admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-04-03T14:00:52.038847+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-04-03 14:03:40 +00:00
parent 1a9db7ba37
commit 5aacd2a767
110 changed files with 2171 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-153xx/CVE-2020-15368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-15368",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-06-29T21:15:13.917",
"lastModified": "2020-07-09T14:01:55.107",
"vulnStatus": "Analyzed",
"lastModified": "2024-04-03T12:15:09.637",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -111,6 +111,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/stong/CVE-2020-15368?tab=readme-ov-file",
"source": "cve@mitre.org"
}
]
}

8
CVE-2021/CVE-2021-273xx/CVE-2021-27312.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-27312",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T06:15:07.350",
"lastModified": "2024-04-03T06:15:07.350",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de Server Side Request Forgery (SSRF) en Gleez Cms 1.2.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de module/gleez/classes/request.php."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-256xx/CVE-2023-25699.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25699",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T13:15:59.923",
"lastModified": "2024-04-03T13:15:59.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/videowhisper-live-streaming-integration/wordpress-broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-plugin-5-5-15-remote-code-execution-rce?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-344xx/CVE-2023-34423.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34423",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-03T08:15:48.990",
"lastModified": "2024-04-03T08:15:48.990",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege."
},
{
"lang": "es",
"value": "Survey Maker anterior a 3.6.4 contiene una vulnerabilidad de Cross Site Scripting almacenadas. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que inicia sesi\u00f3n en el sitio web utilizando el producto con privilegios administrativos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-357xx/CVE-2023-35764.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-35764",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-03T08:15:49.057",
"lastModified": "2024-04-03T08:15:49.057",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting."
},
{
"lang": "es",
"value": "El problema de verificaci\u00f3n insuficiente de la autenticidad de los datos en Survey Maker antes de la versi\u00f3n 3.6.4 permite que un atacante remoto no autenticado falsifique una direcci\u00f3n IP al publicar."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-387xx/CVE-2023-38729.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38729",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:00.150",
"lastModified": "2024-04-03T13:16:00.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. IBM X-Force ID: 262259."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/262259",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7145721",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-522xx/CVE-2023-52296.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-52296",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:00.360",
"lastModified": "2024-04-03T13:16:00.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/278547",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7145722",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2024/CVE-2024-01xx/CVE-2024-0172.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0172",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-04-03T10:15:08.030",
"lastModified": "2024-04-03T10:15:08.030",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."
},
{
"lang": "es",
"value": "El BIOS del servidor Dell PowerEdge y el BIOS del rack Dell Precision contienen una vulnerabilidad de seguridad de administraci\u00f3n de privilegios inadecuada. Un atacante local no autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una escalada de privilegios."
}
],
"metrics": {

6
CVE-2024/CVE-2024-10xx/CVE-2024-1023.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1023",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-03-27T08:15:38.140",
"lastModified": "2024-03-27T12:29:30.307",
"lastModified": "2024-04-03T13:16:00.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:1662",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1023",
"source": "secalert@redhat.com"

6
CVE-2024/CVE-2024-13xx/CVE-2024-1300.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1300",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-04-02T08:15:53.993",
"lastModified": "2024-04-02T12:50:42.233",
"lastModified": "2024-04-03T13:16:00.813",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:1662",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1300",
"source": "secalert@redhat.com"

8
CVE-2024/CVE-2024-13xx/CVE-2024-1327.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1327",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-03T03:15:08.703",
"lastModified": "2024-04-03T03:15:08.703",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Jeg Elementor Kit para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del widget de cuadro de imagen del complemento en todas las versiones hasta la 2.6.3 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

6
CVE-2024/CVE-2024-13xx/CVE-2024-1394.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1394",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-03-21T13:00:08.037",
"lastModified": "2024-04-03T00:15:08.400",
"lastModified": "2024-04-03T13:16:00.903",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -79,6 +79,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:1563",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1574",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1640",
"source": "secalert@redhat.com"

10
CVE-2024/CVE-2024-19xx/CVE-2024-1979.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1979",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-03-13T10:15:08.153",
"lastModified": "2024-03-13T12:33:51.697",
"lastModified": "2024-04-03T13:16:01.070",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Quarkus. En ciertas condiciones relacionadas con el proceso de CI, las credenciales de git podr\u00edan publicarse sin darse cuenta, lo que podr\u00eda poner en riesgo el repositorio de git."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:1662",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1979",
"source": "secalert@redhat.com"

59
CVE-2024/CVE-2024-223xx/CVE-2024-22360.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22360",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:01.183",
"lastModified": "2024-04-03T13:16:01.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/280905",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7145730",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2024/CVE-2024-23xx/CVE-2024-2322.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2322",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-03T05:15:47.920",
"lastModified": "2024-04-03T05:15:47.920",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks."
},
{
"lang": "es",
"value": "El complemento WooCommerce Cart Abandonment Recovery de WordPress anterior a 1.2.27 no tiene verificaci\u00f3n CSRF en sus acciones masivas, lo que podr\u00eda permitir a los atacantes hacer que los administradores registrados eliminen plantillas de correo electr\u00f3nico arbitrarias, as\u00ed como eliminar y cancelar la suscripci\u00f3n de usuarios de pedidos abandonados a trav\u00e9s de ataques CSRF."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-245xx/CVE-2024-24506.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24506",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T07:15:42.663",
"lastModified": "2024-04-03T07:15:42.663",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Lime Survey Community Edition versi\u00f3n v.5.3.32+220817, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de direcci\u00f3n de correo electr\u00f3nico del administrador en la funci\u00f3n de configuraci\u00f3n general."
}
],
"metrics": {},

59
CVE-2024/CVE-2024-247xx/CVE-2024-24707.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24707",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T13:16:01.383",
"lastModified": "2024-04-03T13:16:01.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cwicly/wordpress-cwicly-plugin-1-4-0-2-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://snicco.io/vulnerability-disclosure/cwicly/remote-code-execution-cwicly-1-4-0-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2024/CVE-2024-247xx/CVE-2024-24724.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24724",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T03:15:09.173",
"lastModified": "2024-04-03T03:15:09.173",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization."
},
{
"lang": "es",
"value": "Gibbon hasta 26.0.00 permite /modules/School%20Admin/messengerSettings.php la inyecci\u00f3n de plantilla del lado del servidor que conduce a la ejecuci\u00f3n remota de c\u00f3digo porque la entrada se pasa al motor de plantilla Twig (messengerSettings.php) sin sanitizaci\u00f3n."
}
],
"metrics": {},

59
CVE-2024/CVE-2024-250xx/CVE-2024-25030.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-25030",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:01.590",
"lastModified": "2024-04-03T13:16:01.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/281677",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7145725",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2024/CVE-2024-250xx/CVE-2024-25046.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-25046",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:01.790",
"lastModified": "2024-04-03T13:16:01.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/282953",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7145726",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2024/CVE-2024-250xx/CVE-2024-25075.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25075",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T21:15:45.900",
"lastModified": "2024-04-02T21:15:45.900",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption. When that happens often enough, the device will be out of memory, i.e., a denial of service."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Softing uaToolkit Embedded antes de la versi\u00f3n 1.41.1. Cuando se crea una suscripci\u00f3n con un par\u00e1metro MaxNotificationPerPublish muy bajo, se maneja mal una respuesta de publicaci\u00f3n, lo que genera consumo de memoria. Cuando esto sucede con suficiente frecuencia, el dispositivo se quedar\u00e1 sin memoria, es decir, se producir\u00e1 una denegaci\u00f3n de servicio."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-250xx/CVE-2024-25096.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25096",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T13:16:02.017",
"lastModified": "2024-04-03T13:16:02.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/canto/wordpress-canto-plugin-3-0-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2024/CVE-2024-258xx/CVE-2024-25864.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25864",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T03:15:09.350",
"lastModified": "2024-04-03T03:15:09.350",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component."
},
{
"lang": "es",
"value": "La vulnerabilidad de Server Side Request Forgery (SSRF) en las versiones de Friendica posteriores a la v.2023.12 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del componente fpostit.php."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-259xx/CVE-2024-25918.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25918",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T12:15:10.537",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-8-remote-code-execution-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2024/CVE-2024-264xx/CVE-2024-26495.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-26495",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T03:15:09.533",
"lastModified": "2024-04-03T03:15:09.533",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en las versiones de Friendica posteriores a la v.2023.12 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de las etiquetas BBCode en el contenido de la publicaci\u00f3n y en la funci\u00f3n de comentarios de la publicaci\u00f3n."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-271xx/CVE-2024-27191.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27191",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T12:15:11.123",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/slivery-extender/wordpress-slivery-extender-plugin-1-0-2-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2024/CVE-2024-272xx/CVE-2024-27254.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-27254",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T13:16:02.220",
"lastModified": "2024-04-03T13:16:02.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/283813",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7145727",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2024/CVE-2024-276xx/CVE-2024-27602.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27602",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T21:15:45.957",
"lastModified": "2024-04-02T21:15:45.957",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module."
},
{
"lang": "es",
"value": "Alldata V0.4.6 es vulnerable a un control de acceso incorrecto. Se han filtrado un total de muchos documentos de interfaz de m\u00f3dulos. Por ejemplo, el m\u00f3dulo /api/system/v2/api-docs."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27604.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27604",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T21:15:46.010",
"lastModified": "2024-04-02T21:15:46.010",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized."
},
{
"lang": "es",
"value": "Alldata V0.4.6 es vulnerable a la vulnerabilidad de ejecuci\u00f3n de comandos. Los comandos del sistema se pueden deserializar."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27605.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27605",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T21:15:46.060",
"lastModified": "2024-04-02T21:15:46.060",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system."
},
{
"lang": "es",
"value": "Alldata V0.4.6 es vulnerable a permisos inseguros. El uso de usuarios (prueba) puede consultar informaci\u00f3n sobre los usuarios en el sistema."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-279xx/CVE-2024-27951.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27951",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T12:15:11.690",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin \u2013 MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin \u2013 MPG: from n/a through 3.4.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-3-4-0-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-279xx/CVE-2024-27972.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27972",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T12:15:12.187",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-fusion-lite/wordpress-wp-fusion-lite-plugin-3-41-24-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2024/CVE-2024-282xx/CVE-2024-28219.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28219",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T03:15:09.710",
"lastModified": "2024-04-03T03:15:09.710",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy."
},
{
"lang": "es",
"value": "En _imagingcms.c en Pillow anterior a 10.3.0, existe un desbordamiento del b\u00fafer porque se usa strcpy en lugar de strncpy."
}
],
"metrics": {

8
CVE-2024/CVE-2024-285xx/CVE-2024-28515.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28515",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T07:15:44.240",
"lastModified": "2024-04-03T07:15:44.240",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente lab3 del csapp,lab3/buflab-update.pl."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-285xx/CVE-2024-28589.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28589",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T08:15:49.117",
"lastModified": "2024-04-03T08:15:49.117",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Axigen Mail Server para Windows versiones 10.5.18 y anteriores, que permite a atacantes locales con pocos privilegios ejecutar c\u00f3digo arbitrario y escalar privilegios mediante la carga insegura de DLL desde un directorio de escritura mundial durante la inicializaci\u00f3n del servicio."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-287xx/CVE-2024-28755.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28755",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T03:15:10.140",
"lastModified": "2024-04-03T03:15:10.140",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Mbed TLS 3.5.x anterior a 3.6.0. Cuando se restableci\u00f3 un contexto SSL con la API mbedtls_ssl_session_reset(), la versi\u00f3n m\u00e1xima de TLS a negociar no se restaur\u00f3 a la configurada. Un atacante pudo evitar que un servidor Mbed TLS estableciera cualquier conexi\u00f3n TLS 1.3, lo que podr\u00eda provocar una denegaci\u00f3n de servicio o una degradaci\u00f3n forzada de la versi\u00f3n de TLS 1.3 a TLS 1.2."
}
],
"metrics": {},

59
CVE-2024/CVE-2024-287xx/CVE-2024-28782.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-28782",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-03T12:15:12.747",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-256"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285698",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7145683",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2024/CVE-2024-288xx/CVE-2024-28836.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28836",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T03:15:10.350",
"lastModified": "2024-04-03T03:15:10.350",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Mbed TLS 3.5.x anterior a 3.6.0. Al negociar la versi\u00f3n TLS en el lado del servidor, puede recurrir a la implementaci\u00f3n TLS 1.2 del protocolo si est\u00e1 deshabilitada. Si la implementaci\u00f3n de TLS 1.2 se deshabilit\u00f3 en el momento de la compilaci\u00f3n, un cliente TLS 1.2 podr\u00eda colocar un servidor exclusivo de TLS 1.3 en un bucle infinito procesando un ClientHello de TLS 1.2, lo que resultar\u00eda en una denegaci\u00f3n de servicio. Si la implementaci\u00f3n de TLS 1.2 se deshabilit\u00f3 en tiempo de ejecuci\u00f3n, un cliente TLS 1.2 puede establecer exitosamente una conexi\u00f3n TLS 1.2 con el servidor."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-28xx/CVE-2024-2879.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2879",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-03T04:15:11.960",
"lastModified": "2024-04-03T04:15:11.960",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento LayerSlider para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de la acci\u00f3n ls_get_popup_markup en las versiones 7.9.11 y 7.10.0 debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-294xx/CVE-2024-29432.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-29432",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T21:15:46.117",
"lastModified": "2024-04-02T21:15:46.117",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Alldata v0.4.6 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro nombre de tabla en /data/masterdata/datas."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-294xx/CVE-2024-29434.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-29434",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T22:15:09.450",
"lastModified": "2024-04-02T22:15:09.450",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file."
},
{
"lang": "es",
"value": "Un problema en la interfaz de carga de im\u00e1genes del sistema de Alldata v0.4.6 permite a los atacantes ejecutar un directory traversal al cargar un archivo."
}
],
"metrics": {},

24
CVE-2024/CVE-2024-294xx/CVE-2024-29477.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-29477",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T12:15:13.353",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input."
}
],
"metrics": {},
"references": [
{
"url": "http://dolibarr.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-297xx/CVE-2024-29734.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-29734",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-03T08:15:49.173",
"lastModified": "2024-04-03T08:15:49.173",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application."
},
{
"lang": "es",
"value": "Existe un problema de elemento de ruta de b\u00fasqueda no controlado en SonicDICOM Media Viewer 2.3.2 y versiones anteriores, lo que puede provocar que las bibliotecas de v\u00ednculos din\u00e1micos se carguen de forma insegura. Como resultado, se puede ejecutar c\u00f3digo arbitrario con los privilegios de la aplicaci\u00f3n en ejecuci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-301xx/CVE-2024-30166.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30166",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T03:15:10.510",
"lastModified": "2024-04-03T03:15:10.510",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello."
},
{
"lang": "es",
"value": "En Mbed TLS 3.3.0 hasta 3.5.2 anterior a 3.6.0, un cliente malintencionado puede provocar la divulgaci\u00f3n de informaci\u00f3n o una denegaci\u00f3n de servicio debido a una sobrelectura del b\u00fafer de pila (de menos de 256 bytes) en un servidor TLS 1.3 a trav\u00e9s de un TLS. 3.1 ClientHello."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-303xx/CVE-2024-30344.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30344",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:46.173",
"lastModified": "2024-04-02T21:15:46.173",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22733."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. El defecto espec\u00edfico existe en el manejo de Acroforms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22733."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30345.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30345",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:46.353",
"lastModified": "2024-04-02T21:15:46.353",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22742."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc en AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22742."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30346.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30346",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:46.530",
"lastModified": "2024-04-02T21:15:46.530",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22745."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc en AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22745."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30347.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30347",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:46.723",
"lastModified": "2024-04-02T21:15:46.723",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22910."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos U3D de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos U3D. El problema se debe a la falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-22910."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30348.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30348",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:46.900",
"lastModified": "2024-04-02T21:15:46.900",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22911."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el an\u00e1lisis de archivos U3D de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos U3D. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22911."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30349.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30349",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:47.090",
"lastModified": "2024-04-02T21:15:47.090",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22912."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el an\u00e1lisis de archivos U3D de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos U3D. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22912."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30350.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30350",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:47.263",
"lastModified": "2024-04-02T21:15:47.263",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22708."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites de anotaci\u00f3n de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos de anotaci\u00f3n. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-22708."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30351.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30351",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:47.447",
"lastModified": "2024-04-02T21:15:47.447",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22799."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc en AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22799."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30352.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30352",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:47.630",
"lastModified": "2024-04-02T21:15:47.630",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22800."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22800."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30353.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30353",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:47.813",
"lastModified": "2024-04-02T21:15:47.813",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22807."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de lectura fuera de los l\u00edmites de Foxit PDF Reader AcroForm. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc en AcroForms. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22807."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30354.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30354",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:47.993",
"lastModified": "2024-04-02T21:15:47.993",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22808."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc en AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22808."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30355.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30355",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:48.167",
"lastModified": "2024-04-02T21:15:48.167",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22809."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites de Foxit PDF Reader AcroForm. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc en AcroForms. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22809."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30356.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30356",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:48.347",
"lastModified": "2024-04-02T21:15:48.347",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22811."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites de Foxit PDF Reader AcroForm. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc en AcroForms. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-22811."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30357.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30357",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:48.530",
"lastModified": "2024-04-02T21:15:48.530",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22818."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de confusi\u00f3n de tipos de anotaci\u00f3n AcroForm de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos de anotaci\u00f3n en AcroForms. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede dar lugar a una condici\u00f3n de confusi\u00f3n de tipos. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22818."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30358.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30358",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:48.717",
"lastModified": "2024-04-02T21:15:48.717",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22821."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo Foxit PDF Reader AcroForm User-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22821."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30359.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30359",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:48.900",
"lastModified": "2024-04-02T21:15:48.900",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of 3D objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22888."
},
{
"lang": "es",
"value": "Foxit PDF Reader AcroForm 3D Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de lectura fuera de los l\u00edmites. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos 3D en AcroForms. El problema se debe a la falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22888."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30360.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30360",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:49.077",
"lastModified": "2024-04-02T21:15:49.077",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22797."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22797."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30361.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30361",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:49.280",
"lastModified": "2024-04-02T21:15:49.280",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22877."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22877."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30362.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30362",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:49.477",
"lastModified": "2024-04-02T21:15:49.477",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22798."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo despu\u00e9s de la liberaci\u00f3n del an\u00e1lisis de archivos PDF de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PDF. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22798."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30363.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30363",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:49.667",
"lastModified": "2024-04-02T21:15:49.667",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23008."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos U3D de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos U3D. El problema se debe a la falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-23008."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30364.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30364",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:49.853",
"lastModified": "2024-04-02T21:15:49.853",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23009."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos U3D de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos U3D. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-23009."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30365.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30365",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:50.033",
"lastModified": "2024-04-02T21:15:50.033",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22947."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22947."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30367.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30367",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:50.217",
"lastModified": "2024-04-02T21:15:50.217",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23013."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-23013."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30370.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30370",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:50.403",
"lastModified": "2024-04-02T21:15:50.403",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page.\n\nThe specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. Was ZDI-CAN-23156."
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de marca de la web en RARLAB WinRAR. Esta vulnerabilidad permite a atacantes remotos eludir el mecanismo de protecci\u00f3n Mark-Of-The-Web en las instalaciones afectadas de RARLAB WinRAR. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe realizar una acci\u00f3n espec\u00edfica en una p\u00e1gina maliciosa. La falla espec\u00edfica existe dentro de la funcionalidad de extracci\u00f3n de archivos. Una entrada de archivo manipulada puede provocar la creaci\u00f3n de un archivo arbitrario sin la marca de la web. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del usuario actual. Era ZDI-CAN-23156."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30371.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30371",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-02T21:15:50.600",
"lastModified": "2024-04-02T21:15:50.600",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23355."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Foxit PDF Reader AcroForm Use-After-Free. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de AcroForms. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-23355."
}
],
"metrics": {

24
CVE-2024/CVE-2024-305xx/CVE-2024-30568.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-30568",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T13:16:02.443",
"lastModified": "2024-04-03T13:16:02.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Netgear-R6850%20V1.1.0.88%20Command%20Injection%28ping_test%29.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-305xx/CVE-2024-30569.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-30569",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T13:16:02.503",
"lastModified": "2024-04-03T13:16:02.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Info%20Leak%20in%20Netgear-R6850%EF%BC%88currentsetting.htm%EF%BC%89.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-305xx/CVE-2024-30570.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-30570",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T13:16:02.563",
"lastModified": "2024-04-03T13:16:02.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Info%20Leak%20in%20Netgear-R6850%EF%BC%88debuginfo.htm%EF%BC%89.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-305xx/CVE-2024-30571.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-30571",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T13:16:02.620",
"lastModified": "2024-04-03T13:16:02.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Info%20Leak%20in%20Netgear-R6850%EF%BC%88BRS_top.html%EF%BC%89.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-305xx/CVE-2024-30572.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-30572",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T13:16:02.680",
"lastModified": "2024-04-03T13:16:02.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Netgear-R6850%20V1.1.0.88%20Command%20Injection%28ntp_server%29.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-309xx/CVE-2024-30998.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30998",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T06:15:07.650",
"lastModified": "2024-04-03T06:15:07.650",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PHPGurukul Men Salon Management System v.2.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro de correo electr\u00f3nico en el componente index.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-310xx/CVE-2024-31008.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31008",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T06:15:07.750",
"lastModified": "2024-04-03T06:15:07.750",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la versi\u00f3n 4.1.0 de WUZHICMS que permite a un atacante ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del archivo index.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-310xx/CVE-2024-31009.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31009",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T04:15:12.403",
"lastModified": "2024-04-03T04:15:12.403",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en SEMCMS v.4.8, permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro lgid en Banner.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-310xx/CVE-2024-31010.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31010",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T04:15:12.653",
"lastModified": "2024-04-03T04:15:12.653",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en SEMCMS v.4.8, permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro ID en Banner.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-310xx/CVE-2024-31011.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31011",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T05:15:48.010",
"lastModified": "2024-04-03T05:15:48.010",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de escritura arbitraria en archivos en beescms v.4.0, permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una ruta de archivo que no estaba aislada y el sufijo no estaba verificado en admin_template.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-310xx/CVE-2024-31012.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31012",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T04:15:12.797",
"lastModified": "2024-04-03T04:15:12.797",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en SEMCMS v.4.8 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del archivo upload.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-310xx/CVE-2024-31013.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31013",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T04:15:12.907",
"lastModified": "2024-04-03T04:15:12.907",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en emlog versi\u00f3n Pro 2.3, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en la parte inferior de la p\u00e1gina de inicio en el par\u00e1metro footer_info."
}
],
"metrics": {},

59
CVE-2024/CVE-2024-313xx/CVE-2024-31380.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-31380",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T12:15:13.530",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-plugin-4-8-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2024/CVE-2024-313xx/CVE-2024-31390.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-31390",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T12:15:14.020",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows Code Injection.This issue affects Breakdance: from n/a through 1.7.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/breakdance/wordpress-breakdance-plugin-1-7-0-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://snicco.io/vulnerability-disclosure/breakdance/client-mode-remote-code-execution-breakdance-1-7-0?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2024/CVE-2024-31xx/CVE-2024-3162.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3162",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-03T03:15:10.907",
"lastModified": "2024-04-03T03:15:10.907",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Jeg Elementor Kit para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los atributos del widget de testimonios en todas las versiones hasta la 2.6.3 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de colaborador o superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3202.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3202",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-02T22:15:09.643",
"lastModified": "2024-04-02T22:15:09.643",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple CMS 1.2.4. This issue affects some unknown processing of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-259049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en codelyfe Stupid Simple CMS 1.2.4 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido de la p\u00e1gina de inicio de sesi\u00f3n del componente. La manipulaci\u00f3n conduce a una restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-259049. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3203.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3203",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-02T22:15:10.320",
"lastModified": "2024-04-02T22:15:10.320",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en c-blosc2 hasta 2.13.2 y clasificada como cr\u00edtica. La funci\u00f3n ndlz8_decompress del archivo /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c es afectada por la vulnerabilidad. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-259050 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3204.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3204",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-02T22:15:11.040",
"lastModified": "2024-04-02T22:15:11.040",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en c-blosc2 hasta 2.13.2 y clasificada como cr\u00edtica. La funci\u00f3n ndlz4_decompress del archivo /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-259051. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3205.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3205",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-02T23:15:54.627",
"lastModified": "2024-04-02T23:15:54.627",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en yaml libyaml hasta 0.2.5 y clasificada como cr\u00edtica. La funci\u00f3n yaml_emitter_emit_flow_sequence_item del archivo /src/libyaml/src/emitter.c es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-259052. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3207.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3207",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-02T23:15:54.853",
"lastModified": "2024-04-02T23:15:54.853",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en ermig1979 Simd hasta 6.0.134. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n ReadUnsigned del archivo src/Simd/SimdMemoryStream.h. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-259054 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3209.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3209",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-02T23:15:55.083",
"lastModified": "2024-04-02T23:15:55.083",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en UPX hasta 4.2.2. Ha sido calificada como cr\u00edtica. Este problema afecta a la funci\u00f3n get_ne64 del archivo bele.h. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-259055. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3218.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3218",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-03T00:15:08.717",
"lastModified": "2024-04-03T00:15:08.717",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondata[callee]/jsondata[imagename] leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259065 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Shibang Communications IP Network Intercom Broadcasting System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /php/busyscreenshotpush.php. La manipulaci\u00f3n del argumento jsondata[callee]/jsondata[imagename] conduce al path traversal: '../filedir'. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-259065."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3221.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3221",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-03T00:15:08.980",
"lastModified": "2024-04-03T00:15:08.980",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester PHP Task Management System 1.0. This vulnerability affects unknown code of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259066 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester PHP Task Management System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo asistencia-info.php. La manipulaci\u00f3n del argumento user_id conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-259066 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3222.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3222",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-03T00:15:09.237",
"lastModified": "2024-04-03T00:15:09.237",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester PHP Task Management System 1.0. This issue affects some unknown processing of the file admin-password-change.php. The manipulation of the argument admin_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259067."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester PHP Task Management System 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo admin-password-change.php. La manipulaci\u00f3n del argumento admin_id conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-259067."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3223.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3223",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-03T01:16:05.023",
"lastModified": "2024-04-03T01:16:05.023",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester PHP Task Management System 1.0. Affected is an unknown function of the file admin-manage-user.php. The manipulation of the argument admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259068."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester PHP Task Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo admin-manage-user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento admin_id conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-259068."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3224.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3224",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-03T02:15:08.097",
"lastModified": "2024-04-03T02:15:08.097",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259069 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en SourceCodester PHP Task Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo task-details.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento task_id conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-259069."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3225.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3225",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-03T02:15:08.347",
"lastModified": "2024-04-03T02:15:08.347",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259070 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester PHP Task Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo edit-task.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento task_id conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-259070 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3226.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3226",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-03T02:15:08.647",
"lastModified": "2024-04-03T02:15:08.647",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259071."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Campcodes Online Patient Record Management System 1.0. Ha sido clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /admin/login.php. La manipulaci\u00f3n del argumento contrase\u00f1a conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-259071."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3227.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3227",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-03T03:15:11.457",
"lastModified": "2024-04-03T03:15:11.457",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the file /general/system/interface/theme_set/save_image.php of the component Backend. The manipulation of the argument image_type leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259072."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Panwei eoffice OA hasta 9.5. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /general/system/interface/theme_set/save_image.php del componente Backend. La manipulaci\u00f3n del argumento tipo_imagen conduce al path traversal: '../filedir'. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-259072."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3247.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3247",
"sourceIdentifier": "xpdf@xpdfreader.com",
"published": "2024-04-02T23:15:55.300",
"lastModified": "2024-04-02T23:15:55.300",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.\n"
},
{
"lang": "es",
"value": "En Xpdf 4.05 (y versiones anteriores), un bucle de un objeto PDF en una secuencia de objetos genera una recursividad infinita y un desbordamiento de la pila."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3248.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3248",
"sourceIdentifier": "xpdf@xpdfreader.com",
"published": "2024-04-02T23:15:55.493",
"lastModified": "2024-04-02T23:15:55.493",
"vulnStatus": "Received",
"lastModified": "2024-04-03T12:38:04.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.\n"
},
{
"lang": "es",
"value": "En Xpdf 4.05 (y versiones anteriores), un bucle de objeto PDF en los archivos adjuntos provoca una recursividad infinita y un desbordamiento de la pila."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More