admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 03:02:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-01T14:02:32.990499+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-01 14:05:25 +00:00
parent 219abd1779
commit 7d032d8631
122 changed files with 1486 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2019/CVE-2019-252xx/CVE-2019-25211.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2019-25211",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-29T00:15:02.107",
"lastModified": "2024-06-29T00:15:02.107",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed."
},
{
"lang": "es",
"value": "parseWildcardRules en el middleware Gin-Gonic CORS anterior a 1.6.0 maneja mal un comod\u00edn al final de una cadena de origen, por ejemplo, https://example.community/* se permite cuando la intenci\u00f3n es que solo https://example.com/* debe permitirse, y http://localhost.example.com/* est\u00e1 permitido cuando la intenci\u00f3n es que solo se debe permitir http://localhost/*."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-275xx/CVE-2022-27540.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-27540",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-06-28T19:15:03.407",
"lastModified": "2024-06-28T19:15:03.407",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability."
},
{
"lang": "es",
"value": "Se ha identificado una posible vulnerabilidad de tiempo de verificaci\u00f3n a tiempo de uso (TOCTOU) en el BIOS de HP para ciertos productos de PC HP, que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario, denegaci\u00f3n de servicio y divulgaci\u00f3n de informaci\u00f3n. HP est\u00e1 lanzando actualizaciones de BIOS para mitigar la vulnerabilidad potencial."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-383xx/CVE-2022-38383.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-38383",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T19:15:03.670",
"lastModified": "2024-06-28T19:15:03.670",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673."
},
{
"lang": "es",
"value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Software Suite 1.10.12.0 a 1.10.21.0 permiten almacenar localmente p\u00e1ginas web que pueden ser le\u00eddas por otro usuario en el sistema. ID de IBM X-Force: 233673."
}
],
"metrics": {

8
CVE-2023/CVE-2023-350xx/CVE-2023-35022.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-35022",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T16:15:02.600",
"lastModified": "2024-06-30T16:15:02.600",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir a un usuario local actualizar proyectos a los que no tiene autorizaci\u00f3n para acceder. ID de IBM X-Force: 258254."
}
],
"metrics": {

8
CVE-2023/CVE-2023-40xx/CVE-2023-4017.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-4017",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-29T12:15:09.863",
"lastModified": "2024-06-29T12:15:09.863",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018attra-color\u2019, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El tema Goya para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s de los par\u00e1metros 'attra-color', 'attra-size' y 'product-cata' en versiones hasta la 1.0.8.7 incluida debido a una sanitizaci\u00f3n insuficiente de los insumos y al escape de los productos. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2023/CVE-2023-509xx/CVE-2023-50952.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50952",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T18:15:02.733",
"lastModified": "2024-06-30T18:15:02.733",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a Server-Side Request Forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques. ID de IBM X-Force: 275774."
}
],
"metrics": {

8
CVE-2023/CVE-2023-509xx/CVE-2023-50953.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50953",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T18:15:02.970",
"lastModified": "2024-06-30T18:15:02.970",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 275775."
}
],
"metrics": {

8
CVE-2023/CVE-2023-509xx/CVE-2023-50954.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50954",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T17:15:02.470",
"lastModified": "2024-06-30T17:15:02.470",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 devuelve informaci\u00f3n confidencial en informaci\u00f3n URL que podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 275776."
}
],
"metrics": {

8
CVE-2023/CVE-2023-509xx/CVE-2023-50964.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50964",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T19:15:02.007",
"lastModified": "2024-06-30T19:15:02.007",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 276102."
}
],
"metrics": {

8
CVE-2024/CVE-2024-01xx/CVE-2024-0153.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-0153",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-07-01T09:15:06.343",
"lastModified": "2024-07-01T09:15:06.343",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0."
},
{
"lang": "es",
"value": "Vulnerabilidad de restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware permite a un usuario local sin privilegios realizar operaciones de procesamiento de GPU inadecuadas para acceder a una cantidad limitada fuera de los l\u00edmites del b\u00fafer. Si las operaciones se preparan cuidadosamente, esto a su vez podr\u00eda darles acceso a toda la memoria del sistema. Este problema afecta al firmware de la GPU Valhall: desde r29p0 hasta r46p0; Firmware de arquitectura de GPU Arm de quinta generaci\u00f3n: desde r41p0 hasta r46p0."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20076.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20076",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-07-01T05:15:03.957",
"lastModified": "2024-07-01T05:15:03.957",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481."
},
{
"lang": "es",
"value": "En Modem, existe una posible falla del sistema debido a un manejo incorrecto de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01297806; ID del problema: MSV-1481."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20077.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20077",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-07-01T05:15:04.133",
"lastModified": "2024-07-01T05:15:04.133",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482."
},
{
"lang": "es",
"value": "En Modem, existe una posible falla del sistema debido a un manejo incorrecto de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01297807; ID del problema: MSV-1482."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20078.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20078",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-07-01T05:15:04.227",
"lastModified": "2024-07-01T05:15:04.227",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452."
},
{
"lang": "es",
"value": "En venc, existe una posible escritura fuera de los l\u00edmites debido a una confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08737250; ID del problema: MSV-1452."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20079.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20079",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-07-01T05:15:04.333",
"lastModified": "2024-07-01T05:15:04.333",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491."
},
{
"lang": "es",
"value": "En el servicio gnss, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08044040; ID del problema: MSV-1491."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20080.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20080",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-07-01T05:15:04.430",
"lastModified": "2024-07-01T05:15:04.430",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424."
},
{
"lang": "es",
"value": "En el servicio gnss existe una posible escalada de privilegios debido a una validaci\u00f3n inadecuada del certificado. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08720039; ID del problema: MSV-1424."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20081.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-20081",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-07-01T05:15:04.520",
"lastModified": "2024-07-01T05:15:04.520",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412."
},
{
"lang": "es",
"value": "En el servicio gnss, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08719602; ID del problema: MSV-1412."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-23xx/CVE-2024-2386.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2386",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-29T13:15:10.740",
"lastModified": "2024-06-29T13:15:10.740",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Plugin for Google Maps \u2013 WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento WordPress Plugin for Google Maps \u2013 WP MAPS para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'id' del c\u00f3digo corto 'put_wpgm' en todas las versiones hasta la 4.6.1 inclusive debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-250xx/CVE-2024-25031.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25031",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T19:15:04.433",
"lastModified": "2024-06-28T19:15:04.433",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678."
},
{
"lang": "es",
"value": "IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.4 utiliza una configuraci\u00f3n de bloqueo de cuenta inadecuada que podr\u00eda permitir a un atacante en la red utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 281678."
}
],
"metrics": {

8
CVE-2024/CVE-2024-250xx/CVE-2024-25041.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25041",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T19:15:04.653",
"lastModified": "2024-06-28T19:15:04.653",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780."
},
{
"lang": "es",
"value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1 y 12.0.2 es potencialmente vulnerable a cross site scripting (XSS). Un atacante remoto podr\u00eda ejecutar comandos maliciosos debido a una validaci\u00f3n incorrecta de los encabezados de las columnas en Cognos Assistant. ID de IBM X-Force: 282780."
}
],
"metrics": {

8
CVE-2024/CVE-2024-250xx/CVE-2024-25053.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25053",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T19:15:04.933",
"lastModified": "2024-06-28T19:15:04.933",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364."
},
{
"lang": "es",
"value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1 y 12.0.2 es vulnerable a una validaci\u00f3n de certificado incorrecta cuando se utiliza la conexi\u00f3n de origen de datos de IBM Planning Analytics . Esto podr\u00eda permitir a un atacante falsificar una entidad de confianza interfiriendo en la ruta de comunicaci\u00f3n entre el servidor IBM Planning Analytics y el servidor IBM Cognos Analytics. ID de IBM X-Force: 283364."
}
],
"metrics": {

8
CVE-2024/CVE-2024-259xx/CVE-2024-25943.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25943",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-29T13:15:10.403",
"lastModified": "2024-06-29T13:15:10.403",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application."
},
{
"lang": "es",
"value": "iDRAC9, versiones anteriores a 7.00.00.172 para la 14.\u00aa generaci\u00f3n y 7.10.50.00 para las 15.\u00aa y 16.\u00aa generaci\u00f3n, contiene una vulnerabilidad de secuestro de sesi\u00f3n en IPMI. Un atacante remoto podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n de c\u00f3digo arbitrario en la aplicaci\u00f3n vulnerable."
}
],
"metrics": {

8
CVE-2024/CVE-2024-276xx/CVE-2024-27628.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27628",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-28T19:15:05.180",
"lastModified": "2024-06-28T19:15:05.180",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de b\u00fafer en DCMTK v.3.6.8 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente del m\u00e9todo EctEnhancedCT."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27629.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27629",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-28T19:15:05.243",
"lastModified": "2024-06-28T19:15:05.243",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used."
},
{
"lang": "es",
"value": "Un problema en dc2niix anterior a v.1.0.20240202 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s del nombre del archivo generado que no se escapa correctamente ni se inyecta en una llamada al sistema cuando se utilizan ciertos tipos de compresi\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-287xx/CVE-2024-28794.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-28794",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T19:15:02.233",
"lastModified": "2024-06-30T19:15:02.233",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 286831."
}
],
"metrics": {

8
CVE-2024/CVE-2024-287xx/CVE-2024-28795.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-28795",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T16:15:02.987",
"lastModified": "2024-06-30T16:15:02.987",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 286832."
}
],
"metrics": {

8
CVE-2024/CVE-2024-287xx/CVE-2024-28797.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-28797",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T18:15:03.480",
"lastModified": "2024-06-30T18:15:03.480",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable cross site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 287136."
}
],
"metrics": {

8
CVE-2024/CVE-2024-287xx/CVE-2024-28798.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-28798",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T17:15:02.720",
"lastModified": "2024-06-30T17:15:02.720",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 287172."
}
],
"metrics": {

8
CVE-2024/CVE-2024-290xx/CVE-2024-29038.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29038",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T14:15:03.033",
"lastModified": "2024-06-28T14:15:03.033",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7."
},
{
"lang": "es",
"value": "tpm2-tools es el repositorio de origen de las herramientas del M\u00f3dulo de plataforma segura (TPM2.0). Un atacante malintencionado puede generar datos de cotizaciones arbitrarios que no son detectados por \"tpm2 checkquote\". Este problema se solucion\u00f3 en la versi\u00f3n 5.7."
}
],
"metrics": {

4
CVE-2024/CVE-2024-290xx/CVE-2024-29039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29039",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T16:15:03.777",
"lastModified": "2024-06-28T16:15:03.777",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-290xx/CVE-2024-29040.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29040",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T21:15:02.773",
"lastModified": "2024-06-28T21:15:02.773",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This \nissue has been patched in version 4.1.0."
},
{
"lang": "es",
"value": "Este repositorio aloja el c\u00f3digo fuente que implementa la pila de software (TSS) TPM2 de Trusted Computing Group (TCG). Fapi_VerifyQuote debe deserializar la informaci\u00f3n de cotizaci\u00f3n JSON devuelta por Fapi_Quote a la estructura TPM `TPMS_ATTEST`. Para el campo `TPM2_GENERATED magic` de esta estructura se puede utilizar cualquier n\u00famero en la estructura JSON. El verificador puede recibir un estado que no representa el estado real, posiblemente malicioso, del dispositivo bajo prueba. El dispositivo malicioso puede obtener acceso a datos que no deber\u00eda o puede utilizar servicios que no deber\u00eda poder. Este problema se solucion\u00f3 en la versi\u00f3n 4.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-318xx/CVE-2024-31898.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31898",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T18:15:03.693",
"lastModified": "2024-06-30T18:15:03.693",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un usuario autenticado lea o modifique informaci\u00f3n confidencial eludiendo la autenticaci\u00f3n utilizando referencias directas a objetos inseguros. ID de IBM X-Force: 288182."
}
],
"metrics": {

8
CVE-2024/CVE-2024-319xx/CVE-2024-31902.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31902",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T17:15:02.923",
"lastModified": "2024-06-30T17:15:02.923",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a Cross-Site Request Forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 289234."
}
],
"metrics": {

8
CVE-2024/CVE-2024-319xx/CVE-2024-31912.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31912",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T18:15:03.673",
"lastModified": "2024-06-28T18:15:03.673",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894."
},
{
"lang": "es",
"value": "IBM MQ 9.3 LTS y 9.3 CD podr\u00edan permitir que un usuario autenticado escale sus privilegios bajo ciertas configuraciones debido a una asignaci\u00f3n de privilegios incorrecta. ID de IBM X-Force: 289894."
}
],
"metrics": {

8
CVE-2024/CVE-2024-319xx/CVE-2024-31919.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31919",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T18:15:03.940",
"lastModified": "2024-06-28T18:15:03.940",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259."
},
{
"lang": "es",
"value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS y 9.3 CD, en determinadas configuraciones, es vulnerable a un ataque de denegaci\u00f3n de servicio provocado por un error al procesar mensajes cuando se utiliza una salida de API utilizando MQBUFMH. ID de IBM X-Force: 290259."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3122.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3122",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-07-01T05:15:04.693",
"lastModified": "2024-07-01T05:15:04.693",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system."
},
{
"lang": "es",
"value": "CHANGING Mobile One Time Password no filtra adecuadamente los par\u00e1metros para la funcionalidad de descarga de archivos, lo que permite a atacantes remotos con privilegios de administrador leer archivos arbitrarios en el sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3123.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3123",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-07-01T05:15:04.973",
"lastModified": "2024-07-01T05:15:04.973",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."
},
{
"lang": "es",
"value": "CHANGING la funci\u00f3n de carga de Mobile One Time Password en una p\u00e1gina oculta no filtra el tipo de archivo correctamente. Los atacantes remotos con privilegios de administrador pueden aprovechar esta vulnerabilidad para cargar y ejecutar archivos maliciosos para ejecutar comandos del sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-347xx/CVE-2024-34703.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34703",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-30T21:15:02.053",
"lastModified": "2024-06-30T21:15:02.053",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n"
},
{
"lang": "es",
"value": "Botan es una librer\u00eda de criptograf\u00eda C++. Los certificados X.509 pueden identificar curvas el\u00edpticas utilizando un identificador de objeto o una codificaci\u00f3n expl\u00edcita de los par\u00e1metros. Antes de las versiones 3.3.0 y 2.19.4, un atacante pod\u00eda presentar un certificado ECDSA X.509 usando codificaci\u00f3n expl\u00edcita donde los par\u00e1metros eran muy grandes. La prueba de concepto utiliz\u00f3 un prime de 16 Kbit para este prop\u00f3sito. Al analizar, se comprueba que el par\u00e1metro sea primo, lo que provoca un c\u00e1lculo excesivo. Esto fue parcheado en 2.19.4 y 3.3.0 para permitir que el par\u00e1metro principal de la curva el\u00edptica tenga como m\u00e1ximo 521 bits. No hay workarounds disponibles. Tenga en cuenta que la compatibilidad con la codificaci\u00f3n expl\u00edcita de par\u00e1metros de curvas el\u00edpticas est\u00e1 obsoleta en Botan."
}
],
"metrics": {

8
CVE-2024/CVE-2024-351xx/CVE-2024-35116.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35116",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T19:15:05.677",
"lastModified": "2024-06-28T19:15:05.677",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335."
},
{
"lang": "es",
"value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS y 9.3 CD es vulnerable a un ataque de denegaci\u00f3n de servicio causado por un error al aplicar cambios de configuraci\u00f3n. ID de IBM X-Force: 290335."
}
],
"metrics": {

8
CVE-2024/CVE-2024-351xx/CVE-2024-35119.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35119",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-30T17:15:03.153",
"lastModified": "2024-06-30T17:15:03.153",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en un seguimiento de la pila. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 290342."
}
],
"metrics": {

4
CVE-2024/CVE-2024-351xx/CVE-2024-35137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35137",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T16:15:04.150",
"lastModified": "2024-06-28T16:15:04.150",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-351xx/CVE-2024-35139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35139",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T16:15:04.380",
"lastModified": "2024-06-28T16:15:04.380",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-351xx/CVE-2024-35155.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35155",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T18:15:04.170",
"lastModified": "2024-06-28T18:15:04.170",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765."
},
{
"lang": "es",
"value": "IBM MQ Console 9.3 LTS y 9.3 CD podr\u00edan revelar que podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 292765."
}
],
"metrics": {

8
CVE-2024/CVE-2024-351xx/CVE-2024-35156.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35156",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T19:15:05.917",
"lastModified": "2024-06-28T19:15:05.917",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766."
},
{
"lang": "es",
"value": "IBM MQ 9.3 LTS y 9.3 CD podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 292766."
}
],
"metrics": {

8
CVE-2024/CVE-2024-373xx/CVE-2024-37370.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37370",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-28T22:15:02.293",
"lastModified": "2024-06-28T22:15:02.293",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application."
},
{
"lang": "es",
"value": "En MIT Kerberos 5 (tambi\u00e9n conocido como krb5) anterior a 1.21.3, un atacante puede modificar el campo Extra Count de texto plano de un token de envoltura GSS krb5 confidencial, lo que hace que el token desenvuelto aparezca truncado para la aplicaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-373xx/CVE-2024-37371.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37371",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-28T23:15:11.603",
"lastModified": "2024-06-28T23:15:11.603",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields."
},
{
"lang": "es",
"value": "En MIT Kerberos 5 (tambi\u00e9n conocido como krb5) anterior a 1.21.3, un atacante puede provocar lecturas de memoria no v\u00e1lidas durante el manejo de tokens de mensajes GSS al enviar tokens de mensajes con campos de longitud no v\u00e1lidos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-379xx/CVE-2024-37905.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37905",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T18:15:04.400",
"lastModified": "2024-06-28T18:15:04.400",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including resetting user passwords and more. This issue has been patched in version(s) 2024.2.4, 2024.4.2 and 2024.6.0.\n"
},
{
"lang": "es",
"value": "authentik es un proveedor de identidades de c\u00f3digo abierto que enfatiza la flexibilidad y la versatilidad. El mecanismo Authentik API-Access-Token se puede explotar para obtener privilegios de usuario administrador. Una explotaci\u00f3n exitosa del problema dar\u00e1 como resultado que un usuario obtenga acceso de administrador completo a la aplicaci\u00f3n Authentik, incluido el restablecimiento de contrase\u00f1as de usuario y m\u00e1s. Este problema se solucion\u00f3 en las versiones 2024.2.4, 2024.4.2 y 2024.6.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-383xx/CVE-2024-38322.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38322",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-28T19:15:06.317",
"lastModified": "2024-06-28T19:15:06.317",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869."
},
{
"lang": "es",
"value": "IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.4 La discrepancia en la respuesta de error de nombre de usuario y contrase\u00f1a del agente expone el producto a una enumeraci\u00f3n de fuerza bruta. ID de IBM X-Force: 294869."
}
],
"metrics": {

8
CVE-2024/CVE-2024-383xx/CVE-2024-38371.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38371",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T18:15:04.647",
"lastModified": "2024-06-28T18:15:04.647",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been patched in version(s) 2024.6.0, 2024.2.4 and 2024.4.3."
},
{
"lang": "es",
"value": "authentik es un proveedor de identidades de c\u00f3digo abierto. Las restricciones de acceso asignadas a una aplicaci\u00f3n no se verificaron cuando se utiliz\u00f3 el flujo de c\u00f3digo del dispositivo OAuth2. Potencialmente, esto podr\u00eda permitir a los usuarios sin la autorizaci\u00f3n correcta obtener tokens OAuth para una aplicaci\u00f3n y acceder a ella. Este problema se solucion\u00f3 en las versiones 2024.6.0, 2024.2.4 y 2024.4.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-383xx/CVE-2024-38374.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38374",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T18:15:04.853",
"lastModified": "2024-06-28T18:15:04.853",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, _cyclonedx-core-java_ leverages XPath expressions to determine the schema version of the BOM. The `DocumentBuilderFactory` used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML External Entity (XXE) injection. This vulnerability has been fixed in cyclonedx-core-java version 9.0.4.\n"
},
{
"lang": "es",
"value": "El m\u00f3dulo principal de CycloneDX proporciona una representaci\u00f3n modelo del SBOM junto con utilidades para ayudar a crear, validar y analizar SBOM. Antes de deserializar la lista de materiales de CycloneDX en formato XML, _cyclonedx-core-java_ aprovecha las expresiones XPath para determinar la versi\u00f3n del esquema de la lista de materiales. El `DocumentBuilderFactory` utilizado para evaluar expresiones XPath no estaba configurado de forma segura, lo que hac\u00eda que la biblioteca fuera vulnerable a la inyecci\u00f3n de entidad externa XML (XXE). Esta vulnerabilidad se ha solucionado en cyclonedx-core-java versi\u00f3n 9.0.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-384xx/CVE-2024-38480.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38480",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-01T05:15:04.613",
"lastModified": "2024-07-01T05:15:04.613",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\"Piccoma\" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n \"Piccoma\" para versiones de Android e iOS anteriores a la 6.20.0 utiliza una clave API codificada para un servicio externo, lo que puede permitir que un atacante local obtenga la clave API. Tenga en cuenta que los usuarios de la aplicaci\u00f3n no se ven directamente afectados por esta vulnerabilidad."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-385xx/CVE-2024-38514.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38514",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T19:15:06.530",
"lastModified": "2024-06-28T19:15:06.530",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the `endpoint` GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and GET methods supported), or to target NextChat users and make them execute arbitrary JavaScript code in their browser. This vulnerability has been patched in version 2.12.4.\n"
},
{
"lang": "es",
"value": "NextChat es una interfaz de usuario ChatGPT/Gemini multiplataforma. Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) debido a la falta de validaci\u00f3n del par\u00e1metro GET \"endpoint\" en el endpoint de la API WebDav. Este SSRF se puede utilizar para realizar solicitudes HTTPS arbitrarias desde la instancia vulnerable (se admiten m\u00e9todos MKCOL, PUT y GET), o para dirigirse a los usuarios de NextChat y hacer que ejecuten c\u00f3digo JavaScript arbitrario en su navegador. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 2.12.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-385xx/CVE-2024-38518.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38518",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T21:15:03.180",
"lastModified": "2024-06-28T21:15:03.180",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be \"role=moderator\", allowing an attacker to join a meeting as moderator using a join link that was originally created for viewer access. This vulnerability has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7."
},
{
"lang": "es",
"value": "BigBlueButton es un aula virtual de c\u00f3digo abierto dise\u00f1ada para ayudar a los profesores a ense\u00f1ar y a los alumnos a aprender. Un atacante con un enlace de entrada v\u00e1lido para una reuni\u00f3n puede enga\u00f1ar a BigBlueButton para que genere un enlace de entrada firmado con par\u00e1metros adicionales. Uno de esos par\u00e1metros puede ser \"rol=moderador\", lo que permite a un atacante unirse a una reuni\u00f3n como moderador utilizando un enlace para unirse que se cre\u00f3 originalmente para el acceso de los espectadores. Esta vulnerabilidad ha sido parcheada en las versiones 2.6.18, 2.7.8 y 3.0.0-alpha.7."
}
],
"metrics": {

4
CVE-2024/CVE-2024-385xx/CVE-2024-38521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38521",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T16:15:04.577",
"lastModified": "2024-06-28T16:15:04.577",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-385xx/CVE-2024-38522.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38522",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T17:15:03.527",
"lastModified": "2024-06-28T17:15:03.527",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0."
},
{
"lang": "es",
"value": "Hush Line es una l\u00ednea de sugerencias an\u00f3nimas como servicio, gratuita y de c\u00f3digo abierto para organizaciones o individuos. Es f\u00e1cil omitir la pol\u00edtica de CSP aplicada en el sitio web `tips.hushline.app` e incluida de forma predeterminada en este repositorio. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-385xx/CVE-2024-38525.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38525",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T22:15:02.567",
"lastModified": "2024-06-28T22:15:02.567",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2."
},
{
"lang": "es",
"value": "dd-trace-cpp es el seguimiento distribuido de Datadog para C++. Cuando la librer\u00eda no puede extraer el contexto de seguimiento debido a un Unicode con formato incorrecto, registra la lista de encabezados auditados y sus valores utilizando la librer\u00eda JSON `nlohmann`. Sin embargo, debido a la forma en que se invoca la librer\u00eda JSON, genera una excepci\u00f3n no detectada, lo que provoca un bloqueo. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 0.2.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-385xx/CVE-2024-38528.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38528",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T20:15:02.533",
"lastModified": "2024-06-28T20:15:02.533",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. This vulnerability has been patched in version 1.1.3.\n"
},
{
"lang": "es",
"value": "nptd-rs es una herramienta para sincronizar el reloj de tu ordenador, implementando los protocolos NTP y NTS. Falta un l\u00edmite para las conexiones NTS-KE aceptadas. Esto permite que un atacante remoto no autenticado bloquee ntpd-rs cuando se configura un servidor NTS-KE. Las configuraciones de servidor que no son NTS-KE, como la configuraci\u00f3n predeterminada de ntpd-rs, no se ven afectadas. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 1.1.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-385xx/CVE-2024-38531.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38531",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T14:15:03.293",
"lastModified": "2024-06-28T14:15:03.293",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4."
},
{
"lang": "es",
"value": "Nix es un administrador de paquetes para Linux y otros sistemas Unix que hace que la administraci\u00f3n de paquetes sea confiable y reproducible. Un proceso de compilaci\u00f3n tiene acceso y puede cambiar los permisos del directorio de compilaci\u00f3n. Despu\u00e9s de crear un binario setuid en una ubicaci\u00f3n accesible globalmente, un usuario local malicioso puede asumir los permisos de un daemon trabajador de Nix y secuestrar todas las compilaciones futuras. Este problema se solucion\u00f3 en las versiones 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 y 2.18.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-385xx/CVE-2024-38532.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38532",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T22:15:03.157",
"lastModified": "2024-06-28T22:15:03.157",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs\u00b9 that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its `-t` argument. This issue has been patched in commit 26a7."
},
{
"lang": "es",
"value": "El coprocesador de datos (DCP) de NXP es un m\u00f3dulo de hardware integrado para SoC\u00b9 de NXP espec\u00edficos que implementa un motor criptogr\u00e1fico AES dedicado para operaciones de cifrado/descifrado. La implementaci\u00f3n de referencia dcp_tool incluida en el repositorio seleccion\u00f3 la clave de prueba, independientemente de su argumento `-t`. Este problema se solucion\u00f3 en el commit 26a7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-385xx/CVE-2024-38533.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38533",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T22:15:03.720",
"lastModified": "2024-06-28T22:15:03.720",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0."
},
{
"lang": "es",
"value": "ZKsync Era es un paquete acumulativo de capa 2 que utiliza pruebas de conocimiento cero para escalar Ethereum. Es posible que el acceso a la pila no sea v\u00e1lido debido a que las direcciones utilizadas para acceder a la pila no se convierten correctamente en celdas. Este problema se solucion\u00f3 en la versi\u00f3n 1.5.0."
}
],
"metrics": {

25
CVE-2024/CVE-2024-389xx/CVE-2024-38987.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-38987",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:04.717",
"lastModified": "2024-07-01T13:15:04.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/29636943e6989e67f38251580cbcea73",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/AgeOfLearning/aofl/issues/35",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-389xx/CVE-2024-38990.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-38990",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:04.807",
"lastModified": "2024-07-01T13:15:04.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/ae5f6b0d8f5d7de716e6af6d189b2169",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-389xx/CVE-2024-38991.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-38991",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:04.863",
"lastModified": "2024-07-01T13:15:04.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/8851413e3b33a96f191f0e9c81706532",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-389xx/CVE-2024-38992.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-38992",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:04.930",
"lastModified": "2024-07-01T13:15:04.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/10c88b9069229979ac7e52e0efc98055",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-389xx/CVE-2024-38993.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-38993",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:04.987",
"lastModified": "2024-07-01T13:15:04.987",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-389xx/CVE-2024-38994.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-38994",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.047",
"lastModified": "2024-07-01T13:15:05.047",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/02091aa86c6c14c29b9703642439dd03",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-389xx/CVE-2024-38996.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-38996",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.103",
"lastModified": "2024-07-01T13:15:05.103",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-389xx/CVE-2024-38997.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-38997",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.160",
"lastModified": "2024-07-01T13:15:05.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-389xx/CVE-2024-38998.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-38998",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.223",
"lastModified": "2024-07-01T13:15:05.223",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-389xx/CVE-2024-38999.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-38999",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.280",
"lastModified": "2024-07-01T13:15:05.280",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39000.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39000",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.340",
"lastModified": "2024-07-01T13:15:05.340",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-390xx/CVE-2024-39001.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-39001",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.397",
"lastModified": "2024-07-01T13:15:05.397",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39002.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39002",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.450",
"lastModified": "2024-07-01T13:15:05.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39003.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39003",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.513",
"lastModified": "2024-07-01T13:15:05.513",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/02091aa86c6c14c29b9703642439dd03",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39008.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39008",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.590",
"lastModified": "2024-07-01T13:15:05.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/f09a507c8d59fbbb7fd40880cd9b87ed",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39013.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39013",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.650",
"lastModified": "2024-07-01T13:15:05.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/a2be744675af5ece3240c19fd04fc5e1",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39014.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39014",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.703",
"lastModified": "2024-07-01T13:15:05.703",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/0501db31c1a6864a169e47097f26ac57",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39015.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39015",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.767",
"lastModified": "2024-07-01T13:15:05.767",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/7ab061d9eb901cc89652e7666ca3ef52",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39016.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39016",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.823",
"lastModified": "2024-07-01T13:15:05.823",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/865a957857a096221fe6f8b258b282ac",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39017.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39017",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.893",
"lastModified": "2024-07-01T13:15:05.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/039e3e337642e6bb7f36aeddfde41b8b",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-390xx/CVE-2024-39018.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39018",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.950",
"lastModified": "2024-07-01T13:15:05.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function \"query\". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/be75c60307b2292884cc03cebd361f3f",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-393xx/CVE-2024-39302.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39302",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T21:15:03.437",
"lastModified": "2024-06-28T21:15:03.437",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.\n"
},
{
"lang": "es",
"value": "BigBlueButton es un aula virtual de c\u00f3digo abierto dise\u00f1ada para ayudar a los profesores a ense\u00f1ar y a los alumnos a aprender. Un atacante puede explotar los permisos de archivos demasiado elevados en el directorio `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` con el objetivo de escalar privilegios. potencialmente exponer informaci\u00f3n confidencial en el servidor. Este problema se solucion\u00f3 en las versiones 2.6.18, 2.7.8 y 3.0.0-alpha.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39307.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39307",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-28T21:15:03.713",
"lastModified": "2024-06-28T21:15:03.713",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1."
},
{
"lang": "es",
"value": "Kavita es un servidor de lectura multiplataforma. Abrir un libro electr\u00f3nico que contiene scripts maliciosos conduce a la ejecuci\u00f3n del c\u00f3digo dentro del contexto de navegaci\u00f3n. Kavita no sanitiza ni protege el contenido de los epubs, lo que permite que se ejecuten scripts dentro de los libros electr\u00f3nicos. Esta vulnerabilidad fue parcheada en la versi\u00f3n 0.8.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-394xx/CVE-2024-39427.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39427",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-07-01T09:15:06.493",
"lastModified": "2024-07-01T09:15:06.493",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En un servicio trusty, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-394xx/CVE-2024-39428.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39428",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-07-01T09:15:06.720",
"lastModified": "2024-07-01T09:15:06.720",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En un servicio trusty, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-394xx/CVE-2024-39429.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39429",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-07-01T09:15:06.893",
"lastModified": "2024-07-01T09:15:06.893",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En el servicio faceid, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {

8
CVE-2024/CVE-2024-394xx/CVE-2024-39430.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39430",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-07-01T09:15:07.070",
"lastModified": "2024-07-01T09:15:07.070",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En el servicio faceid, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {

8
CVE-2024/CVE-2024-398xx/CVE-2024-39828.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39828",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-28T22:15:04.287",
"lastModified": "2024-06-30T02:15:02.267",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. This was fixed in a hotfix to 1.9.5 on 2024-06-29."
},
{
"lang": "es",
"value": "R74n Sandboxels 1.9 a 1.9.5 permite XSS a trav\u00e9s de un mensaje en un archivo de juego guardado modificado. Esto se solucion\u00f3 en una revisi\u00f3n de 1.9.5 el 29 de junio de 2024."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-398xx/CVE-2024-39840.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39840",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-29T17:15:09.857",
"lastModified": "2024-06-29T17:15:09.857",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects."
},
{
"lang": "es",
"value": "Factorio anterior a 1.1.101 permite que un servidor manipulado ejecute c\u00f3digo arbitrario en clientes a trav\u00e9s de un mapa personalizado que aprovecha la capacidad de ciertas funciones del m\u00f3dulo base de Lua para ejecutar c\u00f3digo de bytes y generar objetos falsos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-398xx/CVE-2024-39846.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39846",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-29T21:15:09.917",
"lastModified": "2024-06-29T21:15:09.917",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use."
},
{
"lang": "es",
"value": "NewPass anterior a 1.2.0 almacena contrase\u00f1as (en lugar de hashes de contrase\u00f1as) directamente, lo que facilita la obtenci\u00f3n de acceso no autorizado a informaci\u00f3n confidencial. NOTA: en cada caso, los datos en reposo se cifran, pero se descifran dentro de la memoria del proceso durante el uso."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-398xx/CVE-2024-39848.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39848",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-29T22:15:02.263",
"lastModified": "2024-06-29T22:15:02.263",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects \"Grouper for Web Services\" before 4.13.1."
},
{
"lang": "es",
"value": "Internet2 Grouper anterior a 5.6 permite omitir la autenticaci\u00f3n cuando la autenticaci\u00f3n LDAP se utiliza de ciertas maneras. Esto est\u00e1 relacionado con internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication y el uso de la contrase\u00f1a UyY29r para la cuenta M3vwHr. Esto tambi\u00e9n afecta a \"Grouper for Web Services\" anteriores a 4.13.1."
}
],
"metrics": {},

21
CVE-2024/CVE-2024-398xx/CVE-2024-39853.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-39853",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:06.013",
"lastModified": "2024-07-01T13:15:06.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-39xx/CVE-2024-3995.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3995",
"sourceIdentifier": "security@puppet.com",
"published": "2024-06-28T20:15:02.820",
"lastModified": "2024-06-28T20:15:02.820",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins."
},
{
"lang": "es",
"value": "En las versiones de Helix ALM anteriores a la 2024.2.0, se identific\u00f3 una inyecci\u00f3n de comando local. Reportado por Bryan Riggins."
}
],
"metrics": {

100
CVE-2024/CVE-2024-40xx/CVE-2024-4007.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-4007",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-07-01T13:15:06.077",
"lastModified": "2024-07-01T13:15:06.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Red",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NEGLIGIBLE",
"automatable": "NO",
"recovery": "USER",
"valueDensity": "DIFFUSE",
"vulnerabilityResponseEffort": "LOW",
"providerUrgency": "RED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@ch.abb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1392"
}
]
}
],
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A6101&LanguageCode=en&DocumentPartId=&Action=Launch",
"source": "cybersecurity@ch.abb.com"
}
]
}

8
CVE-2024/CVE-2024-49xx/CVE-2024-4934.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4934",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-01T06:15:23.847",
"lastModified": "2024-07-01T06:15:23.847",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento Quiz and Survey Master (QSM) WordPress anterior a 9.0.2 no valida ni escapa algunos de sus campos del cuestionario antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el cuestionario, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar ataques de cross site scripting almacenado"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-50xx/CVE-2024-5062.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5062",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-30T16:15:03.217",
"lastModified": "2024-06-30T16:15:03.217",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper validation of the 'redirect' parameter. Consequently, an attacker can execute arbitrary JavaScript code in the context of the user's browser session. This vulnerability could be exploited to steal cookies, potentially leading to account takeover."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado en zenml-io/zenml versi\u00f3n 0.57.1. La vulnerabilidad existe debido a una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de la p\u00e1gina web, espec\u00edficamente dentro del par\u00e1metro de redireccionamiento de la encuesta. Esta falla permite a un atacante redirigir a los usuarios a una URL espec\u00edfica despu\u00e9s de completar una encuesta, sin una validaci\u00f3n adecuada del par\u00e1metro \"redirect\". En consecuencia, un atacante puede ejecutar c\u00f3digo JavaScript arbitrario en el contexto de la sesi\u00f3n del navegador del usuario. Esta vulnerabilidad podr\u00eda aprovecharse para robar cookies, lo que podr\u00eda llevar a la apropiaci\u00f3n de cuentas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-51xx/CVE-2024-5192.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5192",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-29T05:15:02.633",
"lastModified": "2024-06-29T05:15:02.633",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mimes\u2019 parameter in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'mimes' en todas las versiones hasta la 3.3.1 incluida debido a una sanitizaci\u00f3n insuficiente de los insumos y a fugas de productos. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-55xx/CVE-2024-5598.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5598",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-29T05:15:02.960",
"lastModified": "2024-06-29T05:15:02.960",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder."
},
{
"lang": "es",
"value": "El complemento Advanced File Manager para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 5.2.4 incluida a trav\u00e9s de la funci\u00f3n 'fma_local_file_system'. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluidas copias de seguridad u otra informaci\u00f3n confidencial, si los archivos se han movido a la carpeta Papelera integrada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-56xx/CVE-2024-5666.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5666",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-29T07:15:02.657",
"lastModified": "2024-06-29T07:15:02.657",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Extensiones para Elementor para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'url' dentro del widget EE Button en todas las versiones hasta la 2.0.30 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de Colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-57xx/CVE-2024-5712.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5712",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-28T20:15:02.937",
"lastModified": "2024-06-28T20:15:02.937",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in stitionai/devika"
},
{
"lang": "es",
"value": "Cross-Site Request Forgery (CSRF) en stitionai/devika"
}
],
"metrics": {

8
CVE-2024/CVE-2024-57xx/CVE-2024-5790.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5790",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-29T07:15:03.130",
"lastModified": "2024-06-29T07:15:03.130",
"vulnStatus": "Received",
"lastModified": "2024-07-01T12:37:24.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Happy Addons para Elementor para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo 'url' dentro del widget de encabezado de degradado del complemento en todas las versiones hasta la 3.11.1 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de Colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More