admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-07T18:00:18.759377+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-07 18:03:18 +00:00
parent f367fb0d5a
commit 7193c6109c
316 changed files with 4281 additions and 1045 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2022/CVE-2022-263xx/CVE-2022-26320.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-26320",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-03-14T18:15:08.123",
"lastModified": "2022-03-23T15:02:20.840",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T16:15:04.557",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -2663,12 +2663,8 @@
]
},
{
"url": "https://safezoneswupdate.com",
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
"url": "https://web.archive.org/web/20220922042721/https://safezoneswupdate.com/",
"source": "cve@mitre.org"
},
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html",
@ -2677,6 +2673,10 @@
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://www.rambus.com/security/response-center/advisories/rmbs-2021-01/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-267xx/CVE-2023-26770.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-26770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T19:15:15.870",
"lastModified": "2024-10-04T19:15:15.870",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user."
},
{
"lang": "es",
"value": "TaskCafe 0.3.2 carece de validaci\u00f3n en el valor de la cookie. Cualquier atacante no autenticado que conozca un ID de usuario registrado puede cambiar la contrase\u00f1a de ese usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-267xx/CVE-2023-26771.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-26771",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T19:15:15.967",
"lastModified": "2024-10-04T19:15:15.967",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file."
},
{
"lang": "es",
"value": "Taskcafe 0.3.2 es vulnerable a Cross Site Scripting (XSS). Hay una falta de validaci\u00f3n en el tipo de archivo cuando se carga una imagen de perfil SVG con un payload XSS. Un atacante autenticado puede aprovechar esta vulnerabilidad cargando una imagen maliciosa que activar\u00e1 el payload cuando la v\u00edctima abra el archivo."
}
],
"metrics": {},

12
CVE-2023/CVE-2023-524xx/CVE-2023-52447.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52447",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.580",
"lastModified": "2024-08-26T16:06:09.770",
"lastModified": "2024-10-07T17:46:20.457",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -22,19 +22,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]

4
CVE-2023/CVE-2023-63xx/CVE-2023-6361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6361",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-10-07T15:15:07.430",
"lastModified": "2024-10-07T15:15:07.430",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-63xx/CVE-2023-6362.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6362",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-10-07T15:15:07.670",
"lastModified": "2024-10-07T15:15:07.670",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20090",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.430",
"lastModified": "2024-10-07T03:15:02.430",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20091",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.583",
"lastModified": "2024-10-07T03:15:02.583",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20092",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.680",
"lastModified": "2024-10-07T03:15:02.680",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20093",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.757",
"lastModified": "2024-10-07T03:15:02.757",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20094.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20094",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.823",
"lastModified": "2024-10-07T04:15:02.703",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20095",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.910",
"lastModified": "2024-10-07T03:15:02.910",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20096",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.987",
"lastModified": "2024-10-07T03:15:02.987",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20097.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20097",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.057",
"lastModified": "2024-10-07T03:15:03.057",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20098",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.127",
"lastModified": "2024-10-07T03:15:03.127",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-200xx/CVE-2024-20099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20099",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.200",
"lastModified": "2024-10-07T03:15:03.200",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-201xx/CVE-2024-20100.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20100",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.273",
"lastModified": "2024-10-07T03:15:03.273",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-201xx/CVE-2024-20101.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20101",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.350",
"lastModified": "2024-10-07T03:15:03.350",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-201xx/CVE-2024-20102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20102",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.427",
"lastModified": "2024-10-07T03:15:03.427",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-201xx/CVE-2024-20103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20103",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.500",
"lastModified": "2024-10-07T03:15:03.500",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

393
CVE-2024/CVE-2024-203xx/CVE-2024-20343.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20343",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-09-11T17:15:12.223",
"lastModified": "2024-09-12T12:35:54.013",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T17:42:40.777",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,367 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "D691922C-D683-411D-A26A-7287CA9CEB57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "D0CB861B-9A6C-49EB-A01F-B6CDA2423F7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:x64:*",
"matchCriteriaId": "DBA8D271-075E-414F-A46B-D9E55204AD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.15:*:*:*:*:*:x64:*",
"matchCriteriaId": "060A41A3-5159-4BA2-B0D6-C0D9D0F1467F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.92:*:*:*:*:*:x64:*",
"matchCriteriaId": "AFEC2F32-47D4-4084-BBDD-2E1857C97DD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.93:*:*:*:*:*:x64:*",
"matchCriteriaId": "B80FF231-BE4F-4F49-86C9-C5D7570B5BCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E0737D4-0DC3-4352-BF0F-80F58DED1129"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F93BC7E-C573-4DE7-92A0-FD059EEC0ECC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:x64:*",
"matchCriteriaId": "BA9F52C2-58B2-46DC-86D8-F0FA842C4240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:x64:*",
"matchCriteriaId": "2FCC703B-2521-4CD2-B3AF-5D3D43F748DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.11:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FCE8A35-54CE-421A-AFEE-E62EECB64900"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.12:*:*:*:*:*:x64:*",
"matchCriteriaId": "7803B636-6A85-45FA-83BA-BB5B4ED775A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:x64:*",
"matchCriteriaId": "A1149D66-512B-41E0-B465-39C27F466269"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.0:*:*:*:*:*:x64:*",
"matchCriteriaId": "8ED826AF-B389-4DB9-96B6-401FDEEDF30D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "60BD40B4-B330-4A20-903B-08F2D99C58C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "93B9BC0F-FD25-4FF4-81BB-8B02D2F3FF09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.11:*:*:*:*:*:x64:*",
"matchCriteriaId": "C62E9990-2165-40A3-A8D8-3753219DF229"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.12:*:*:*:*:*:x64:*",
"matchCriteriaId": "FAD6DC10-B22B-4C14-8031-102827E08CEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.14:*:*:*:*:*:x64:*",
"matchCriteriaId": "1C6F5775-AB85-43A3-A896-14FEF73FB728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.90:*:*:*:*:*:x64:*",
"matchCriteriaId": "70D78739-857C-432A-8B5B-BA703D657E7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "A683A7AD-EB0B-4B80-BB31-FA4379E2D2B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "6EF6DD05-C434-40E2-B29C-C6827B8259BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.3:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1E836DA-38C1-4B48-8053-D152204B7826"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:x64:*",
"matchCriteriaId": "61076700-F1CB-4BDC-A5FA-E6EB4FDC34B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.25:*:*:*:*:*:x64:*",
"matchCriteriaId": "C4484642-FB33-4982-B072-F796C4F54391"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.0:*:*:*:*:*:x64:*",
"matchCriteriaId": "6EA2C9ED-4BD4-4452-B701-02DC32E0874B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "E4E2B5C4-2845-4D8F-8DD9-F613BB8344A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "31599228-CA16-44D1-A9CA-6F67309D2572"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.12:*:*:*:*:*:x64:*",
"matchCriteriaId": "E6017458-51D2-4293-AE85-43D835048D76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "8F67EAA7-66BE-49B5-81C5-57567435AEEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "635F4C04-780A-44BF-BA3E-94F87FCA9196"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:x64:*",
"matchCriteriaId": "77372BDA-F12D-4EC0-A063-BAD94EF13937"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:x64:*",
"matchCriteriaId": "577395B7-C379-472B-97E5-9AB62F33CEEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:x64:*",
"matchCriteriaId": "DBE537BC-8280-49A4-8930-E20CD13CAAE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:x64:*",
"matchCriteriaId": "BC9C6FBB-1CF0-4D74-B6E8-42A971F6FBDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:x64:*",
"matchCriteriaId": "69DAFDE5-10A7-407D-BB17-AA2FC4853AEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.16:*:*:*:*:*:x64:*",
"matchCriteriaId": "D6B10927-6B87-4B3D-959D-DC30BC8F1457"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.27:*:*:*:*:*:x64:*",
"matchCriteriaId": "AE1E8739-B769-447E-BACC-6933F06EACA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "79092ED3-7165-4300-89EF-EF3F55752560"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8719477E-93EE-4CA4-AB6E-9DB405582F53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.15:*:*:*:*:*:x64:*",
"matchCriteriaId": "9DADF777-BD20-4B09-A722-DDA8B2C8400D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.16:*:*:*:*:*:x64:*",
"matchCriteriaId": "4E9779A8-2075-4D07-A82B-5F380579A222"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "E33D5313-934E-4354-A63E-4F2926F51A68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "48B64A94-9B16-46B1-931D-ED35839E658D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:x64:*",
"matchCriteriaId": "50144FDB-A472-43D5-AF6D-36B940CA40AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:x64:*",
"matchCriteriaId": "E8D51B99-F62D-4363-8C4B-9BCBB3A25644"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:x64:*",
"matchCriteriaId": "EB9D407B-15D6-4A2A-940E-7174F6D2E16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.12:*:*:*:*:*:x64:*",
"matchCriteriaId": "BD32791C-061E-4D74-A059-18EBC809F351"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.52:*:*:*:*:*:x64:*",
"matchCriteriaId": "6ED2F45C-DE0C-428E-B858-4D1C99AC3533"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "378D45F1-C4FF-4300-9E61-77CDA2EB985E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "6B6D6A73-27F2-45DE-AB60-AF25793E4E6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.15:*:*:*:*:*:x64:*",
"matchCriteriaId": "41594E36-13B9-4CD8-8ADD-35D1021D2AF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA1C1F2A-0BBE-4BCF-9412-4C6A2F1ED414"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "02328030-97BA-4F91-B9CA-7A69ECAA1F4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:x64:*",
"matchCriteriaId": "98DBF2D7-6E91-485E-9132-315A3E3E9D08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "8437B415-BD94-4BA3-833B-07A8996CDDA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "75632E65-4854-441B-AFBA-7482452FD2EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.12:*:*:*:*:*:x64:*",
"matchCriteriaId": "BA500CFC-586E-44C1-B9F7-C8562E1E2D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:x64:*",
"matchCriteriaId": "7FF4094B-A136-4832-BDE7-F6EA97A33334"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "20EBE816-B549-4685-80C0-C5415E6D63B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "4439DCF6-FFAD-406D-B558-04E853F5F6EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:x64:*",
"matchCriteriaId": "1A3094EF-016C-440E-B558-BA54EA1ADD50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "D413C206-0E63-4DA9-A279-878C55C1EF47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:x64:*",
"matchCriteriaId": "25AB0A66-411A-49A1-865E-603085367AFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "1457E79B-5411-40A0-A403-FE80C604AFFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:x64:*",
"matchCriteriaId": "B0A42301-2EF2-4893-9367-9E883301C13A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellutil-HCb278wD",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-203xx/CVE-2024-20390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20390",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-09-11T17:15:12.613",
"lastModified": "2024-09-12T12:35:54.013",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T17:51:37.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.1.2",
"matchCriteriaId": "F6EADB55-720D-4DF2-A076-256FFCEB961D"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-204xx/CVE-2024-20406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20406",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-09-11T17:15:13.040",
"lastModified": "2024-09-12T12:35:54.013",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T17:56:43.103",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.1",
"versionEndExcluding": "7.0.0",
"matchCriteriaId": "A21D4B88-10AE-4726-9D00-48CF36068409"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.1",
"versionEndExcluding": "7.11.2",
"matchCriteriaId": "6BB02B4B-AC47-4DFF-BB0F-AD0F2D12866B"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-214xx/CVE-2024-21455.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21455",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:10.360",
"lastModified": "2024-10-07T13:15:10.360",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-233xx/CVE-2024-23369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23369",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:10.683",
"lastModified": "2024-10-07T13:15:10.683",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-233xx/CVE-2024-23370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23370",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:10.927",
"lastModified": "2024-10-07T13:15:10.927",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-233xx/CVE-2024-23374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23374",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:11.173",
"lastModified": "2024-10-07T13:15:11.173",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-233xx/CVE-2024-23375.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23375",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:11.400",
"lastModified": "2024-10-07T13:15:11.400",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-233xx/CVE-2024-23376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23376",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:11.593",
"lastModified": "2024-10-07T13:15:11.593",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-233xx/CVE-2024-23378.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23378",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:11.800",
"lastModified": "2024-10-07T13:15:11.800",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-233xx/CVE-2024-23379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23379",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:12.003",
"lastModified": "2024-10-07T13:15:12.003",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-256xx/CVE-2024-25691.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25691",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:05.840",
"lastModified": "2024-10-04T18:15:05.840",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad XSS reflejado en Esri Portal for ArcGIS versiones 11.1, 10.9.1 y 10.8.1 que puede permitir que un atacante remoto no autenticado cree un enlace manipulado que, al hacer clic, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima."
}
],
"metrics": {

8
CVE-2024/CVE-2024-256xx/CVE-2024-25694.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25694",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:06.167",
"lastModified": "2024-10-04T18:15:06.167",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 10.8.1 \u2013 10.9.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en Esri Portal for ArcGIS Enterprise versiones 10.8.1 \u2013 10.9.1 que puede permitir que un atacante remoto autenticado cree un v\u00ednculo manipulado que se almacena en la configuraci\u00f3n de la aplicaci\u00f3n Layer Showcase y que, al hacer clic en \u00e9l, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. Los privilegios necesarios para ejecutar este ataque son altos. El ataque podr\u00eda revelar un token privilegiado que puede hacer que el atacante obtenga el control total del Portal."
}
],
"metrics": {

8
CVE-2024/CVE-2024-257xx/CVE-2024-25701.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25701",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:06.390",
"lastModified": "2024-10-04T18:15:06.390",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en Esri Portal for ArcGIS Enterprise Experience Builder versiones 10.8.1 a 11.1 que puede permitir que un atacante remoto autenticado cree un v\u00ednculo manipulado que se almacena en el widget de inserci\u00f3n de Experience Builder y que, cuando se carga, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. Los privilegios necesarios para ejecutar este ataque son altos. El ataque podr\u00eda revelar un token privilegiado que puede hacer que el atacante obtenga el control total del Portal."
}
],
"metrics": {

8
CVE-2024/CVE-2024-257xx/CVE-2024-25702.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25702",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:06.593",
"lastModified": "2024-10-04T18:15:06.593",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en Esri Portal for ArcGIS Enterprise Sites versiones 10.8.1 \u2013 11.1 que puede permitir que un atacante remoto autenticado cree un v\u00ednculo manipulado que se almacena en la configuraci\u00f3n del sitio y que, al hacer clic en \u00e9l, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. Los privilegios necesarios para ejecutar este ataque son altos. El ataque podr\u00eda revelar un token privilegiado que puede hacer que el atacante obtenga el control total del Portal."
}
],
"metrics": {

8
CVE-2024/CVE-2024-257xx/CVE-2024-25707.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25707",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:06.790",
"lastModified": "2024-10-04T18:15:06.790",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code."
},
{
"lang": "es",
"value": "Existe un cross site scripting reflejado en Esri Portal for ArcGIS 11.1 y versiones anteriores en Windows y Linux x64 que permite a un atacante remoto autenticado con acceso administrativo proporcionar una cadena manipulada que podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en su propio navegador (Self XSS). No se puede enga\u00f1ar a un usuario para que haga clic en un enlace para ejecutar c\u00f3digo."
}
],
"metrics": {

56
CVE-2024/CVE-2024-274xx/CVE-2024-27458.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-27458",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-10-07T17:15:15.297",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "hp-security-alert@hp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "hp-security-alert@hp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_11342101-11342130-16/hpsbhf03977",
"source": "hp-security-alert@hp.com"
}
]
}

25
CVE-2024/CVE-2024-287xx/CVE-2024-28709.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-28709",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-07T16:15:05.117",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields."
}
],
"metrics": {},
"references": [
{
"url": "http://limesurvey.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/LimeSurvey/LimeSurvey/commit/c844c4fba81cc26ffe6544bf095bad6252910bc0",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-287xx/CVE-2024-28710.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-28710",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-07T16:15:05.190",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component."
}
],
"metrics": {},
"references": [
{
"url": "http://limesurvey.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/LimeSurvey/LimeSurvey/commit/c2fd60f94bc1db275f20cbb27a3135a9bdfb7f10",
"source": "cve@mitre.org"
}
]
}

47
CVE-2024/CVE-2024-304xx/CVE-2024-30485.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30485",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-09T11:15:51.560",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T16:19:45.840",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xlplugins:finale:*:*:*:*:lite:wordpress:*:*",
"versionEndExcluding": "2.18.1",
"matchCriteriaId": "EE4D481A-225E-452F-8933-362B97BB24C6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/finale-woocommerce-sales-countdown-timer-discount/wordpress-finale-lite-plugin-2-18-0-subscriber-arbitrary-plugin-installation-activation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-305xx/CVE-2024-30512.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30512",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-09T11:15:51.780",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T16:24:48.320",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weformspro:weforms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.6.21",
"matchCriteriaId": "162B091C-598D-4554-9262-AD91671AA23B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-20-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-330xx/CVE-2024-33049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33049",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:12.243",
"lastModified": "2024-10-07T13:15:12.243",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-330xx/CVE-2024-33064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33064",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:12.510",
"lastModified": "2024-10-07T13:15:12.510",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-330xx/CVE-2024-33065.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33065",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:12.710",
"lastModified": "2024-10-07T13:15:12.710",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-330xx/CVE-2024-33066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33066",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:12.917",
"lastModified": "2024-10-07T13:15:12.917",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-330xx/CVE-2024-33069.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33069",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:13.117",
"lastModified": "2024-10-07T13:15:13.117",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-330xx/CVE-2024-33070.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33070",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:13.323",
"lastModified": "2024-10-07T13:15:13.323",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-330xx/CVE-2024-33071.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33071",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:13.510",
"lastModified": "2024-10-07T13:15:13.510",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-330xx/CVE-2024-33073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33073",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:13.703",
"lastModified": "2024-10-07T13:15:13.703",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-378xx/CVE-2024-37868.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37868",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T21:15:13.150",
"lastModified": "2024-10-04T21:15:13.150",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the \"sendreply.php\" file, and the uploaded file was received using the \"$- FILES\" variable."
},
{
"lang": "es",
"value": "La vulnerabilidad de carga de archivos en Itsourcecode Online Discussion Forum Project v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del archivo \"sendreply.php\", y el archivo cargado se recibi\u00f3 utilizando la variable \"$- FILES\"."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-378xx/CVE-2024-37869.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37869",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T21:15:13.240",
"lastModified": "2024-10-04T21:15:13.240",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the \"poster.php\" file, and the uploaded file was received using the \"$- FILES\" variable"
},
{
"lang": "es",
"value": "La vulnerabilidad de carga de archivos en Itsourcecode Online Discussion Forum Project v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del archivo \"poster.php\", y el archivo cargado se recibi\u00f3 utilizando la variable \"$- FILES\""
}
],
"metrics": {},

8
CVE-2024/CVE-2024-380xx/CVE-2024-38036.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38036",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:06.973",
"lastModified": "2024-10-04T18:15:06.973",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad XSS reflejado en Esri Portal for ArcGIS versiones 10.9.1, 10.8.1 y 10.7.1 que puede permitir que un atacante remoto no autenticado cree un enlace manipulado que, al hacer clic, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima."
}
],
"metrics": {

8
CVE-2024/CVE-2024-380xx/CVE-2024-38037.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38037",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:07.207",
"lastModified": "2024-10-04T18:15:07.207",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de redirecci\u00f3n no validada en Esri Portal for ArcGIS 11.0 y 10.9.1 que puede permitir que un atacante remoto no autenticado cree una URL que podr\u00eda redirigir a una v\u00edctima a un sitio web arbitrario, simplificando los ataques de phishing."
}
],
"metrics": {

8
CVE-2024/CVE-2024-380xx/CVE-2024-38038.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38038",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:07.413",
"lastModified": "2024-10-04T18:15:07.413",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad XSS reflejado en Esri Portal for ArcGIS versiones 10.9.1, 10.8.1 y 10.7.1 que puede permitir que un atacante remoto no autenticado cree un enlace dise\u00f1ado que, al hacer clic, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima."
}
],
"metrics": {

8
CVE-2024/CVE-2024-380xx/CVE-2024-38039.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38039",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:07.633",
"lastModified": "2024-10-04T18:15:07.633",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim\u2019s browser (no stateful change made or customer data rendered)."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de inyecci\u00f3n HTML en Esri Portal for ArcGIS versiones 11.0 y anteriores que puede permitir que un atacante remoto y autenticado cree un enlace dise\u00f1ado que, al hacer clic, podr\u00eda generar HTML arbitrario en el navegador de la v\u00edctima (no se realizan cambios con estado ni se representan datos del cliente)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-380xx/CVE-2024-38040.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38040",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:07.897",
"lastModified": "2024-10-04T18:15:07.897",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inclusi\u00f3n de archivos locales en Esri Portal for ArcGIS 11.2. 11.1, 11.0 y 10.9.1 que puede permitir que un atacante remoto no autenticado cree una URL que podr\u00eda revelar informaci\u00f3n de configuraci\u00f3n confidencial al leer archivos internos."
}
],
"metrics": {

4
CVE-2024/CVE-2024-383xx/CVE-2024-38397.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38397",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:14.333",
"lastModified": "2024-10-07T13:15:14.333",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-383xx/CVE-2024-38399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38399",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:14.540",
"lastModified": "2024-10-07T13:15:14.540",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-384xx/CVE-2024-38425.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38425",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:14.730",
"lastModified": "2024-10-07T13:15:14.730",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-415xx/CVE-2024-41511.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41511",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.090",
"lastModified": "2024-10-07T15:15:08.640",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-415xx/CVE-2024-41512.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41512",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.153",
"lastModified": "2024-10-04T21:15:13.293",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in \"ccHandler.aspx\" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the \"bomid\" parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en \"ccHandler.aspx\" en todas las versiones de CADClick v.1.11.0 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro \"bomid\"."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-415xx/CVE-2024-41513.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41513",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.220",
"lastModified": "2024-10-04T21:15:13.350",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in \"Artikel.aspx\" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the \"searchindex\" parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado en \"Artikel.aspx\" en CADClick v1.11.0 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"searchindex\"."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-415xx/CVE-2024-41514.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41514",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.297",
"lastModified": "2024-10-04T21:15:13.400",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in \"PrevPgGroup.aspx\" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the \"wer\" parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado en \"PrevPgGroup.aspx\" en CADClick v1.11.0 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"wer\"."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-415xx/CVE-2024-41515.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41515",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.347",
"lastModified": "2024-10-04T18:15:08.347",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in \"ccHandlerResource.ashx\" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the \"res_url\" parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado en \"ccHandlerResource.ashx\" en CADClick &lt;= 1.11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"res_url\"."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-415xx/CVE-2024-41516.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41516",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.410",
"lastModified": "2024-10-04T18:15:08.410",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected cross-site scripting (XSS) vulnerability in \"ccHandler.aspx\" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the \"bomid\" parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado en \"ccHandler.aspx\" CADClick &lt;= 1.11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"bomid\"."
}
],
"metrics": {},

660
CVE-2024/CVE-2024-415xx/CVE-2024-41587.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41587",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-03T19:15:04.310",
"lastModified": "2024-10-04T17:28:31.047",
"lastModified": "2024-10-07T16:16:13.173",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -86,6 +86,664 @@
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.8.2",
"matchCriteriaId": "0F1ADAFE-5F59-4617-A20D-68675AE4AA61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.8.2",
"matchCriteriaId": "4137F610-B3BE-4B74-8409-B91E61C4EEEE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.9.5",
"matchCriteriaId": "36FE9F0A-223F-42DC-BCB6-4A7A24A65130"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.8",
"matchCriteriaId": "43C713BB-02A0-4CD4-A27F-943D5D538444"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.9.5",
"matchCriteriaId": "765C62A0-BE3E-4661-8FD6-E9566B7C3C28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.8",
"matchCriteriaId": "02588C38-E98C-4553-93C0-535A0C129783"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.9",
"matchCriteriaId": "D46E5FF5-6521-4A10-8CC5-34518A38ECFA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.9",
"matchCriteriaId": "3B69D1EC-7C33-4367-80BA-4008E8C9A4BE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.9",
"matchCriteriaId": "E0813DB7-4B52-40E1-9D5C-DBF9FA74EFD0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.8.9",
"matchCriteriaId": "E7845410-6E90-4E92-8029-964A7F77EC57"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.6.1",
"matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2.8",
"matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.0.0",
"versionEndExcluding": "4.4.3.1",
"matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.7",
"matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2.8",
"matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.0.0",
"versionEndExcluding": "4.4.3.1",
"matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.7",
"matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.5.3",
"matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.5.3",
"matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.5.3",
"matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.5.2",
"matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.5.3",
"matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.5.2",
"matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.5.3",
"matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.9.8.9",
"matchCriteriaId": "4C7DD492-4294-484D-A4D2-BCCCA152D57F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA"
}
]
}
]
}
],
"references": [

4
CVE-2024/CVE-2024-420xx/CVE-2024-42027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42027",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-10-07T13:15:15.020",
"lastModified": "2024-10-07T13:15:15.020",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-430xx/CVE-2024-43047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43047",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-10-07T13:15:15.257",
"lastModified": "2024-10-07T13:15:15.257",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-436xx/CVE-2024-43683.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43683",
"sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"published": "2024-10-04T20:15:06.513",
"lastModified": "2024-10-04T20:15:06.513",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0."
},
{
"lang": "es",
"value": "La vulnerabilidad de redirecci\u00f3n de URL a un sitio no confiable ('Redirecci\u00f3n abierta') en Microchip TimeProvider 4100 permite XSS a trav\u00e9s de encabezados HTTP. Este problema afecta a TimeProvider 4100: desde 1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-436xx/CVE-2024-43684.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43684",
"sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"published": "2024-10-04T20:15:06.710",
"lastModified": "2024-10-04T20:15:06.710",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Microchip TimeProvider 4100 permite Cross-Site Request Forgery y cross-site scripting (XSS). Este problema afecta a TimeProvider 4100: desde la versi\u00f3n 1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-436xx/CVE-2024-43685.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43685",
"sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"published": "2024-10-04T20:15:06.830",
"lastModified": "2024-10-04T20:15:06.830",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n incorrecta en Microchip TimeProvider 4100 (m\u00f3dulos de inicio de sesi\u00f3n) permite el secuestro de sesi\u00f3n. Este problema afecta a TimeProvider 4100: desde la versi\u00f3n 1.0 hasta la 2.4.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-436xx/CVE-2024-43686.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43686",
"sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"published": "2024-10-04T20:15:06.960",
"lastModified": "2024-10-04T20:15:06.960",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Microchip TimeProvider 4100 (m\u00f3dulos de trazado de datos) permite XSS reflejado. Este problema afecta a TimeProvider 4100: desde la versi\u00f3n 1.0 hasta la 2.4.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-436xx/CVE-2024-43687.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43687",
"sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"published": "2024-10-04T20:15:07.087",
"lastModified": "2024-10-04T20:15:07.087",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Microchip TimeProvider 4100 (m\u00f3dulos de configuraci\u00f3n de banner) permite cross-site scripting (XSS). Este problema afecta a TimeProvider 4100: desde la versi\u00f3n 1.0 hasta la 2.4.7."
}
],
"metrics": {

4
CVE-2024/CVE-2024-440xx/CVE-2024-44010.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44010",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:11.720",
"lastModified": "2024-10-06T13:15:11.720",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44011",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-05T11:15:11.050",
"lastModified": "2024-10-05T11:15:11.050",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44012",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-05T11:15:11.280",
"lastModified": "2024-10-05T11:15:11.280",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44013.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44013",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-05T11:15:11.477",
"lastModified": "2024-10-05T11:15:11.477",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44014.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44014",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-05T11:15:11.660",
"lastModified": "2024-10-05T11:15:11.660",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44015",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-05T11:15:11.850",
"lastModified": "2024-10-05T11:15:11.850",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44016",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-05T11:15:12.037",
"lastModified": "2024-10-05T11:15:12.037",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44018.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44018",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-05T13:15:12.890",
"lastModified": "2024-10-05T13:15:12.890",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44022",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:11.940",
"lastModified": "2024-10-06T13:15:11.940",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44023",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-05T13:15:13.120",
"lastModified": "2024-10-05T13:15:13.120",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44024",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:12.160",
"lastModified": "2024-10-06T13:15:12.160",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44025.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44025",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:12.397",
"lastModified": "2024-10-06T13:15:12.397",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44026.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44026",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:12.623",
"lastModified": "2024-10-06T13:15:12.623",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44027",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:12.853",
"lastModified": "2024-10-06T13:15:12.853",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44028.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44028",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:13.073",
"lastModified": "2024-10-06T13:15:13.073",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44029.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44029",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:13.310",
"lastModified": "2024-10-06T13:15:13.310",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44032",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:13.540",
"lastModified": "2024-10-06T13:15:13.540",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44033",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:13.743",
"lastModified": "2024-10-06T13:15:13.743",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44034",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-05T13:15:13.483",
"lastModified": "2024-10-05T13:15:13.483",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44035",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:13.950",
"lastModified": "2024-10-06T13:15:13.950",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44036",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:14.187",
"lastModified": "2024-10-06T13:15:14.187",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44037",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:14.407",
"lastModified": "2024-10-06T13:15:14.407",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44039",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:14.623",
"lastModified": "2024-10-06T13:15:14.623",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44040",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T13:15:14.853",
"lastModified": "2024-10-06T13:15:14.853",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44041.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44041",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T12:15:03.990",
"lastModified": "2024-10-06T12:15:03.990",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44042",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T12:15:04.203",
"lastModified": "2024-10-06T12:15:04.203",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-440xx/CVE-2024-44043.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44043",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-06T12:15:04.407",
"lastModified": "2024-10-06T12:15:04.407",
"vulnStatus": "Received",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More