 autorizado antes de permitir a los miembros ejecutar comandos de usuario y barra diagonal en ese servidor. Como resultado, cualquier usuario puede unirse a IdentiBot en su servidor y luego usar comandos (por ejemplo, `/kerbid`) para revelar el nombre completo y otra informaci\u00f3n sobre un usuario de Discord que haya verificado su afiliaci\u00f3n con el MIT usando IdentiBot. La \u00faltima versi\u00f3n de MIT IdentiBot contiene un parche para esta vulnerabilidad (implementado en el commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e). No hay forma de evitar la explotaci\u00f3n de la vulnerabilidad sin el parche. Para evitar la explotaci\u00f3n de la vulnerabilidad, todas las instancias vulnerables de IdentiBot deben desconectarse hasta que se hayan actualizado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-352xx/CVE-2024-35238.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35238",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T18:15:09.920",
"lastModified": "2024-05-27T18:15:09.920",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on the response body. An attacker can exploit this by making Minder make a request to an attacker-controlled endpoint which returns a response with a large body which will crash the Minder server. Specifically, the point of failure is where Minder parses the response from the GitHub attestations endpoint in `getAttestationReply`. Here, Minder makes a request to the `orgs/$owner/attestations/$checksumref` GitHub endpoint (line 285) and then parses the response into the `AttestationReply` (line 295). The way Minder parses the response on line 295 makes it prone to DoS if the response is large enough. Essentially, the response needs to be larger than the machine has available memory. Version 0.0.51 contains a patch for this issue.\n\nThe content that is hosted at the `orgs/$owner/attestations/$checksumref` GitHub attestation endpoint is controlled by users including unauthenticated users to Minders threat model. However, a user will need to configure their own Minder settings to cause Minder to make Minder send a request to fetch the attestations. The user would need to know of a package whose attestations were configured in such a way that they would return a large response when fetching them. As such, the steps needed to carry out this attack would look as such:\n\n1. The attacker adds a package to ghcr.io with attestations that can be fetched via the `orgs/$owner/attestations/$checksumref` GitHub endpoint.\n2. The attacker registers on Minder and makes Minder fetch the attestations.\n3. Minder fetches attestations and crashes thereby being denied of service."
},
{
"lang": "es",
"value": "Minder de Stacklok es una plataforma de seguridad de la cadena de suministro de software de c\u00f3digo abierto. Minder anterior a la versi\u00f3n 0.0.51 es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) que podr\u00eda permitir a un atacante bloquear el servidor Minder y negar el acceso a \u00e9l a otros usuarios. La causa principal de la vulnerabilidad es que el verificador del almac\u00e9n de firmas de Minders lee una respuesta que no es de confianza completamente en la memoria sin imponer un l\u00edmite en el cuerpo de la respuesta. Un atacante puede aprovechar esto haciendo que Minder realice una solicitud a un endpoint controlado por el atacante que devuelva una respuesta con un cuerpo grande que bloquear\u00e1 el servidor Minder. Espec\u00edficamente, el punto de falla es donde Minder analiza la respuesta del endpoint de atestaciones de GitHub en \"getAttestationReply\". Aqu\u00ed, Minder realiza una solicitud al endpoint de GitHub `orgs/$owner/attestations/$checksumref` (l\u00ednea 285) y luego analiza la respuesta en `AttestationReply` (l\u00ednea 295). La forma en que Minder analiza la respuesta en la l\u00ednea 295 la hace propensa a DoS si la respuesta es lo suficientemente grande. Esencialmente, la respuesta debe ser mayor que la memoria disponible de la m\u00e1quina. La versi\u00f3n 0.0.51 contiene un parche para este problema. El contenido alojado en el endpoint de atestaci\u00f3n de GitHub `orgs/$owner/attestations/$checksumref` est\u00e1 controlado por usuarios, incluidos los usuarios no autenticados, del modelo de amenazas de Minders. Sin embargo, un usuario deber\u00e1 configurar sus propios ajustes de Minder para que Minder haga que Minder env\u00ede una solicitud para recuperar las certificaciones. El usuario necesitar\u00eda conocer un paquete cuyas certificaciones estuvieran configuradas de tal manera que devolviera una respuesta grande al recuperarlas. Como tal, los pasos necesarios para llevar a cabo este ataque ser\u00edan los siguientes: 1. El atacante agrega un paquete a ghcr.io con certificaciones que se pueden recuperar a trav\u00e9s del endpoint de GitHub `orgs/$owner/attestations/$checksumref`. 2. El atacante se registra en Minder y hace que Minder busque las certificaciones. 3. Minder obtiene certificaciones y falla, por lo que se le niega el servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-352xx/CVE-2024-35291.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35291",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-27T05:15:08.750",
"lastModified": "2024-05-27T05:15:08.750",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting existe en las versiones de Splunk Config Explorer anteriores a la 1.7.16. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que utiliza el producto."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-352xx/CVE-2024-35297.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35297",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-27T05:15:09.617",
"lastModified": "2024-05-27T05:15:09.617",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting existe en las versiones de WP Booking anteriores a la 2.4.5. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web utilizando el producto."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-353xx/CVE-2024-35373.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35373",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T21:15:59.720",
"lastModified": "2024-05-24T21:15:59.720",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php."
},
{
"lang": "es",
"value": "Mocodo Mocodo Online 4.2.6 y versiones anteriores son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de /web/rewrite.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-353xx/CVE-2024-35374.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35374",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T21:15:59.793",
"lastModified": "2024-05-24T21:15:59.793",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions."
},
{
"lang": "es",
"value": "Mocodo Mocodo Online 4.2.6 y versiones anteriores no desinfecta adecuadamente el campo de entrada sql_case en /web/generate.php, lo que permite a atacantes remotos ejecutar comandos SQL arbitrarios y potencialmente inyecci\u00f3n de comandos, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo (RCE) bajo ciertas condiciones."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-353xx/CVE-2024-35387.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35387",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T18:15:08.363",
"lastModified": "2024-05-24T18:15:08.363",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK LR350 V9.3.5u.6369_B20220309 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro http_host en la funci\u00f3n loginAuth."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-353xx/CVE-2024-35388.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35388",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T19:15:10.037",
"lastModified": "2024-05-24T19:15:10.037",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOLINK NR1800X v9.1.0u.6681_B20230703 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro de contrase\u00f1a en la funci\u00f3n urldecode"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-360xx/CVE-2024-36036.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36036",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-05-27T18:15:10.200",
"lastModified": "2024-05-27T18:15:10.200",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADAudit Plus versiones 7260 e inferiores permiten a los usuarios no autorizados de la m\u00e1quina del agente local acceder a informaci\u00f3n confidencial y modificar la configuraci\u00f3n del agente."
}
],
"metrics": {

8
CVE-2024/CVE-2024-360xx/CVE-2024-36037.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36037",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-05-27T18:15:10.407",
"lastModified": "2024-05-27T18:15:10.407",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings."
},
{
"lang": "es",
"value": "Zoho ManageEngine ADAudit Plus versiones 7260 e inferiores permiten que los usuarios no autorizados de la m\u00e1quina del agente local vean las grabaciones de la sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-360xx/CVE-2024-36054.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36054",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-26T23:15:21.370",
"lastModified": "2024-05-26T23:15:21.370",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory (and consequently gain all privileges) via IOCTL 0x9c4064b8 (via MmMapIoSpace) and IOCTL 0x9c406490 (via ZwMapViewOfSection)."
},
{
"lang": "es",
"value": "Hw64.sys en Marvin Test HW.exe anterior a 5.0.5.0 permite que procesos en modo de usuario sin privilegios lean arbitrariamente la memoria del kernel (y en consecuencia obtengan todos los privilegios) a trav\u00e9s de IOCTL 0x9c4064b8 (a trav\u00e9s de MmMapIoSpace) e IOCTL 0x9c406490 (a trav\u00e9s de ZwMapViewOfSection)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-360xx/CVE-2024-36055.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36055",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-26T23:15:21.457",
"lastModified": "2024-05-26T23:15:21.457",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD)."
},
{
"lang": "es",
"value": "Hw64.sys en Marvin Test HW.exe anterior a 5.0.5.0 permite que los procesos en modo de usuario sin privilegios mapeen arbitrariamente la memoria f\u00edsica con acceso de lectura/escritura a trav\u00e9s de la API MmMapIoSpace (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, otros siete), lo que lleva a una denegaci\u00f3n de servicio (BSOD)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-360xx/CVE-2024-36056.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36056",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-26T23:15:21.520",
"lastModified": "2024-05-26T23:15:21.520",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\\SYSTEM privilege escalation."
},
{
"lang": "es",
"value": "Hw64.sys en Marvin Test HW.exe anterior a 5.0.5.0 permite que procesos en modo de usuario sin privilegios mapeen arbitrariamente la memoria f\u00edsica a trav\u00e9s de IOCTL 0x9c406490 (para IoAllocateMdl, MmBuildMdlForNonPaggedPool y MmMapLockedPages), lo que lleva a una escalada de privilegios NT AUTHORITY\\SYSTEM."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-360xx/CVE-2024-36079.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36079",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T22:15:08.413",
"lastModified": "2024-05-24T22:15:08.413",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Vaultize 21.07.27. Al cargar archivos, no se verifica que el par\u00e1metro de nombre de archivo sea correcto. Como resultado, se crear\u00e1 un archivo temporal fuera del directorio especificado cuando se descargue el archivo. Para aprovechar esto, un usuario autenticado cargar\u00eda un archivo con un nombre incorrecto y luego lo descargar\u00eda."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-361xx/CVE-2024-36105.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36105",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-27T18:15:10.613",
"lastModified": "2024-05-27T18:15:10.613",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to `INADDR_ANY (0.0.0.0)` or `IN6ADDR_ANY (::)` exposes an application on all network interfaces, increasing the risk of unauthorized access. As stated in the Python docs, a special form for address is accepted instead of a host address: `''` represents `INADDR_ANY`, equivalent to `\"0.0.0.0\"`. On systems with IPv6, '' represents `IN6ADDR_ANY`, which is equivalent to `\"::\"`. A user who serves docs on an unsecured public network, may unknowingly be hosting an unsecured (http) web site for any remote user/system to access on the same network. The issue has has been mitigated in dbt-core v1.6.15, dbt-core v1.7.15, and dbt-core v1.8.1 by binding to localhost explicitly by default in `dbt docs serve`.\n"
},
{
"lang": "es",
"value": "dbt permite a los ingenieros y analistas de datos transformar sus datos utilizando las mismas pr\u00e1cticas que utilizan los ingenieros de software para crear aplicaciones. Antes de las versiones 1.6.15, 1.7.15 y 1.8.1, el enlace a `INADDR_ANY (0.0.0.0)` o `IN6ADDR_ANY (::)` expone una aplicaci\u00f3n en todas las interfaces de red, lo que aumenta el riesgo de acceso no autorizado. Como se indica en los documentos de Python, se acepta una forma especial para la direcci\u00f3n en lugar de una direcci\u00f3n de host: `''` representa `INADDR_ANY`, equivalente a `\"0.0.0.0\"`. En sistemas con IPv6, '' representa `IN6ADDR_ANY`, que equivale a `\"::\"`. Un usuario que entrega documentos en una red p\u00fablica no segura puede, sin saberlo, alojar un sitio web no seguro (http) al que cualquier usuario/sistema remoto pueda acceder en la misma red. El problema se ha mitigado en dbt-core v1.6.15, dbt-core v1.7.15 y dbt-core v1.8.1 vinculando expl\u00edcitamente a localhost de forma predeterminada en \"dbt docsserve\"."
}
],
"metrics": {

8
CVE-2024/CVE-2024-362xx/CVE-2024-36241.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36241",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-05-26T14:15:09.830",
"lastModified": "2024-05-26T14:15:09.830",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to\u00a0view arbitrary post contents via the\u00a0/playbook add slash command"
},
{
"lang": "es",
"value": "Las versiones 9.5.x &lt;= 9.5.3, 9.6.x &lt;= 9.6.1 y 8.1.x &lt;= 8.1.12 de Mattermost no aplican controles de acceso adecuados que permiten al usuario ver contenidos de publicaciones arbitrarias mediante el comando /playbook add slash"
}
],
"metrics": {

8
CVE-2024/CVE-2024-362xx/CVE-2024-36255.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36255",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-05-26T14:15:10.060",
"lastModified": "2024-05-26T14:15:10.060",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in some arbitrary channel."
},
{
"lang": "es",
"value": "Las versiones de Mattermost 9.5.x &lt;= 9.5.3, 9.6.x &lt;= 9.6.1 y 8.1.x &lt;= 8.1.12 no realizan una validaci\u00f3n de entrada adecuada en las acciones posteriores, lo que permite a un atacante ejecutar un comando de tarea de lista de verificaci\u00f3n del libro de jugadas como otro usuario creando y compartiendo una acci\u00f3n de publicaci\u00f3n enga\u00f1osa que ejecuta inesperadamente un comando de barra diagonal en alg\u00fan canal arbitrario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-363xx/CVE-2024-36383.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36383",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T11:15:08.710",
"lastModified": "2024-05-27T11:15:08.710",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la autenticaci\u00f3n SAML de Logpoint anterior a 6.0.3. Un atacante puede colocar un nombre de archivo manipulado en el campo de estado de una respuesta SAML SSO-URL y el archivo correspondiente a este nombre de archivo finalmente se eliminar\u00e1. Esto puede provocar una interrupci\u00f3n del inicio de sesi\u00f3n de autenticaci\u00f3n SAML."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-363xx/CVE-2024-36384.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36384",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T04:15:09.143",
"lastModified": "2024-05-27T04:15:09.143",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages."
},
{
"lang": "es",
"value": "Pointsharp Cryptshare Server anterior a 7.0.0 tiene un problema XSS relacionado con los mensajes de notificaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-364xx/CVE-2024-36426.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36426",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T22:15:08.507",
"lastModified": "2024-05-27T22:15:08.507",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session."
},
{
"lang": "es",
"value": "En TARGIT Decision Suite 23.2.15007.0 anterior al oto\u00f1o de 2023, el token de sesi\u00f3n es parte de la URL y puede enviarse en una sesi\u00f3n HTTP de texto sin cifrar."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-364xx/CVE-2024-36428.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36428",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T23:15:13.120",
"lastModified": "2024-05-27T23:15:13.120",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection."
},
{
"lang": "es",
"value": "OrangeHRM 3.3.3 permite la inyecci\u00f3n SQL sortOrder de admin/viewProjects."
}
],
"metrics": {},

59
CVE-2024/CVE-2024-36xx/CVE-2024-3657.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3657",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-05-28T13:15:11.057",
"lastModified": "2024-05-28T13:15:11.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-3657",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401",
"source": "secalert@redhat.com"
}
]
}

8
CVE-2024/CVE-2024-39xx/CVE-2024-3933.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3933",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-05-27T06:15:09.367",
"lastModified": "2024-05-27T06:15:09.367",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range."
},
{
"lang": "es",
"value": "En las versiones de Eclipse OpenJ9 anteriores a 0.44.0 y posteriores a 0.13.0, cuando se ejecuta con la opci\u00f3n JVM -Xgc:concurrentScavenge, la secuencia generada para System.arrayCopy en la plataforma IBM Z con soporte de hardware y software para almacenamiento protegido [1], podr\u00eda permitir el acceso a un b\u00fafer con un valor de longitud incorrecto al ejecutar una secuencia de copia de matriz mientras el ciclo de recolecci\u00f3n de basura de recuperaci\u00f3n concurrente est\u00e1 activo y las regiones de memoria de origen y destino para la copia de matriz se superponen. Esto permite leer y escribir en direcciones m\u00e1s all\u00e1 del final del rango de la matriz."
}
],
"metrics": {

8
CVE-2024/CVE-2024-39xx/CVE-2024-3939.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3939",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-27T06:15:09.733",
"lastModified": "2024-05-27T06:15:09.733",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Ditty WordPress anterior a la versi\u00f3n 3.1.36 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-40xx/CVE-2024-4045.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4045",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-25T06:15:08.630",
"lastModified": "2024-05-25T06:15:08.630",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018campaign_id\u2019 parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'campaign_id' en versiones hasta la 2.16.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y salida que se escapa. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-42xx/CVE-2024-4286.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4286",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-05-26T23:15:21.600",
"lastModified": "2024-05-26T23:15:21.600",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id `57984fa85c31988b2eff429adfc654c46e0c342a`. The vulnerability arises from the application's handling of user modifications by managers or admins, allowing for the modification of all existing attributes of the `user` database entity without proper checks or sanitization. This flaw can be exploited to delete user threads, denying users access to their previously submitted data, or to inject fake threads and/or chat history for social engineering attacks."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Any-llm de Mintplex-Labs es vulnerable a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una declaraci\u00f3n de lenguaje de expresi\u00f3n, identificada en el ID de commit `57984fa85c31988b2eff429adfc654c46e0c342a`. La vulnerabilidad surge del manejo por parte de la aplicaci\u00f3n de las modificaciones de los usuarios por parte de los gerentes o administradores, lo que permite la modificaci\u00f3n de todos los atributos existentes de la entidad de base de datos \"usuario\" sin las comprobaciones o sanitizaci\u00f3n adecuadas. Esta falla se puede explotar para eliminar hilos de usuarios, negarles el acceso a sus datos enviados previamente o para inyectar hilos falsos y/o historial de chat para ataques de ingenier\u00eda social."
}
],
"metrics": {

8
CVE-2024/CVE-2024-45xx/CVE-2024-4529.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4529",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-27T06:15:09.840",
"lastModified": "2024-05-27T06:15:09.840",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento Business Card WordPress hasta la versi\u00f3n 1.0.0 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados realicen acciones no deseadas, como eliminar categor\u00edas de tarjetas mediante ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-45xx/CVE-2024-4530.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4530",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-27T06:15:09.927",
"lastModified": "2024-05-27T06:15:09.927",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento Business Card WordPress hasta la versi\u00f3n 1.0.0 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados realicen acciones no deseadas, como editar categor\u00edas de tarjetas mediante ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-45xx/CVE-2024-4531.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4531",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-27T06:15:10.017",
"lastModified": "2024-05-27T06:15:10.017",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento Business Card WordPress hasta la versi\u00f3n 1.0.0 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas, como editar tarjetas mediante ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-45xx/CVE-2024-4532.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4532",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-27T06:15:10.100",
"lastModified": "2024-05-27T06:15:10.100",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento Business Card WordPress hasta la versi\u00f3n 1.0.0 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas, como eliminar tarjetas mediante ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-45xx/CVE-2024-4533.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4533",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-27T06:15:10.283",
"lastModified": "2024-05-27T06:15:10.283",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks"
},
{
"lang": "es",
"value": "El complemento The KKProgressbar2 Free de WordPress hasta la versi\u00f3n 1.1.4.2 no desinfecta ni escapa un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que permite a los usuarios administradores realizar ataques de inyecci\u00f3n SQL."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-45xx/CVE-2024-4534.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4534",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-27T06:15:10.423",
"lastModified": "2024-05-27T06:15:10.423",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento The KKProgressbar2 Free de WordPress hasta la versi\u00f3n 1.1.4.2 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenados a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-45xx/CVE-2024-4535.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4535",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-27T06:15:10.520",
"lastModified": "2024-05-27T06:15:10.520",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento The KKProgressbar2 Free de WordPress hasta la versi\u00f3n 1.1.4.2 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-48xx/CVE-2024-4858.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4858",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-25T03:15:08.150",
"lastModified": "2024-05-25T03:15:08.150",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature."
},
{
"lang": "es",
"value": "El complemento Testimonial Carousel For Elementor para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'save_testimonials_option_callback' en versiones hasta la 10.2.0 incluida. Esto hace posible que atacantes no autenticados actualicen la clave API de OpenAI, desactivando la funci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-50xx/CVE-2024-5035.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-5035",
"sourceIdentifier": "research@onekey.com",
"published": "2024-05-27T08:15:09.490",
"lastModified": "2024-05-27T08:15:09.490",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The affected device expose a network service called \"rftest\" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890.\u00a0By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with\u00a0elevated privileges.This issue affects Archer C4500X: through 1_1.1.6."
},
{
"lang": "es",
"value": "El dispositivo afectado expone un servicio de red llamado \"rftest\" que es vulnerable a la inyecci\u00f3n de comandos no autenticados en los puertos TCP/8888, TCP/8889 y TCP/8890. Al explotar con \u00e9xito esta falla, un atacante remoto no autenticado puede obtener la ejecuci\u00f3n de comandos arbitrarios en el dispositivo con privilegios elevados. Este problema afecta a Archer C4500X: hasta 1_1.1.6."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-52xx/CVE-2024-5218.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-5218",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-25T04:15:11.510",
"lastModified": "2024-05-25T04:15:11.510",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Reviews and Rating \u2013 Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento The Reviews and Rating \u2013 Google Reviews para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la funci\u00f3n de carga de archivos del complemento en todas las versiones hasta la 5.2 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-52xx/CVE-2024-5220.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-5220",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-25T02:15:41.053",
"lastModified": "2024-05-25T02:15:41.053",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento ND Shortcodes para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la funci\u00f3n de carga del complemento en todas las versiones hasta la 7.5 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-52xx/CVE-2024-5229.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-5229",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-25T03:15:08.377",
"lastModified": "2024-05-25T03:15:08.377",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento The Primary Addon for Elementor para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del widget de tabla de precios del complemento en todas las versiones hasta la 1.5.5 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-52xx/CVE-2024-5270.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-5270",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-05-26T14:15:10.303",
"lastModified": "2024-05-26T14:15:10.303",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit personal details that were otherwise non-editable and provided by the SAML provider."
},
{
"lang": "es",
"value": "Las versiones de Mattermost 9.5.x &lt;= 9.5.3, 9.7.x &lt;= 9.7.1, 9.6.x &lt;= 9.6.1 y 8.1.x &lt;= 8.1.12 no verifican si la opci\u00f3n de configuraci\u00f3n de registro de correo electr\u00f3nico est\u00e1 habilitada cuando un el usuario solicita cambiar de SAML a correo electr\u00f3nico. Esto permite al usuario cambiar su correo de autenticaci\u00f3n de SAML a correo electr\u00f3nico y posiblemente editar datos personales que de otro modo no ser\u00edan editables y proporcionados por el proveedor de SAML."
}
],
"metrics": {

8
CVE-2024/CVE-2024-52xx/CVE-2024-5272.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-5272",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-05-26T14:15:10.537",
"lastModified": "2024-05-26T14:15:10.537",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:28.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail\u00a0to restrict the audience of the \"custom_playbooks_playbook_run_updated\" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by finished."
},
{
"lang": "es",
"value": "Las versiones 9.5.x &lt;= 9.5.3, 9.6.x &lt;= 9.6.1, 8.1.x &lt;= 8.1.12 de Mattermost no restringen la audiencia del evento de webhook \"custom_playbooks_playbook_run_updated\", que permite a un invitado en un canal con un Ejecuci\u00f3n del libro de jugadas vinculada para ver todos los detalles de la ejecuci\u00f3n del libro de jugadas cuando la ejecuci\u00f3n est\u00e1 marcada como finalizada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-53xx/CVE-2024-5336.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-5336",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-25T15:15:09.150",
"lastModified": "2024-05-25T15:15:09.150",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. This vulnerability affects the function addVlan of the file /view/networkConfig/vlan/vlan_add_commit.php. The manipulation of the argument phyport leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266242 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Ruijie RG-UAC hasta 20240516 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n addVlan del archivo /view/networkConfig/vlan/vlan_add_commit.php. La manipulaci\u00f3n del argumento phyport conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-266242 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-53xx/CVE-2024-5337.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-5337",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-25T15:15:09.943",
"lastModified": "2024-05-25T15:15:09.943",
"vulnStatus": "Received",
"lastModified": "2024-05-28T12:39:42.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical. This issue affects some unknown processing of the file /view/systemConfig/sys_user/user_commit.php. The manipulation of the argument email2/user_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Ruijie RG-UAC hasta 20240516 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /view/systemConfig/sys_user/user_commit.php. La manipulaci\u00f3n del argumento correo electr\u00f3nico2/nombre_usuario conduce a la inyecci\u00f3n del comando del sistema operativo. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-266243. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More