admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-30T14:00:18.315797+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-30 14:03:14 +00:00
parent 78f5696fe8
commit 52f73c05b9
141 changed files with 2024 additions and 443 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-489xx/CVE-2022-48944.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-48944",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-30T11:15:14.387",
"lastModified": "2024-08-30T11:15:14.387",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix yet more sched_fork() races\n\nWhere commit 4ef0c5c6b5ba (\"kernel/sched: Fix sched_fork() access an\ninvalid sched_task_group\") fixed a fork race vs cgroup, it opened up a\nrace vs syscalls by not placing the task on the runqueue before it\ngets exposed through the pidhash.\n\nCommit 13765de8148f (\"sched/fair: Fix fault in reweight_entity\") is\ntrying to fix a single instance of this, instead fix the whole class\nof issues, effectively reverting this commit."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched: Fix yet more sched_fork() races Donde el commit 4ef0c5c6b5ba (\"kernel/sched: Fix sched_fork() access an invalid sched_task_group\") corrigi\u00f3 una ejecuci\u00f3n de bifurcaci\u00f3n contra cgroup, abri\u00f3 una carrera contra syscalls al no colocar la tarea en la cola de ejecuci\u00f3n antes de que se exponga a trav\u00e9s de pidhash. El commit 13765de8148f (\"sched/fair: Fix fault in reweight_entity\") est\u00e1 intentando corregir una \u00fanica instancia de esto, en lugar de corregir toda la clase de problemas, revirtiendo efectivamente esta confirmaci\u00f3n."
}
],
"metrics": {},

25
CVE-2023/CVE-2023-24xx/CVE-2023-2414.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2414",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:07.127",
"lastModified": "2024-08-23T14:15:09.670",
"vulnStatus": "Modified",
"lastModified": "2024-08-30T13:54:57.143",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -56,6 +56,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -77,8 +87,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:online_booking_\\&_scheduling_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.2.10",
"matchCriteriaId": "94EABBCE-A9C4-4AC5-BE90-C55E524F0D15"
"versionEndIncluding": "4.4.6",
"matchCriteriaId": "2E22AB66-41B6-4D38-9EBC-AF507474C34A"
}
]
}
@ -97,12 +107,15 @@
"url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php#L88",
"source": "security@wordfence.com",
"tags": [
"Patch"
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2933915/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php?contextall=1&old=2924763&old_path=%2Fmeeting-scheduler-by-vcita%2Ftrunk%2Fvcita-ajax-function.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c99aab5-a995-44ae-bc14-09f73e6b22c5?source=cve",

4
CVE-2024/CVE-2024-04xx/CVE-2024-0421.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-0421",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-12T16:15:08.620",
"lastModified": "2024-02-12T17:31:21.670",
"lastModified": "2024-08-30T13:15:12.090",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts."
"value": "The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-08xx/CVE-2024-0881.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-0881",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-11T16:15:24.800",
"lastModified": "2024-04-12T12:44:04.930",
"lastModified": "2024-08-30T13:15:12.190",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts"
"value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts"
},
{
"lang": "es",

8
CVE-2024/CVE-2024-10xx/CVE-2024-1056.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1056",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-29T14:15:08.270",
"lastModified": "2024-08-29T14:15:08.270",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento FunnelKit Funnel Builder Pro para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s de la funci\u00f3n 'allow_iframe_tag_in_post', que utiliza el filtro 'wp_kses_allowed_html' para permitir de forma global las etiquetas de scripts e iframes en las publicaciones en todas las versiones hasta la 3.4.5 incluida. Esto permite que atacantes autenticados, con acceso de colaborador o superior, inyecten scripts web arbitrarias en las p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2024/CVE-2024-10xx/CVE-2024-1076.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-1076",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-08T06:15:06.877",
"lastModified": "2024-05-08T13:15:00.690",
"lastModified": "2024-08-30T13:15:12.257",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSL Zen WordPress plugin before 4.6.0 only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX."
"value": "The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX."
},
{
"lang": "es",

8
CVE-2024/CVE-2024-15xx/CVE-2024-1543.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1543",
"sourceIdentifier": "facts@wolfssl.com",
"published": "2024-08-29T23:15:10.067",
"lastModified": "2024-08-29T23:15:10.067",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500"
},
{
"lang": "es",
"value": "La implementaci\u00f3n de T-Table protegida por canal lateral en wolfSSL hasta la versi\u00f3n 5.6.5 protege contra un atacante de canal lateral con resoluci\u00f3n de l\u00ednea de cach\u00e9. En un entorno controlado como Intel SGX, un atacante puede obtener una resoluci\u00f3n de l\u00ednea de subcach\u00e9 por instrucci\u00f3n que le permita romper la protecci\u00f3n a nivel de l\u00ednea de cach\u00e9. Para obtener detalles sobre el ataque, consulte: https://doi.org/10.46586/tches.v2024.i1.457-500"
}
],
"metrics": {

8
CVE-2024/CVE-2024-15xx/CVE-2024-1545.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1545",
"sourceIdentifier": "facts@wolfssl.com",
"published": "2024-08-29T23:15:10.263",
"lastModified": "2024-08-29T23:15:10.263",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker\u00a0co-resides in the same system with a victim process to\u00a0disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n de fallas en la funci\u00f3n RsaPrivateDecryption en wolfssl/wolfcrypt/src/rsa.c en WolfSSL wolfssl5.6.6 en Linux/Windows permite a un atacante remoto residir en el mismo sistema con un proceso v\u00edctima para divulgar informaci\u00f3n y escalar privilegios a trav\u00e9s de la inyecci\u00f3n de fallas de Rowhammer a la estructura RsaKey."
}
],
"metrics": {

8
CVE-2024/CVE-2024-25xx/CVE-2024-2502.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2502",
"sourceIdentifier": "product-security@silabs.com",
"published": "2024-08-29T22:15:05.153",
"lastModified": "2024-08-29T22:15:05.153",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.\n\nThis is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This impacts Series 2 HSE-SVH devices, including xG23B, xG24B, xG25B, and xG28B, but does not impact xG21B. To mitigate this issue, upgrade to SE Firmware version 2.2.6 or later."
},
{
"lang": "es",
"value": "Se puede configurar una aplicaci\u00f3n para bloquear los intentos de arranque despu\u00e9s de detectar reinicios de manipulaci\u00f3n consecutivos, lo que puede no ocurrir como se espera. Esto es posible porque el registro TAMPERRSTCAUSE puede no actualizarse correctamente cuando se produce un evento de manipulaci\u00f3n de nivel 4 (un reinicio de manipulaci\u00f3n). Esto afecta a los dispositivos HSE-SVH de la serie 2, incluidos xG23B, xG24B, xG25B y xG28B, pero no afecta a xG21B. Para mitigar este problema, actualice a la versi\u00f3n 2.2.6 del firmware SE o posterior."
}
],
"metrics": {

8
CVE-2024/CVE-2024-26xx/CVE-2024-2694.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2694",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-30T05:15:12.213",
"lastModified": "2024-08-30T05:15:12.213",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
},
{
"lang": "es",
"value": "El tema Betheme para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 27.5.6 incluida, a trav\u00e9s de la deserializaci\u00f3n de la entrada no confiable del valor meta de la publicaci\u00f3n 'mfn-page-items'. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten un objeto PHP. No hay ninguna cadena POP presente en el complemento vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo."
}
],
"metrics": {

97
CVE-2024/CVE-2024-270xx/CVE-2024-27095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27095",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-10T19:15:10.407",
"lastModified": "2024-07-11T13:05:54.930",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-30T12:57:40.090",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +81,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "0.27.6",
"matchCriteriaId": "F06324EE-53B1-4FAE-8BEF-795C35E4975D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:0.28.0:-:*:*:*:ruby:*:*",
"matchCriteriaId": "637B8863-0862-4FB4-9871-EDCF21054F34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:0.28.0:rc1:*:*:*:ruby:*:*",
"matchCriteriaId": "8B3E98CE-A52C-4965-8549-559A23A38306"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:0.28.0:rc2:*:*:*:ruby:*:*",
"matchCriteriaId": "D90343A7-D472-4EE2-91A1-9F173A42BCD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:0.28.0:rc3:*:*:*:ruby:*:*",
"matchCriteriaId": "A7805027-BBE2-48C3-AE74-F8D03A76D00F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:0.28.0:rc4:*:*:*:ruby:*:*",
"matchCriteriaId": "178DC9F7-9880-437E-A0BF-CD5A4E6691BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:0.28.0:rc5:*:*:*:ruby:*:*",
"matchCriteriaId": "76E8A31B-8F15-4D43-A371-230C4FADDF5F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/decidim/decidim/releases/tag/v0.27.6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/decidim/decidim/releases/tag/v0.28.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-28xx/CVE-2024-2881.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2881",
"sourceIdentifier": "facts@wolfssl.com",
"published": "2024-08-30T00:15:04.917",
"lastModified": "2024-08-30T00:15:04.917",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fault Injection vulnerability in\u00a0wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker\u00a0co-resides in the same system with a victim process to\u00a0disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n de fallas en la funci\u00f3n wc_ed25519_sign_msg en wolfssl/wolfcrypt/src/ed25519.c en WolfSSL wolfssl5.6.6 en Linux/Windows permite a un atacante remoto residir en el mismo sistema con un proceso v\u00edctima para divulgar informaci\u00f3n y escalar privilegios a trav\u00e9s de la inyecci\u00f3n de fallas de Rowhammer a la estructura ed25519_key."
}
],
"metrics": {

8
CVE-2024/CVE-2024-340xx/CVE-2024-34017.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34017",
"sourceIdentifier": "security@acronis.com",
"published": "2024-08-29T20:15:07.743",
"lastModified": "2024-08-29T20:15:07.743",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) antes de la compilaci\u00f3n 4569."
}
],
"metrics": {

8
CVE-2024/CVE-2024-340xx/CVE-2024-34018.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34018",
"sourceIdentifier": "security@acronis.com",
"published": "2024-08-29T20:15:07.997",
"lastModified": "2024-08-29T20:15:07.997",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n confidencial debido a permisos de carpetas inseguros. Los siguientes productos se ven afectados: Acronis Snap Deploy (Windows) antes de la compilaci\u00f3n 4569."
}
],
"metrics": {

8
CVE-2024/CVE-2024-340xx/CVE-2024-34019.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34019",
"sourceIdentifier": "security@acronis.com",
"published": "2024-08-29T20:15:08.193",
"lastModified": "2024-08-29T20:15:08.193",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Snap Deploy (Windows) antes de la compilaci\u00f3n 4569."
}
],
"metrics": {

8
CVE-2024/CVE-2024-345xx/CVE-2024-34577.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34577",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-08-30T07:15:11.660",
"lastModified": "2024-08-30T07:15:11.660",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross Site Scripting en WRC-X3000GS2-B, WRC-X3000GS2-W y WRC-X3000GS2A-B debido al procesamiento incorrecto de los valores de entrada en easysetup.cgi. Si un usuario visualiza una p\u00e1gina web maliciosa mientras est\u00e1 conectado al producto, es posible que se ejecute una secuencia de comandos arbitraria en el navegador web del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-351xx/CVE-2024-35118.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35118",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-29T16:15:08.613",
"lastModified": "2024-08-29T16:15:08.613",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device."
},
{
"lang": "es",
"value": "IBM MaaS360 para Android 6.31 a 8.60 utiliza credenciales codificadas que un usuario con acceso f\u00edsico al dispositivo puede obtener."
}
],
"metrics": {

8
CVE-2024/CVE-2024-351xx/CVE-2024-35133.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35133",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-29T17:15:07.250",
"lastModified": "2024-08-29T17:15:07.250",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
},
{
"lang": "es",
"value": "El proveedor OIDC de IBM Security Verify Access 10.0.0 a 10.0.8 podr\u00eda permitir que un atacante remoto realice ataques de phishing mediante un ataque de redireccionamiento abierto. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para falsificar la URL mostrada y redirigir al usuario a un sitio web malicioso que parezca confiable. Esto podr\u00eda permitir al atacante obtener informaci\u00f3n altamente confidencial o realizar m\u00e1s ataques contra la v\u00edctima."
}
],
"metrics": {

8
CVE-2024/CVE-2024-36xx/CVE-2024-3673.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3673",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-30T06:15:05.400",
"lastModified": "2024-08-30T06:15:05.400",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues."
},
{
"lang": "es",
"value": "El complemento Web Directory Free para WordPress anterior a la versi\u00f3n 1.7.3 no valida un par\u00e1metro antes de usarlo en un include(), lo que podr\u00eda generar problemas de inclusi\u00f3n de archivos locales."
}
],
"metrics": {},

106
CVE-2024/CVE-2024-385xx/CVE-2024-38561.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38561",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:16.313",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-30T12:45:05.240",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kunit: Fix kthread reference Hay una condici\u00f3n de ejecuci\u00f3n cuando un kthread finaliza despu\u00e9s de la fecha l\u00edmite y antes de la llamada a kthread_stop(), lo que puede llevar a su use-after-free."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "1F607CCF-2E38-46A2-8403-EE0DC522FA61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1ec7ccb4cd4b6f72c2998b07880fa7aaf8dfe1d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1f2ebd3758e1cef6a1f998a1f7ea73310dcb1699",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8f5c841a559ccb700c8d27a3ca645b7a5f59b4f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b0b755cb5a5e0d7168c3ab1b3814b0d3cad9f017",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f8aa1b98ce40184521ed95ec26cc115a255183b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2024/CVE-2024-385xx/CVE-2024-38562.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38562",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:16.393",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-30T12:47:20.287",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: evitar c\u00e1lculos de direcciones mediante indexaci\u00f3n de matrices fuera de los l\u00edmites Antes de poder utilizar request->channels[], se debe configurar request->n_channels. Adem\u00e1s, los c\u00e1lculos de direcciones para la memoria despu\u00e9s de la matriz de \"canales\" deben calcularse a partir de la base de asignaci\u00f3n (\"solicitud\") en lugar de mediante el primer \u00edndice \"fuera de los l\u00edmites\" de \"canales\"; de lo contrario, la verificaci\u00f3n de los l\u00edmites en tiempo de ejecuci\u00f3n arrojar\u00e1 un advertencia."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "53BC60D9-65A5-4D8F-96C8-149F09214DBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/4e2a5566462b53db7d4c4722da86eedf0b8f546c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/838c7b8f1f278404d9d684c34a8cb26dc41aaaa1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8fa4d56564ee7cc2ee348258d88efe191d70dd7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ed74398642fcb19f6ff385c35a7d512c6663e17b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

8
CVE-2024/CVE-2024-386xx/CVE-2024-38693.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38693",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T14:15:08.680",
"lastModified": "2024-08-29T14:15:08.680",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en weDevs WP User Frontend permite la inyecci\u00f3n SQL. Este problema afecta a WP User Frontend: desde n/a hasta 4.0.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-387xx/CVE-2024-38793.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38793",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:26.260",
"lastModified": "2024-08-29T15:15:26.260",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en PriceListo Best Restaurant Menu by PriceListo permite la inyecci\u00f3n SQL. Este problema afecta a Best Restaurant Menu by PriceListo: desde n/a hasta 1.4.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-387xx/CVE-2024-38795.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38795",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:26.460",
"lastModified": "2024-08-29T15:15:26.460",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en CridioStudio ListingPro permite la inyecci\u00f3n SQL. Este problema afecta a ListingPro: desde n/a hasta 2.9.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39300.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39300",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-08-30T07:15:11.837",
"lastModified": "2024-08-30T07:15:11.837",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de falta de autenticaci\u00f3n en la funci\u00f3n Telnet de WAB-I1750-PS v1.5.10 y versiones anteriores. Cuando la funci\u00f3n Telnet del producto est\u00e1 habilitada, un atacante remoto puede iniciar sesi\u00f3n en el producto sin autenticaci\u00f3n y alterar la configuraci\u00f3n del producto."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-396xx/CVE-2024-39620.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39620",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:26.710",
"lastModified": "2024-08-29T15:15:26.710",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en CridioStudio ListingPro permite la inyecci\u00f3n SQL. Este problema afecta a ListingPro: desde n/a hasta 2.9.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39622.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39622",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:26.900",
"lastModified": "2024-08-29T15:15:26.900",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en CridioStudio ListingPro. Este problema afecta a ListingPro: desde n/a hasta 2.9.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39638.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39638",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:27.093",
"lastModified": "2024-08-29T15:15:27.093",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Roundup WP Registrations for the Events Calendar permiten la inyecci\u00f3n SQL. Este problema afecta a las inscripciones para el calendario de eventos: desde n/a hasta 2.12.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39653.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39653",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:27.297",
"lastModified": "2024-08-29T15:15:27.297",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en E4J sRL VikRentCar permite la inyecci\u00f3n SQL. Este problema afecta a VikRentCar: desde n/a hasta 1.4.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39658.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39658",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:27.493",
"lastModified": "2024-08-29T15:15:27.493",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Salon Booking System Salon booking system permite la inyecci\u00f3n SQL. Este problema afecta al sistema de reservas de salones: desde n/a hasta 10.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-39xx/CVE-2024-3998.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3998",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-30T05:15:12.513",
"lastModified": "2024-08-30T05:15:12.513",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El tema Betheme para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de varios de los c\u00f3digos cortos del complemento en todas las versiones hasta la 27.5.6 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-413xx/CVE-2024-41345.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41345",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:08.393",
"lastModified": "2024-08-29T21:35:08.563",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php"
},
{
"lang": "es",
"value": "El commit 5234b5b de openflights es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de php/trip.php"
}
],
"metrics": {

8
CVE-2024/CVE-2024-413xx/CVE-2024-41346.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41346",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:08.483",
"lastModified": "2024-08-29T20:15:08.483",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php"
},
{
"lang": "es",
"value": "El commit 5234b5b de openflights es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de php/submit.php"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41347.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41347",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:08.573",
"lastModified": "2024-08-29T20:15:08.573",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php"
},
{
"lang": "es",
"value": "El commit 5234b5b de openflights es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de php/settings.php"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41348.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41348",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:08.667",
"lastModified": "2024-08-29T20:15:08.667",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php"
},
{
"lang": "es",
"value": "El commit 5234b5b de openflights es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de php/alsearch.php"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41349.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41349",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T21:15:10.433",
"lastModified": "2024-08-29T21:15:10.433",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php."
},
{
"lang": "es",
"value": "unmark 1.9.2 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de application/views/marks/add_by_url.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41350",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:08.750",
"lastModified": "2024-08-29T21:35:09.343",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php"
},
{
"lang": "es",
"value": "El commit a560fd5 de bjyadmin es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de Public/statics/ueditor1_2_3/php/imageUp.php"
}
],
"metrics": {

8
CVE-2024/CVE-2024-413xx/CVE-2024-41351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41351",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:08.810",
"lastModified": "2024-08-29T21:35:10.113",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php"
},
{
"lang": "es",
"value": "El commit a560fd5 de bjyadmin es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de Public/statics/ueditor1_2_3/php/getContent.php"
}
],
"metrics": {

8
CVE-2024/CVE-2024-413xx/CVE-2024-41358.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41358",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:08.873",
"lastModified": "2024-08-29T20:15:08.873",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\\admin\\import-export\\import-load-data.php."
},
{
"lang": "es",
"value": "phpipam 1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de app\\admin\\import-export\\import-load-data.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41361.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41361",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:08.953",
"lastModified": "2024-08-29T20:15:08.953",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\manageFilesFolders.php"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que RPi-Jukebox-RFID v2.7.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de htdocs\\manageFilesFolders.php"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41364.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41364",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:09.033",
"lastModified": "2024-08-29T20:15:09.033",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\trackEdit.php"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que RPi-Jukebox-RFID v2.7.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de htdocs\\trackEdit.php"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41366.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41366",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:09.113",
"lastModified": "2024-08-29T20:15:09.113",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\userScripts.php"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que RPi-Jukebox-RFID v2.7.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de htdocs\\userScripts.php"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41367.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41367",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:09.193",
"lastModified": "2024-08-29T20:15:09.193",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\api\\playlist\\appendFileToPlaylist.php"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que RPi-Jukebox-RFID v2.7.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de htdocs\\api\\playlist\\appendFileToPlaylist.php"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41368.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41368",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:09.277",
"lastModified": "2024-08-29T20:15:09.277",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\inc.setWlanIpMail.php"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que RPi-Jukebox-RFID v2.7.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de htdocs\\inc.setWlanIpMail.php"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41369.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41369",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:09.350",
"lastModified": "2024-08-29T20:15:09.350",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\\inc.setWifi.php"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que RPi-Jukebox-RFID v2.7.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de htdocs\\inc.setWifi.php"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41370",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:09.433",
"lastModified": "2024-08-29T20:15:09.433",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Organizr v1.90 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de chat/setlike.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41371",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:09.493",
"lastModified": "2024-08-29T20:15:09.493",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php."
},
{
"lang": "es",
"value": "Organizr v1.90 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de api.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-413xx/CVE-2024-41372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41372",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T20:15:09.553",
"lastModified": "2024-08-29T20:15:09.553",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Organizr v1.90 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de chat/settyping.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-419xx/CVE-2024-41964.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41964",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-29T17:15:07.980",
"lastModified": "2024-08-29T17:15:07.980",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Kirby es un CMS dirigido a manipuladores y editores. Kirby permite restringir los permisos de roles de usuario espec\u00edficos. Los usuarios de ese rol solo pueden realizar acciones permitidas. Los permisos para crear y eliminar idiomas ya exist\u00edan y se pod\u00edan configurar, pero no se aplicaban mediante el c\u00f3digo de interfaz o backend de Kirby. No exist\u00eda un permiso para actualizar idiomas existentes antes de las versiones parcheadas. Por lo tanto, deshabilitar el permiso comod\u00edn de idiomas.* para un rol no podr\u00eda haber prohibido las actualizaciones de las definiciones de idiomas existentes. Las comprobaciones de permisos faltantes permit\u00edan a los atacantes con acceso al Panel manipular las definiciones de idiomas. El problema se ha corregido en Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1 y Kirby 4.3.1. Actualice a una de estas versiones o a una posterior para corregir la vulnerabilidad. No existen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-424xx/CVE-2024-42412.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42412",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-08-30T07:15:12.070",
"lastModified": "2024-08-30T07:15:12.070",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross Site Scripting en WAB-I1750-PS y WAB-S1167-PS debido al procesamiento incorrecto de los valores de entrada en menu.cgi. Si un usuario visualiza una p\u00e1gina web maliciosa mientras est\u00e1 conectado al producto, es posible que se ejecute una secuencia de comandos arbitraria en el navegador web del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-431xx/CVE-2024-43132.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43132",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:28.327",
"lastModified": "2024-08-29T15:15:28.327",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en WPWeb Elite Docket (Colecciones / Lista de deseos / Lista de seguimiento de WooCommerce) permite la inyecci\u00f3n SQL. Este problema afecta a Docket (Colecciones / Lista de deseos / Lista de seguimiento de WooCommerce): desde n/a antes de 1.7.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-431xx/CVE-2024-43144.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43144",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:28.530",
"lastModified": "2024-08-29T15:15:28.530",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en StylemixThemes Cost Calculator Builder permite la inyecci\u00f3n SQL. Este problema afecta a Cost Calculator Builder: desde n/a hasta 3.2.15."
}
],
"metrics": {

8
CVE-2024/CVE-2024-438xx/CVE-2024-43804.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43804",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-29T17:15:08.193",
"lastModified": "2024-08-29T17:15:08.193",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. User-supplied input is used without validation when constructing and executing an OS command. User supplied JSON POST data is parsed and if \"id\" JSON key does not exist, JSON value supplied via \"ip\" JSON key is assigned to the \"ip\" variable. Later on, \"ip\" variable which can be controlled by the attacker is used when constructing the cmd and cmd1 strings without any extra validation. Then, server_mod.subprocess_execute function is called on both cmd1 and cmd2. When the definition of the server_mod.subprocess_execute() function is analyzed, it can be seen that subprocess.Popen() is called on the input parameter with shell=True which results in OS Command Injection. This issue has not yet been patched. Users are advised to contact the Roxy-WI to coordinate a fix."
},
{
"lang": "es",
"value": "Roxy-WI es una interfaz web para administrar servidores Haproxy, Nginx, Apache y Keepalived. Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo permite que cualquier usuario autenticado en la aplicaci\u00f3n ejecute c\u00f3digo arbitrario en el servidor de aplicaciones web a trav\u00e9s de la funcionalidad de escaneo de puertos. La entrada proporcionada por el usuario se utiliza sin validaci\u00f3n al construir y ejecutar un comando del sistema operativo. Los datos POST JSON proporcionados por el usuario se analizan y si la clave JSON \"id\" no existe, el valor JSON proporcionado a trav\u00e9s de la clave JSON \"ip\" se asigna a la variable \"ip\". M\u00e1s adelante, la variable \"ip\" que puede ser controlada por el atacante se utiliza al construir las cadenas cmd y cmd1 sin ninguna validaci\u00f3n adicional. Luego, se llama a la funci\u00f3n server_mod.subprocess_execute tanto en cmd1 como en cmd2. Cuando se analiza la definici\u00f3n de la funci\u00f3n server_mod.subprocess_execute(), se puede ver que se llama a subprocess.Popen() en el par\u00e1metro de entrada con shell=True, lo que da como resultado una inyecci\u00f3n de comandos del sistema operativo. Este problema a\u00fan no se ha solucionado. Se recomienda a los usuarios que se pongan en contacto con Roxy-WI para coordinar una soluci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43917.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43917",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:28.753",
"lastModified": "2024-08-29T15:15:28.753",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en TemplateInvaders TI WooCommerce Wishlist permite la inyecci\u00f3n SQL. Este problema afecta a TI WooCommerce Wishlist: desde n/a hasta 2.8.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43918.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43918",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:29.010",
"lastModified": "2024-08-29T15:15:29.010",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en WBW WBW Product Table PRO permite la inyecci\u00f3n SQL. Este problema afecta a WBW Product Table PRO: desde n/a hasta 1.9.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43920.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43920",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T19:15:08.173",
"lastModified": "2024-08-29T19:15:08.173",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Jegstudio Gutenverse permite XSS almacenado. Este problema afecta a Gutenverse: desde n/a hasta 1.9.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43921.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43921",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T19:15:08.383",
"lastModified": "2024-08-29T19:15:08.383",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Magic Post Thumbnail permite XSS reflejado. Este problema afecta a Magic Post Thumbnail: desde n/a hasta 5.2.9."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43922.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43922",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:29.227",
"lastModified": "2024-08-29T15:15:29.227",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7."
},
{
"lang": "es",
"value": "Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo ('inyecci\u00f3n de c\u00f3digo') en NitroPack Inc. NitroPack permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a NitroPack: desde n/a hasta 1.16.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43926.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43926",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:09.713",
"lastModified": "2024-08-29T18:15:09.713",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Reflected XSS.This issue affects Beaver Builder: from n/a through 2.8.3.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en The Beaver Builder Team Beaver Builder permite XSS reflejado. Este problema afecta a Beaver Builder: desde n/a hasta 2.8.3.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43931.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43931",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:29.427",
"lastModified": "2024-08-29T15:15:29.427",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3."
},
{
"lang": "es",
"value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en Eyecix JobSearch permite la inyecci\u00f3n de objetos. Este problema afecta a JobSearch: desde n/a hasta 2.5.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43934.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43934",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:10.030",
"lastModified": "2024-08-29T18:15:10.030",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robert Felty Collapsing Archives allows Stored XSS.This issue affects Collapsing Archives: from n/a through 3.0.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Robert Felty Collapsing Archives permite XSS almacenado. Este problema afecta a Collapsing Archives: desde n/a hasta 3.0.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43935.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43935",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:10.303",
"lastModified": "2024-08-29T18:15:10.303",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes \u2013 WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes \u2013 WordPress Recipe Plugin: from n/a through 1.6.7."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Delicious Delicious Recipes \u2013 WordPress Recipe Plugin permite XSS almacenado. Este problema afecta a Delicious Recipes \u2013 WordPress Recipe Plugin: desde n/a hasta 1.6.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43936.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43936",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:10.647",
"lastModified": "2024-08-29T18:15:10.647",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WPDeveloper EmbedPress permite XSS almacenado. Este problema afecta a EmbedPress: desde n/a hasta 4.0.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43939.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43939",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:29.633",
"lastModified": "2024-08-29T15:15:29.633",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n faltante en VIICTORY MEDIA LLC ZYNITH permite acceder a funcionalidad no restringida correctamente por las ACL. Este problema afecta a ZYNITH: desde n/a hasta 7.4.9."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43940.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43940",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:29.833",
"lastModified": "2024-08-29T15:15:29.833",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n faltante en VIICTORY MEDIA LLC ZYNITH permite acceder a funcionalidad no restringida correctamente por las ACL. Este problema afecta a ZYNITH: desde n/a hasta 7.4.9."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43941.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43941",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:30.040",
"lastModified": "2024-08-29T15:15:30.040",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Propovoice Pro permite la inyecci\u00f3n SQL. Este problema afecta a Propovoice Pro: desde n/a hasta 1.7.0.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43942.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43942",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T15:15:30.247",
"lastModified": "2024-08-29T15:15:30.247",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Wpsoul Greenshift Query and Meta Addon permite la inyecci\u00f3n SQL. Este problema afecta a Greenshift Query and Meta Addon: desde n/a antes de 3.9.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43943.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43943",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T16:15:09.013",
"lastModified": "2024-08-29T16:15:09.013",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en el complemento Wpsoul Greenshift Woocommerce permite la inyecci\u00f3n SQL. Este problema afecta al complemento Greenshift Woocommerce: desde n/a hasta 1.9.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43944.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43944",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T16:15:09.197",
"lastModified": "2024-08-29T16:15:09.197",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & Coming Soon Redirect Animation: from n/a through 2.1.3."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n incorrecta en Yassine Idrissi Maintenance & Coming Soon Redirect Animation permite acceder a funciones que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a la animaci\u00f3n de redireccionamiento de mantenimiento y pr\u00f3ximamente: desde n/a hasta 2.1.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43946.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43946",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:10.957",
"lastModified": "2024-08-29T18:15:10.957",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks \u2013 Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks \u2013 Gutenberg based Page Builder: from n/a through 1.5."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en SKT Blocks \u2013 Gutenberg based Page Builder permite XSS almacenado. Este problema afecta a SKT Blocks \u2013 Gutenberg based Page Builder: desde n/a hasta 1.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43947.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43947",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T19:15:08.653",
"lastModified": "2024-08-29T19:15:08.653",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Dinesh Karki WP Armour Extended. Este problema afecta a WP Armour Extended: desde n/a hasta 1.26."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43948.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43948",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:11.210",
"lastModified": "2024-08-29T18:15:11.210",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Dinesh Karki WP Armour Extended. Este problema afecta a WP Armour Extended: desde n/a hasta 1.26."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43949.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43949",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:11.493",
"lastModified": "2024-08-29T18:15:11.493",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Automattic GHActivity permite XSS almacenado. Este problema afecta a GHActivity: desde n/a hasta 2.0.0-alpha."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43950.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43950",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:11.770",
"lastModified": "2024-08-29T18:15:11.770",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Nextbricks Brickscore permite XSS almacenado. Este problema afecta a Brickscore: desde n/a hasta 1.4.2.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43951.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43951",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:12.060",
"lastModified": "2024-08-29T18:15:12.060",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Tempera allows Stored XSS.This issue affects Tempera: from n/a through 1.8.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Tempera permite XSS almacenado. Este problema afecta a Tempera: desde n/a hasta 1.8.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43952.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43952",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:12.330",
"lastModified": "2024-08-29T18:15:12.330",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Esotera allows Stored XSS.This issue affects Esotera: from n/a through 1.2.5.1."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Esotera permite XSS almacenado. Este problema afecta a Esotera: desde n/a hasta 1.2.5.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43953.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43953",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:12.593",
"lastModified": "2024-08-29T18:15:12.593",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Classic Addons Classic Addons \u2013 WPBakery Page Builder allows Stored XSS.This issue affects Classic Addons \u2013 WPBakery Page Builder: from n/a through 3.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Classic Addons Classic Addons \u2013 WPBakery Page Builder permite XSS almacenado. Este problema afecta a Classic Addons \u2013 WPBakery Page Builder: desde n/a hasta 3.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43954.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43954",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T16:15:09.383",
"lastModified": "2024-08-29T16:15:09.383",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n incorrecta en Themeum Droip permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a Droip: desde n/a hasta 1.1.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43955.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43955",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T16:15:09.570",
"lastModified": "2024-08-29T16:15:09.570",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Themeum Droip permite la manipulaci\u00f3n de archivos. Este problema afecta a Droip: desde n/a hasta 1.1.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43957.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43957",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T16:15:09.757",
"lastModified": "2024-08-29T16:15:09.757",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9."
},
{
"lang": "es",
"value": "Vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Sk. Abul Hasan Animated Number Counters permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Animated Number Counters: desde n/a hasta 1.9."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43958.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43958",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:12.870",
"lastModified": "2024-08-29T18:15:12.870",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Gianni Porto IntoTheDark permite XSS reflejado. Este problema afecta a IntoTheDark: desde n/a hasta 1.0.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43960.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43960",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:13.133",
"lastModified": "2024-08-29T18:15:13.133",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.4.6."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Page Builder Addons Web and WooCommerce Addons for WPBakery Builder permiten XSS almacenado. Este problema afecta a los complementos web y WooCommerce para WPBakery Builder: desde n/a hasta 1.4.6."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43961.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43961",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:13.393",
"lastModified": "2024-08-29T18:15:13.393",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Toggle Show/Hide: from n/a through 2.1.3."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en azurecurve azurecurve Toggle Show/Hide permite XSS almacenado. Este problema afecta a azurecurve Toggle Show/Hide: desde n/a hasta 2.1.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43963.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43963",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:13.673",
"lastModified": "2024-08-29T18:15:13.673",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WaspThemes YellowPencil Visual CSS Style Editor permite XSS reflejado. Este problema afecta al editor de estilos CSS visual YellowPencil: desde n/a hasta 7.6.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43964.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43964",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T18:15:13.930",
"lastModified": "2024-08-29T18:15:13.930",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Leithold DSGVO All in one for WP allows Stored XSS.This issue affects DSGVO All in one for WP: from n/a through 4.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Michael Leithold DSGVO All in one for WP permite XSS almacenado. Este problema afecta a DSGVO All in one for WP: desde n/a hasta 4.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-439xx/CVE-2024-43965.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43965",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T16:15:09.947",
"lastModified": "2024-08-29T16:15:09.947",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Smackcoders SendGrid para WordPress permite la inyecci\u00f3n SQL. Este problema afecta a SendGrid para WordPress: desde n/a hasta 1.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-447xx/CVE-2024-44716.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44716",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T18:15:14.200",
"lastModified": "2024-08-29T18:15:14.200",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en DedeBIZ v6.3.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload especialmente manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-447xx/CVE-2024-44717.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44717",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T18:15:14.333",
"lastModified": "2024-08-29T18:15:14.333",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en DedeBIZ v6.3.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload especialmente manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-447xx/CVE-2024-44776.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44776",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T18:15:14.440",
"lastModified": "2024-08-29T18:15:14.440",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redirecci\u00f3n abierta en el par\u00e1metro de p\u00e1gina de vTiger CRM v7.4.0 permite a los atacantes redirigir a los usuarios a un sitio malicioso a trav\u00e9s de una URL creada espec\u00edficamente para ello."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-447xx/CVE-2024-44777.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44777",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T18:15:14.540",
"lastModified": "2024-08-29T20:36:55.290",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) reflejado en el par\u00e1metro de etiqueta en la p\u00e1gina de \u00edndice de vTiger CRM 7.4.0 permite a los atacantes ejecutar c\u00f3digo arbitrario en el contexto del navegador de un usuario mediante la inyecci\u00f3n de un payload especialmente manipulado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-447xx/CVE-2024-44778.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44778",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T18:15:14.633",
"lastModified": "2024-08-29T20:36:56.060",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) reflejado en el par\u00e1metro principal de la p\u00e1gina de \u00edndice de vTiger CRM 7.4.0 permite a los atacantes ejecutar c\u00f3digo arbitrario en el contexto del navegador de un usuario mediante la inyecci\u00f3n de un payload especialmente manipulado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-447xx/CVE-2024-44779.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44779",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T18:15:14.730",
"lastModified": "2024-08-29T20:36:56.800",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) reflejado en el par\u00e1metro viewname de la p\u00e1gina de \u00edndice de vTiger CRM 7.4.0 permite a los atacantes ejecutar c\u00f3digo arbitrario en el contexto del navegador de un usuario mediante la inyecci\u00f3n de un payload especialmente manipulado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-449xx/CVE-2024-44919.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44919",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T17:15:08.670",
"lastModified": "2024-08-29T20:36:57.557",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en el componente admin_ads.php de SeaCMS v12.9 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado espec\u00edficamente para ello e inyectada en el par\u00e1metro de descripci\u00f3n del anuncio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-449xx/CVE-2024-44930.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44930",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-29T18:15:14.830",
"lastModified": "2024-08-29T18:15:14.830",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Serilog anterior a v2.1.0 conten\u00eda una vulnerabilidad de suplantaci\u00f3n de IP de cliente, que permite a los atacantes falsificar sus direcciones IP especificando una IP arbitraria como valor de los encabezados X-Forwarded-For o Client-Ip mientras realizan solicitudes HTTP."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-449xx/CVE-2024-44944.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44944",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-30T08:15:04.580",
"lastModified": "2024-08-30T08:15:04.580",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use helper function to calculate expect ID\n\nDelete expectation path is missing a call to the nf_expect_get_id()\nhelper function to calculate the expectation ID, otherwise LSB of the\nexpectation object address is leaked to userspace."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: ctnetlink: usar la funci\u00f3n auxiliar para calcular el ID de expectativa. Al eliminar la ruta de expectativa falta una llamada a la funci\u00f3n auxiliar nf_expect_get_id() para calcular el ID de expectativa; de lo contrario, el LSB de la direcci\u00f3n del objeto de expectativa se filtra al espacio de usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-44xx/CVE-2024-4401.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4401",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-30T04:15:06.737",
"lastModified": "2024-08-30T04:15:06.737",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Elementor Addon Elements para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los par\u00e1metros 'id' y 'eae_slider_animation' en todas las versiones hasta la 1.13.5 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-450xx/CVE-2024-45045.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45045",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-29T17:15:08.977",
"lastModified": "2024-08-29T17:15:08.977",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Collabora Online es una suite de oficina colaborativa en l\u00ednea basada en la tecnolog\u00eda LibreOffice. En las variantes de Collabora Online para dispositivos m\u00f3viles (Android/iOS) era posible inyectar JavaScript a trav\u00e9s de valores codificados en URL en enlaces contenidos en documentos. Dado que la interfaz JavaScript de Android permite el acceso a funciones internas, la probabilidad de que la aplicaci\u00f3n pueda verse comprometida a trav\u00e9s de esta vulnerabilidad se considera alta. Las variantes que no son para dispositivos m\u00f3viles no se ven afectadas. Las variantes para dispositivos m\u00f3viles deben actualizarse a la \u00faltima versi\u00f3n proporcionada por la tienda de aplicaciones de la plataforma. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-450xx/CVE-2024-45056.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45056",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-29T17:15:09.173",
"lastModified": "2024-08-29T17:15:09.173",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. Analysis has shown that no contracts were affected by the date of publishing this advisory. This issue has been addressed in version 1.5.3. Users are advised to upgrade and redeploy all contracts. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "zksolc es un compilador de Solidity para ZKsync. Todas las versiones de LLVM desde 2015 convierten `(xor (shl 1, x), -1)` en `(rotl ~1, x)` si se ejecutan con optimizaciones habilitadas. Aqu\u00ed, `~1` se genera como un n\u00famero de 64 bits sin signo (`2^64-1`). Este n\u00famero se extiende a 256 bits en el destino EraVM, mientras que deber\u00eda haberse extendido a signo. Por lo tanto, en lugar de producir `roti 2^256 - 1, x`, el compilador produce `rotl 2^64 - 1, x`. El an\u00e1lisis ha demostrado que ning\u00fan contrato se vio afectado a la fecha de publicaci\u00f3n de este aviso. Este problema se ha solucionado en la versi\u00f3n 1.5.3. Se recomienda a los usuarios que actualicen y vuelvan a implementar todos los contratos. No existen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-453xx/CVE-2024-45302.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45302",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-29T22:15:05.377",
"lastModified": "2024-08-29T22:15:05.377",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method which does not check for CRLF characters in the header value. This means that any headers from a `RestSharp.RequestHeaders` object are added to the request in such a way that they are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the RestSharp library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like the one above, but if such code were present in a web application then it becomes vulnerable to request splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a potential vulnerability in applications using RestSharp, not in RestSharp itself, but I would argue that at the very least there needs to be a warning about this behaviour in the RestSharp documentation. RestSharp has addressed this issue in version 112.0.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "RestSharp es un cliente de API HTTP y REST simple para .NET. El segundo argumento de `RestRequest.AddHeader` (el valor del encabezado) es vulnerable a la inyecci\u00f3n CRLF. Lo mismo se aplica a `RestRequest.AddOrUpdateHeader` y `RestClient.AddDefaultHeader`. La forma en que se agregan los encabezados HTTP a una solicitud es a trav\u00e9s del m\u00e9todo `HttpHeaders.TryAddWithoutValidation` que no verifica los caracteres CRLF en el valor del encabezado. Esto significa que cualquier encabezado de un objeto `RestSharp.RequestHeaders` se agrega a la solicitud de tal manera que es vulnerable a la inyecci\u00f3n CRLF. En general, la inyecci\u00f3n CRLF en un encabezado HTTP (cuando se usa HTTP/1.1) significa que uno puede inyectar encabezados HTTP adicionales o contrabandear solicitudes HTTP completas. Si una aplicaci\u00f3n que usa la librer\u00eda RestSharp pasa un valor controlable por el usuario a un encabezado, entonces esa aplicaci\u00f3n se vuelve vulnerable a la inyecci\u00f3n CRLF. Esto no es necesariamente un problema de seguridad para una aplicaci\u00f3n de l\u00ednea de comandos como la anterior, pero si dicho c\u00f3digo estuviera presente en una aplicaci\u00f3n web, se volver\u00eda vulnerable a la divisi\u00f3n de solicitudes (como se muestra en la PoC) y, por lo tanto, a la falsificaci\u00f3n de solicitudes del lado del servidor. Estrictamente hablando, esta es una vulnerabilidad potencial en aplicaciones que usan RestSharp, no en RestSharp en s\u00ed, pero yo dir\u00eda que, como m\u00ednimo, deber\u00eda haber una advertencia sobre este comportamiento en la documentaci\u00f3n de RestSharp. RestSharp ha abordado este problema en la versi\u00f3n 112.0.0. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-454xx/CVE-2024-45488.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45488",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-30T02:15:03.757",
"lastModified": "2024-08-30T02:15:03.757",
"vulnStatus": "Received",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2."
},
{
"lang": "es",
"value": "Las versiones anteriores a la 7.5.2 de One Identity Safeguard for Privileged Passwords permiten el acceso no autorizado debido a un problema relacionado con las cookies. Esto solo afecta a las instalaciones de dispositivos virtuales (VMware o HyperV). Las versiones corregidas son 7.0.5.1 LTS, 7.4.2 y 7.5.2."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More