From 90307445be8db6c7ecbfe787900d81b98fb39d78 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 22 Dec 2024 03:03:49 +0000 Subject: [PATCH] Auto-Update: 2024-12-22T03:00:24.601826+00:00 --- CVE-2015/CVE-2015-03xx/CVE-2015-0310.json | 2 +- CVE-2020/CVE-2020-124xx/CVE-2020-12484.json | 6 +- CVE-2020/CVE-2020-124xx/CVE-2020-12487.json | 6 +- CVE-2020/CVE-2020-128xx/CVE-2020-12819.json | 4 + CVE-2020/CVE-2020-128xx/CVE-2020-12820.json | 4 + CVE-2020/CVE-2020-159xx/CVE-2020-15934.json | 4 + CVE-2020/CVE-2020-69xx/CVE-2020-6923.json | 4 + CVE-2021/CVE-2021-205xx/CVE-2021-20553.json | 4 + CVE-2021/CVE-2021-225xx/CVE-2021-22501.json | 4 + CVE-2021/CVE-2021-260xx/CVE-2021-26093.json | 4 + CVE-2021/CVE-2021-261xx/CVE-2021-26102.json | 4 + CVE-2021/CVE-2021-261xx/CVE-2021-26115.json | 4 + CVE-2021/CVE-2021-262xx/CVE-2021-26278.json | 6 +- CVE-2021/CVE-2021-262xx/CVE-2021-26279.json | 6 +- CVE-2021/CVE-2021-262xx/CVE-2021-26280.json | 6 +- CVE-2021/CVE-2021-262xx/CVE-2021-26281.json | 6 +- CVE-2021/CVE-2021-298xx/CVE-2021-29827.json | 4 + CVE-2021/CVE-2021-325xx/CVE-2021-32589.json | 4 + CVE-2021/CVE-2021-380xx/CVE-2021-38023.json | 2 +- CVE-2021/CVE-2021-390xx/CVE-2021-39081.json | 4 + CVE-2021/CVE-2021-469xx/CVE-2021-46979.json | 2 +- CVE-2021/CVE-2021-469xx/CVE-2021-46980.json | 2 +- CVE-2021/CVE-2021-469xx/CVE-2021-46982.json | 2 +- CVE-2021/CVE-2021-469xx/CVE-2021-46986.json | 2 +- CVE-2021/CVE-2021-469xx/CVE-2021-46988.json | 2 +- CVE-2021/CVE-2021-469xx/CVE-2021-46990.json | 2 +- CVE-2021/CVE-2021-469xx/CVE-2021-46992.json | 2 +- CVE-2021/CVE-2021-469xx/CVE-2021-46993.json | 2 +- CVE-2021/CVE-2021-469xx/CVE-2021-46997.json | 2 +- CVE-2022/CVE-2022-275xx/CVE-2022-27595.json | 4 + CVE-2022/CVE-2022-276xx/CVE-2022-27600.json | 4 + CVE-2022/CVE-2022-339xx/CVE-2022-33954.json | 4 + CVE-2022/CVE-2022-407xx/CVE-2022-40732.json | 4 + CVE-2022/CVE-2022-407xx/CVE-2022-40733.json | 4 + CVE-2022/CVE-2022-434xx/CVE-2022-43472.json | 4 + CVE-2022/CVE-2022-438xx/CVE-2022-43880.json | 2 +- CVE-2022/CVE-2022-445xx/CVE-2022-44512.json | 4 + CVE-2022/CVE-2022-445xx/CVE-2022-44513.json | 4 + CVE-2022/CVE-2022-445xx/CVE-2022-44514.json | 4 + CVE-2022/CVE-2022-445xx/CVE-2022-44515.json | 4 + CVE-2022/CVE-2022-445xx/CVE-2022-44516.json | 4 + CVE-2022/CVE-2022-445xx/CVE-2022-44517.json | 4 + CVE-2022/CVE-2022-445xx/CVE-2022-44518.json | 4 + CVE-2022/CVE-2022-445xx/CVE-2022-44519.json | 4 + CVE-2022/CVE-2022-445xx/CVE-2022-44520.json | 4 + CVE-2022/CVE-2022-445xx/CVE-2022-44578.json | 4 + CVE-2022/CVE-2022-458xx/CVE-2022-45806.json | 4 + CVE-2022/CVE-2022-458xx/CVE-2022-45819.json | 4 + CVE-2022/CVE-2022-458xx/CVE-2022-45826.json | 4 + CVE-2022/CVE-2022-458xx/CVE-2022-45840.json | 4 + CVE-2022/CVE-2022-458xx/CVE-2022-45841.json | 4 + CVE-2022/CVE-2022-467xx/CVE-2022-46795.json | 4 + CVE-2022/CVE-2022-467xx/CVE-2022-46796.json | 4 + CVE-2022/CVE-2022-468xx/CVE-2022-46807.json | 4 + CVE-2022/CVE-2022-468xx/CVE-2022-46811.json | 4 + CVE-2022/CVE-2022-468xx/CVE-2022-46838.json | 4 + CVE-2022/CVE-2022-468xx/CVE-2022-46840.json | 4 + CVE-2022/CVE-2022-468xx/CVE-2022-46846.json | 4 + CVE-2022/CVE-2022-471xx/CVE-2022-47168.json | 4 + CVE-2022/CVE-2022-471xx/CVE-2022-47176.json | 4 + CVE-2022/CVE-2022-471xx/CVE-2022-47182.json | 4 + CVE-2022/CVE-2022-474xx/CVE-2022-47429.json | 4 + CVE-2022/CVE-2022-475xx/CVE-2022-47594.json | 4 + CVE-2022/CVE-2022-486xx/CVE-2022-48695.json | 2 +- CVE-2023/CVE-2023-215xx/CVE-2023-21586.json | 4 + CVE-2023/CVE-2023-226xx/CVE-2023-22697.json | 4 + CVE-2023/CVE-2023-233xx/CVE-2023-23354.json | 4 + CVE-2023/CVE-2023-233xx/CVE-2023-23356.json | 4 + CVE-2023/CVE-2023-233xx/CVE-2023-23357.json | 4 + CVE-2023/CVE-2023-259xx/CVE-2023-25988.json | 4 + CVE-2023/CVE-2023-272xx/CVE-2023-27291.json | 2 +- CVE-2023/CVE-2023-274xx/CVE-2023-27456.json | 4 + CVE-2023/CVE-2023-289xx/CVE-2023-28990.json | 4 + CVE-2023/CVE-2023-294xx/CVE-2023-29476.json | 6 +- CVE-2023/CVE-2023-304xx/CVE-2023-30443.json | 4 + CVE-2023/CVE-2023-304xx/CVE-2023-30490.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32506.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32507.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32519.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32520.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32574.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32581.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32585.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32586.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32593.json | 4 + CVE-2023/CVE-2023-325xx/CVE-2023-32599.json | 4 + CVE-2023/CVE-2023-326xx/CVE-2023-32601.json | 4 + CVE-2023/CVE-2023-327xx/CVE-2023-32798.json | 4 + CVE-2023/CVE-2023-329xx/CVE-2023-32963.json | 4 + CVE-2023/CVE-2023-332xx/CVE-2023-33215.json | 4 + CVE-2023/CVE-2023-333xx/CVE-2023-33324.json | 4 + CVE-2023/CVE-2023-339xx/CVE-2023-33928.json | 4 + CVE-2023/CVE-2023-339xx/CVE-2023-33994.json | 4 + CVE-2023/CVE-2023-339xx/CVE-2023-33995.json | 4 + CVE-2023/CVE-2023-339xx/CVE-2023-33996.json | 4 + CVE-2023/CVE-2023-339xx/CVE-2023-33998.json | 4 + CVE-2023/CVE-2023-340xx/CVE-2023-34009.json | 4 + CVE-2023/CVE-2023-340xx/CVE-2023-34014.json | 4 + CVE-2023/CVE-2023-340xx/CVE-2023-34019.json | 4 + CVE-2023/CVE-2023-343xx/CVE-2023-34376.json | 4 + CVE-2023/CVE-2023-343xx/CVE-2023-34381.json | 4 + CVE-2023/CVE-2023-343xx/CVE-2023-34387.json | 4 + CVE-2023/CVE-2023-349xx/CVE-2023-34990.json | 6 +- CVE-2023/CVE-2023-350xx/CVE-2023-35037.json | 4 + CVE-2023/CVE-2023-350xx/CVE-2023-35046.json | 4 + CVE-2023/CVE-2023-350xx/CVE-2023-35051.json | 4 + CVE-2023/CVE-2023-350xx/CVE-2023-35052.json | 4 + CVE-2023/CVE-2023-357xx/CVE-2023-35777.json | 4 + CVE-2023/CVE-2023-358xx/CVE-2023-35875.json | 4 + CVE-2023/CVE-2023-365xx/CVE-2023-36506.json | 4 + CVE-2023/CVE-2023-365xx/CVE-2023-36509.json | 4 + CVE-2023/CVE-2023-365xx/CVE-2023-36510.json | 4 + CVE-2023/CVE-2023-365xx/CVE-2023-36518.json | 4 + CVE-2023/CVE-2023-365xx/CVE-2023-36519.json | 4 + CVE-2023/CVE-2023-365xx/CVE-2023-36526.json | 4 + CVE-2023/CVE-2023-365xx/CVE-2023-36528.json | 4 + CVE-2023/CVE-2023-365xx/CVE-2023-36531.json | 4 + CVE-2023/CVE-2023-366xx/CVE-2023-36680.json | 4 + CVE-2023/CVE-2023-366xx/CVE-2023-36681.json | 4 + CVE-2023/CVE-2023-378xx/CVE-2023-37887.json | 4 + CVE-2023/CVE-2023-379xx/CVE-2023-37940.json | 6 +- CVE-2023/CVE-2023-379xx/CVE-2023-37967.json | 4 + CVE-2023/CVE-2023-379xx/CVE-2023-37969.json | 4 + CVE-2023/CVE-2023-379xx/CVE-2023-37971.json | 4 + CVE-2023/CVE-2023-379xx/CVE-2023-37984.json | 4 + CVE-2023/CVE-2023-379xx/CVE-2023-37987.json | 4 + CVE-2023/CVE-2023-379xx/CVE-2023-37989.json | 4 + CVE-2023/CVE-2023-383xx/CVE-2023-38383.json | 4 + CVE-2023/CVE-2023-383xx/CVE-2023-38385.json | 4 + CVE-2023/CVE-2023-384xx/CVE-2023-38475.json | 4 + CVE-2023/CVE-2023-384xx/CVE-2023-38477.json | 4 + CVE-2023/CVE-2023-384xx/CVE-2023-38479.json | 4 + CVE-2023/CVE-2023-384xx/CVE-2023-38480.json | 4 + CVE-2023/CVE-2023-384xx/CVE-2023-38483.json | 4 + CVE-2023/CVE-2023-385xx/CVE-2023-38514.json | 4 + CVE-2023/CVE-2023-393xx/CVE-2023-39305.json | 4 + CVE-2023/CVE-2023-399xx/CVE-2023-39920.json | 4 + CVE-2023/CVE-2023-399xx/CVE-2023-39995.json | 4 + CVE-2023/CVE-2023-399xx/CVE-2023-39996.json | 4 + CVE-2023/CVE-2023-399xx/CVE-2023-39997.json | 4 + CVE-2023/CVE-2023-400xx/CVE-2023-40001.json | 4 + CVE-2023/CVE-2023-400xx/CVE-2023-40003.json | 4 + CVE-2023/CVE-2023-400xx/CVE-2023-40005.json | 4 + CVE-2023/CVE-2023-400xx/CVE-2023-40011.json | 4 + CVE-2023/CVE-2023-402xx/CVE-2023-40203.json | 4 + CVE-2023/CVE-2023-402xx/CVE-2023-40213.json | 4 + CVE-2023/CVE-2023-403xx/CVE-2023-40331.json | 4 + CVE-2023/CVE-2023-403xx/CVE-2023-40334.json | 4 + CVE-2023/CVE-2023-406xx/CVE-2023-40670.json | 4 + CVE-2023/CVE-2023-406xx/CVE-2023-40678.json | 4 + CVE-2023/CVE-2023-411xx/CVE-2023-41130.json | 4 + CVE-2023/CVE-2023-411xx/CVE-2023-41132.json | 4 + CVE-2023/CVE-2023-411xx/CVE-2023-41133.json | 4 + CVE-2023/CVE-2023-416xx/CVE-2023-41649.json | 4 + CVE-2023/CVE-2023-416xx/CVE-2023-41664.json | 4 + CVE-2023/CVE-2023-416xx/CVE-2023-41671.json | 4 + CVE-2023/CVE-2023-416xx/CVE-2023-41683.json | 4 + CVE-2023/CVE-2023-416xx/CVE-2023-41686.json | 4 + CVE-2023/CVE-2023-416xx/CVE-2023-41688.json | 4 + CVE-2023/CVE-2023-416xx/CVE-2023-41689.json | 4 + CVE-2023/CVE-2023-416xx/CVE-2023-41690.json | 4 + CVE-2023/CVE-2023-416xx/CVE-2023-41695.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41802.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41803.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41848.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41849.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41857.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41862.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41865.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41866.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41869.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41870.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41873.json | 4 + CVE-2023/CVE-2023-418xx/CVE-2023-41875.json | 4 + CVE-2023/CVE-2023-419xx/CVE-2023-41951.json | 4 + CVE-2023/CVE-2023-419xx/CVE-2023-41952.json | 4 + CVE-2023/CVE-2023-430xx/CVE-2023-43054.json | 2 +- CVE-2023/CVE-2023-441xx/CVE-2023-44142.json | 4 + CVE-2023/CVE-2023-441xx/CVE-2023-44147.json | 4 + CVE-2023/CVE-2023-441xx/CVE-2023-44149.json | 4 + CVE-2023/CVE-2023-46xx/CVE-2023-4617.json | 4 + CVE-2023/CVE-2023-477xx/CVE-2023-47742.json | 2 +- CVE-2023/CVE-2023-477xx/CVE-2023-47745.json | 2 +- CVE-2023/CVE-2023-48xx/CVE-2023-4860.json | 2 +- CVE-2023/CVE-2023-509xx/CVE-2023-50956.json | 6 +- CVE-2023/CVE-2023-526xx/CVE-2023-52649.json | 2 +- CVE-2023/CVE-2023-526xx/CVE-2023-52650.json | 2 +- CVE-2023/CVE-2023-70xx/CVE-2023-7010.json | 2 +- CVE-2023/CVE-2023-70xx/CVE-2023-7011.json | 2 +- CVE-2023/CVE-2023-70xx/CVE-2023-7012.json | 2 +- CVE-2023/CVE-2023-72xx/CVE-2023-7261.json | 2 +- CVE-2023/CVE-2023-72xx/CVE-2023-7281.json | 2 +- CVE-2023/CVE-2023-72xx/CVE-2023-7282.json | 2 +- CVE-2024/CVE-2024-07xx/CVE-2024-0765.json | 2 +- CVE-2024/CVE-2024-102xx/CVE-2024-10205.json | 6 +- CVE-2024/CVE-2024-102xx/CVE-2024-10244.json | 4 + CVE-2024/CVE-2024-103xx/CVE-2024-10356.json | 6 +- CVE-2024/CVE-2024-104xx/CVE-2024-10476.json | 6 +- CVE-2024/CVE-2024-104xx/CVE-2024-10487.json | 2 +- CVE-2024/CVE-2024-104xx/CVE-2024-10488.json | 2 +- CVE-2024/CVE-2024-105xx/CVE-2024-10548.json | 4 + CVE-2024/CVE-2024-106xx/CVE-2024-10646.json | 6 +- CVE-2024/CVE-2024-106xx/CVE-2024-10690.json | 6 +- CVE-2024/CVE-2024-108xx/CVE-2024-10826.json | 2 +- CVE-2024/CVE-2024-108xx/CVE-2024-10827.json | 2 +- CVE-2024/CVE-2024-108xx/CVE-2024-10892.json | 6 +- CVE-2024/CVE-2024-109xx/CVE-2024-10972.json | 6 +- CVE-2024/CVE-2024-109xx/CVE-2024-10973.json | 6 +- CVE-2024/CVE-2024-10xx/CVE-2024-1093.json | 2 +- CVE-2024/CVE-2024-10xx/CVE-2024-1095.json | 2 +- CVE-2024/CVE-2024-110xx/CVE-2024-11095.json | 6 +- CVE-2024/CVE-2024-111xx/CVE-2024-11110.json | 2 +- CVE-2024/CVE-2024-111xx/CVE-2024-11111.json | 2 +- CVE-2024/CVE-2024-111xx/CVE-2024-11112.json | 2 +- CVE-2024/CVE-2024-111xx/CVE-2024-11113.json | 2 +- CVE-2024/CVE-2024-111xx/CVE-2024-11114.json | 2 +- CVE-2024/CVE-2024-111xx/CVE-2024-11115.json | 2 +- CVE-2024/CVE-2024-111xx/CVE-2024-11116.json | 2 +- CVE-2024/CVE-2024-111xx/CVE-2024-11117.json | 2 +- CVE-2024/CVE-2024-111xx/CVE-2024-11144.json | 6 +- CVE-2024/CVE-2024-111xx/CVE-2024-11157.json | 4 + CVE-2024/CVE-2024-112xx/CVE-2024-11254.json | 6 +- CVE-2024/CVE-2024-112xx/CVE-2024-11280.json | 6 +- CVE-2024/CVE-2024-112xx/CVE-2024-11291.json | 6 +- CVE-2024/CVE-2024-112xx/CVE-2024-11294.json | 6 +- CVE-2024/CVE-2024-112xx/CVE-2024-11295.json | 6 +- CVE-2024/CVE-2024-113xx/CVE-2024-11358.json | 6 +- CVE-2024/CVE-2024-113xx/CVE-2024-11364.json | 4 + CVE-2024/CVE-2024-114xx/CVE-2024-11422.json | 6 +- CVE-2024/CVE-2024-114xx/CVE-2024-11439.json | 6 +- CVE-2024/CVE-2024-114xx/CVE-2024-11462.json | 6 +- CVE-2024/CVE-2024-115xx/CVE-2024-11578.json | 2 +- CVE-2024/CVE-2024-116xx/CVE-2024-11614.json | 6 +- CVE-2024/CVE-2024-116xx/CVE-2024-11616.json | 4 + CVE-2024/CVE-2024-117xx/CVE-2024-11710.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11711.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11712.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11713.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11714.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11715.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11720.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11721.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11740.json | 4 + CVE-2024/CVE-2024-117xx/CVE-2024-11748.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11751.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11752.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11755.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11759.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11763.json | 6 +- CVE-2024/CVE-2024-117xx/CVE-2024-11768.json | 4 + CVE-2024/CVE-2024-117xx/CVE-2024-11770.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11827.json | 4 + CVE-2024/CVE-2024-118xx/CVE-2024-11841.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11852.json | 64 + CVE-2024/CVE-2024-118xx/CVE-2024-11855.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11858.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11865.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11867.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11869.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11873.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11876.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11877.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11879.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11881.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11883.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11884.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11888.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11889.json | 6 +- CVE-2024/CVE-2024-118xx/CVE-2024-11894.json | 6 +- CVE-2024/CVE-2024-119xx/CVE-2024-11900.json | 6 +- CVE-2024/CVE-2024-119xx/CVE-2024-11902.json | 6 +- CVE-2024/CVE-2024-119xx/CVE-2024-11905.json | 6 +- CVE-2024/CVE-2024-119xx/CVE-2024-11906.json | 6 +- CVE-2024/CVE-2024-119xx/CVE-2024-11912.json | 6 +- CVE-2024/CVE-2024-119xx/CVE-2024-11926.json | 6 +- CVE-2024/CVE-2024-119xx/CVE-2024-11986.json | 4 + CVE-2024/CVE-2024-119xx/CVE-2024-11993.json | 6 +- CVE-2024/CVE-2024-119xx/CVE-2024-11999.json | 6 +- CVE-2024/CVE-2024-11xx/CVE-2024-1178.json | 2 +- CVE-2024/CVE-2024-11xx/CVE-2024-1191.json | 2 +- CVE-2024/CVE-2024-11xx/CVE-2024-1192.json | 2 +- CVE-2024/CVE-2024-120xx/CVE-2024-12024.json | 6 +- CVE-2024/CVE-2024-120xx/CVE-2024-12025.json | 6 +- CVE-2024/CVE-2024-120xx/CVE-2024-12053.json | 2 +- CVE-2024/CVE-2024-120xx/CVE-2024-12061.json | 6 +- CVE-2024/CVE-2024-120xx/CVE-2024-12089.json | 6 +- CVE-2024/CVE-2024-120xx/CVE-2024-12090.json | 6 +- CVE-2024/CVE-2024-120xx/CVE-2024-12091.json | 6 +- CVE-2024/CVE-2024-120xx/CVE-2024-12092.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12111.json | 4 + CVE-2024/CVE-2024-121xx/CVE-2024-12121.json | 4 + CVE-2024/CVE-2024-121xx/CVE-2024-12127.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12175.json | 4 + CVE-2024/CVE-2024-121xx/CVE-2024-12178.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12179.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12191.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12192.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12193.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12194.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12197.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12198.json | 6 +- CVE-2024/CVE-2024-121xx/CVE-2024-12199.json | 6 +- CVE-2024/CVE-2024-122xx/CVE-2024-12200.json | 6 +- CVE-2024/CVE-2024-122xx/CVE-2024-12219.json | 6 +- CVE-2024/CVE-2024-122xx/CVE-2024-12220.json | 6 +- CVE-2024/CVE-2024-122xx/CVE-2024-12239.json | 6 +- CVE-2024/CVE-2024-122xx/CVE-2024-12250.json | 6 +- CVE-2024/CVE-2024-122xx/CVE-2024-12259.json | 6 +- CVE-2024/CVE-2024-122xx/CVE-2024-12287.json | 6 +- CVE-2024/CVE-2024-122xx/CVE-2024-12293.json | 6 +- CVE-2024/CVE-2024-123xx/CVE-2024-12331.json | 4 + CVE-2024/CVE-2024-123xx/CVE-2024-12340.json | 6 +- CVE-2024/CVE-2024-123xx/CVE-2024-12362.json | 6 +- CVE-2024/CVE-2024-123xx/CVE-2024-12369.json | 4 +- CVE-2024/CVE-2024-123xx/CVE-2024-12371.json | 6 +- CVE-2024/CVE-2024-123xx/CVE-2024-12372.json | 6 +- CVE-2024/CVE-2024-123xx/CVE-2024-12373.json | 6 +- CVE-2024/CVE-2024-123xx/CVE-2024-12395.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12411.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12422.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12432.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12443.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12446.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12447.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12448.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12449.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12454.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12458.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12459.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12469.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12474.json | 6 +- CVE-2024/CVE-2024-124xx/CVE-2024-12478.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12500.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12501.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12502.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12513.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12517.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12523.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12539.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12552.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12553.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12554.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12555.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12560.json | 4 + CVE-2024/CVE-2024-125xx/CVE-2024-12578.json | 6 +- CVE-2024/CVE-2024-125xx/CVE-2024-12596.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12601.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12626.json | 4 + CVE-2024/CVE-2024-126xx/CVE-2024-12628.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12641.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12642.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12643.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12644.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12645.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12646.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12661.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12663.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12668.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12669.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12670.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12671.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12686.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12687.json | 6 +- CVE-2024/CVE-2024-126xx/CVE-2024-12692.json | 4 + CVE-2024/CVE-2024-126xx/CVE-2024-12693.json | 4 + CVE-2024/CVE-2024-126xx/CVE-2024-12694.json | 4 + CVE-2024/CVE-2024-126xx/CVE-2024-12695.json | 4 + CVE-2024/CVE-2024-126xx/CVE-2024-12698.json | 6 +- CVE-2024/CVE-2024-127xx/CVE-2024-12727.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12728.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12729.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12741.json | 6 +- CVE-2024/CVE-2024-127xx/CVE-2024-12782.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12783.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12784.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12785.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12786.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12787.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12788.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12789.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12790.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12791.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12792.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12793.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12794.json | 4 + CVE-2024/CVE-2024-127xx/CVE-2024-12798.json | 4 + CVE-2024/CVE-2024-128xx/CVE-2024-12801.json | 4 + CVE-2024/CVE-2024-12xx/CVE-2024-1285.json | 2 +- CVE-2024/CVE-2024-13xx/CVE-2024-1381.json | 2 +- CVE-2024/CVE-2024-14xx/CVE-2024-1478.json | 2 +- CVE-2024/CVE-2024-16xx/CVE-2024-1610.json | 6 +- CVE-2024/CVE-2024-16xx/CVE-2024-1694.json | 2 +- CVE-2024/CVE-2024-17xx/CVE-2024-1731.json | 2 +- CVE-2024/CVE-2024-17xx/CVE-2024-1748.json | 2 +- CVE-2024/CVE-2024-17xx/CVE-2024-1749.json | 2 +- CVE-2024/CVE-2024-17xx/CVE-2024-1750.json | 2 +- CVE-2024/CVE-2024-17xx/CVE-2024-1769.json | 2 +- CVE-2024/CVE-2024-17xx/CVE-2024-1782.json | 2 +- CVE-2024/CVE-2024-18xx/CVE-2024-1887.json | 2 +- CVE-2024/CVE-2024-18xx/CVE-2024-1888.json | 2 +- CVE-2024/CVE-2024-208xx/CVE-2024-20837.json | 2 +- CVE-2024/CVE-2024-208xx/CVE-2024-20838.json | 2 +- CVE-2024/CVE-2024-208xx/CVE-2024-20839.json | 2 +- CVE-2024/CVE-2024-213xx/CVE-2024-21330.json | 2 +- CVE-2024/CVE-2024-214xx/CVE-2024-21411.json | 2 +- CVE-2024/CVE-2024-214xx/CVE-2024-21418.json | 2 +- CVE-2024/CVE-2024-214xx/CVE-2024-21421.json | 2 +- CVE-2024/CVE-2024-215xx/CVE-2024-21546.json | 6 +- CVE-2024/CVE-2024-215xx/CVE-2024-21547.json | 6 +- CVE-2024/CVE-2024-215xx/CVE-2024-21548.json | 6 +- CVE-2024/CVE-2024-215xx/CVE-2024-21576.json | 4 + CVE-2024/CVE-2024-215xx/CVE-2024-21577.json | 4 + CVE-2024/CVE-2024-21xx/CVE-2024-2145.json | 2 +- CVE-2024/CVE-2024-21xx/CVE-2024-2155.json | 2 +- CVE-2024/CVE-2024-21xx/CVE-2024-2156.json | 2 +- CVE-2024/CVE-2024-223xx/CVE-2024-22355.json | 2 +- CVE-2024/CVE-2024-224xx/CVE-2024-22461.json | 4 + CVE-2024/CVE-2024-22xx/CVE-2024-2201.json | 4 + CVE-2024/CVE-2024-234xx/CVE-2024-23488.json | 2 +- CVE-2024/CVE-2024-234xx/CVE-2024-23493.json | 2 +- CVE-2024/CVE-2024-247xx/CVE-2024-24772.json | 2 +- CVE-2024/CVE-2024-247xx/CVE-2024-24773.json | 2 +- CVE-2024/CVE-2024-247xx/CVE-2024-24779.json | 2 +- CVE-2024/CVE-2024-249xx/CVE-2024-24902.json | 4 + CVE-2024/CVE-2024-249xx/CVE-2024-24988.json | 2 +- CVE-2024/CVE-2024-250xx/CVE-2024-25042.json | 6 +- CVE-2024/CVE-2024-251xx/CVE-2024-25131.json | 4 + CVE-2024/CVE-2024-260xx/CVE-2024-26016.json | 2 +- CVE-2024/CVE-2024-268xx/CVE-2024-26811.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26958.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26961.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26962.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26964.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26966.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26967.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26968.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26969.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26974.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26975.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26981.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26983.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26989.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26993.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26995.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26996.json | 2 +- CVE-2024/CVE-2024-269xx/CVE-2024-26998.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27002.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27003.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27010.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27011.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27024.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27025.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27029.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27030.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27031.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27033.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27038.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27042.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27043.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27044.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27045.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27046.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27047.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27048.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27049.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27051.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27060.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27064.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27068.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27070.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27071.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27074.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27076.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27077.json | 2 +- CVE-2024/CVE-2024-270xx/CVE-2024-27078.json | 2 +- CVE-2024/CVE-2024-272xx/CVE-2024-27255.json | 2 +- CVE-2024/CVE-2024-272xx/CVE-2024-27295.json | 2 +- CVE-2024/CVE-2024-272xx/CVE-2024-27296.json | 2 +- CVE-2024/CVE-2024-273xx/CVE-2024-27315.json | 2 +- CVE-2024/CVE-2024-273xx/CVE-2024-27392.json | 2 +- CVE-2024/CVE-2024-279xx/CVE-2024-27921.json | 2 +- CVE-2024/CVE-2024-279xx/CVE-2024-27923.json | 2 +- CVE-2024/CVE-2024-280xx/CVE-2024-28084.json | 2 +- CVE-2024/CVE-2024-280xx/CVE-2024-28088.json | 2 +- CVE-2024/CVE-2024-281xx/CVE-2024-28116.json | 2 +- CVE-2024/CVE-2024-281xx/CVE-2024-28117.json | 2 +- CVE-2024/CVE-2024-281xx/CVE-2024-28118.json | 2 +- CVE-2024/CVE-2024-281xx/CVE-2024-28119.json | 2 +- CVE-2024/CVE-2024-282xx/CVE-2024-28237.json | 2 +- CVE-2024/CVE-2024-282xx/CVE-2024-28238.json | 2 +- CVE-2024/CVE-2024-282xx/CVE-2024-28239.json | 2 +- CVE-2024/CVE-2024-289xx/CVE-2024-28980.json | 4 + CVE-2024/CVE-2024-290xx/CVE-2024-29029.json | 2 +- CVE-2024/CVE-2024-296xx/CVE-2024-29646.json | 6 +- CVE-2024/CVE-2024-316xx/CVE-2024-31668.json | 6 +- CVE-2024/CVE-2024-318xx/CVE-2024-31891.json | 6 +- CVE-2024/CVE-2024-318xx/CVE-2024-31892.json | 6 +- CVE-2024/CVE-2024-324xx/CVE-2024-32461.json | 2 +- CVE-2024/CVE-2024-324xx/CVE-2024-32479.json | 2 +- CVE-2024/CVE-2024-324xx/CVE-2024-32480.json | 2 +- CVE-2024/CVE-2024-326xx/CVE-2024-32645.json | 2 +- CVE-2024/CVE-2024-326xx/CVE-2024-32646.json | 2 +- CVE-2024/CVE-2024-326xx/CVE-2024-32647.json | 2 +- CVE-2024/CVE-2024-326xx/CVE-2024-32648.json | 2 +- CVE-2024/CVE-2024-326xx/CVE-2024-32649.json | 2 +- CVE-2024/CVE-2024-340xx/CVE-2024-34082.json | 2 +- CVE-2024/CVE-2024-347xx/CVE-2024-34708.json | 2 +- CVE-2024/CVE-2024-347xx/CVE-2024-34709.json | 2 +- CVE-2024/CVE-2024-351xx/CVE-2024-35141.json | 4 + CVE-2024/CVE-2024-352xx/CVE-2024-35230.json | 4 + CVE-2024/CVE-2024-361xx/CVE-2024-36128.json | 2 +- CVE-2024/CVE-2024-366xx/CVE-2024-36694.json | 6 +- CVE-2024/CVE-2024-368xx/CVE-2024-36831.json | 6 +- CVE-2024/CVE-2024-368xx/CVE-2024-36832.json | 6 +- CVE-2024/CVE-2024-372xx/CVE-2024-37251.json | 6 +- CVE-2024/CVE-2024-376xx/CVE-2024-37605.json | 6 +- CVE-2024/CVE-2024-376xx/CVE-2024-37606.json | 6 +- CVE-2024/CVE-2024-376xx/CVE-2024-37607.json | 6 +- CVE-2024/CVE-2024-376xx/CVE-2024-37649.json | 4 + CVE-2024/CVE-2024-379xx/CVE-2024-37962.json | 4 + CVE-2024/CVE-2024-382xx/CVE-2024-38264.json | 2 +- CVE-2024/CVE-2024-384xx/CVE-2024-38488.json | 4 + CVE-2024/CVE-2024-388xx/CVE-2024-38819.json | 4 + CVE-2024/CVE-2024-388xx/CVE-2024-38864.json | 4 + CVE-2024/CVE-2024-397xx/CVE-2024-39703.json | 6 +- CVE-2024/CVE-2024-398xx/CVE-2024-39804.json | 4 + CVE-2024/CVE-2024-398xx/CVE-2024-39895.json | 2 +- CVE-2024/CVE-2024-398xx/CVE-2024-39896.json | 2 +- CVE-2024/CVE-2024-411xx/CVE-2024-41138.json | 4 + CVE-2024/CVE-2024-411xx/CVE-2024-41145.json | 4 + CVE-2024/CVE-2024-411xx/CVE-2024-41159.json | 4 + CVE-2024/CVE-2024-411xx/CVE-2024-41165.json | 4 + CVE-2024/CVE-2024-417xx/CVE-2024-41752.json | 6 +- CVE-2024/CVE-2024-421xx/CVE-2024-42194.json | 6 +- CVE-2024/CVE-2024-42xx/CVE-2024-4229.json | 4 + CVE-2024/CVE-2024-42xx/CVE-2024-4230.json | 4 + CVE-2024/CVE-2024-434xx/CVE-2024-43447.json | 2 +- CVE-2024/CVE-2024-434xx/CVE-2024-43449.json | 2 +- CVE-2024/CVE-2024-434xx/CVE-2024-43450.json | 2 +- CVE-2024/CVE-2024-434xx/CVE-2024-43452.json | 2 +- CVE-2024/CVE-2024-435xx/CVE-2024-43530.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43600.json | 4 +- CVE-2024/CVE-2024-436xx/CVE-2024-43620.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43621.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43622.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43623.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43624.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43626.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43627.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43628.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43629.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43630.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43633.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43634.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43635.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43636.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43637.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43638.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43639.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43640.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43641.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43642.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43643.json | 2 +- CVE-2024/CVE-2024-436xx/CVE-2024-43644.json | 2 +- CVE-2024/CVE-2024-44xx/CVE-2024-4464.json | 6 +- CVE-2024/CVE-2024-450xx/CVE-2024-45082.json | 6 +- CVE-2024/CVE-2024-453xx/CVE-2024-45338.json | 6 +- CVE-2024/CVE-2024-454xx/CVE-2024-45496.json | 2 +- CVE-2024/CVE-2024-458xx/CVE-2024-45818.json | 4 + CVE-2024/CVE-2024-458xx/CVE-2024-45819.json | 4 + CVE-2024/CVE-2024-470xx/CVE-2024-47038.json | 6 +- CVE-2024/CVE-2024-470xx/CVE-2024-47039.json | 6 +- CVE-2024/CVE-2024-470xx/CVE-2024-47040.json | 6 +- CVE-2024/CVE-2024-470xx/CVE-2024-47093.json | 4 + CVE-2024/CVE-2024-471xx/CVE-2024-47104.json | 6 +- CVE-2024/CVE-2024-471xx/CVE-2024-47119.json | 6 +- CVE-2024/CVE-2024-473xx/CVE-2024-47397.json | 6 +- CVE-2024/CVE-2024-474xx/CVE-2024-47480.json | 6 +- CVE-2024/CVE-2024-478xx/CVE-2024-47810.json | 6 +- CVE-2024/CVE-2024-478xx/CVE-2024-47822.json | 2 +- CVE-2024/CVE-2024-479xx/CVE-2024-47984.json | 4 + CVE-2024/CVE-2024-47xx/CVE-2024-4762.json | 6 +- CVE-2024/CVE-2024-480xx/CVE-2024-48007.json | 4 + CVE-2024/CVE-2024-480xx/CVE-2024-48008.json | 4 + CVE-2024/CVE-2024-488xx/CVE-2024-48872.json | 6 +- CVE-2024/CVE-2024-488xx/CVE-2024-48889.json | 6 +- CVE-2024/CVE-2024-490xx/CVE-2024-49019.json | 2 +- CVE-2024/CVE-2024-490xx/CVE-2024-49039.json | 2 +- CVE-2024/CVE-2024-490xx/CVE-2024-49046.json | 2 +- CVE-2024/CVE-2024-490xx/CVE-2024-49072.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49073.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49074.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49075.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49076.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49077.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49078.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49079.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49080.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49081.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49082.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49083.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49084.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49085.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49086.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49087.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49088.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49089.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49090.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49091.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49092.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49093.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49094.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49095.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49096.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49097.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49098.json | 4 +- CVE-2024/CVE-2024-490xx/CVE-2024-49099.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49101.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49102.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49103.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49104.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49105.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49106.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49107.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49108.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49109.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49110.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49111.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49112.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49113.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49114.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49115.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49116.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49117.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49118.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49119.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49120.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49121.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49122.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49123.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49124.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49125.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49126.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49127.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49128.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49129.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49132.json | 4 +- CVE-2024/CVE-2024-491xx/CVE-2024-49138.json | 2 +- CVE-2024/CVE-2024-491xx/CVE-2024-49194.json | 6 +- CVE-2024/CVE-2024-493xx/CVE-2024-49336.json | 4 + CVE-2024/CVE-2024-493xx/CVE-2024-49363.json | 6 +- CVE-2024/CVE-2024-495xx/CVE-2024-49530.json | 2 +- CVE-2024/CVE-2024-495xx/CVE-2024-49531.json | 2 +- CVE-2024/CVE-2024-495xx/CVE-2024-49532.json | 2 +- CVE-2024/CVE-2024-495xx/CVE-2024-49533.json | 2 +- CVE-2024/CVE-2024-495xx/CVE-2024-49534.json | 2 +- CVE-2024/CVE-2024-495xx/CVE-2024-49576.json | 6 +- CVE-2024/CVE-2024-496xx/CVE-2024-49677.json | 6 +- CVE-2024/CVE-2024-497xx/CVE-2024-49765.json | 4 + CVE-2024/CVE-2024-497xx/CVE-2024-49775.json | 6 +- CVE-2024/CVE-2024-498xx/CVE-2024-49816.json | 6 +- CVE-2024/CVE-2024-498xx/CVE-2024-49817.json | 6 +- CVE-2024/CVE-2024-498xx/CVE-2024-49818.json | 6 +- CVE-2024/CVE-2024-498xx/CVE-2024-49819.json | 6 +- CVE-2024/CVE-2024-498xx/CVE-2024-49820.json | 6 +- CVE-2024/CVE-2024-49xx/CVE-2024-4995.json | 6 +- CVE-2024/CVE-2024-49xx/CVE-2024-4996.json | 6 +- CVE-2024/CVE-2024-505xx/CVE-2024-50570.json | 6 +- CVE-2024/CVE-2024-511xx/CVE-2024-51175.json | 6 +- CVE-2024/CVE-2024-514xx/CVE-2024-51470.json | 6 +- CVE-2024/CVE-2024-514xx/CVE-2024-51471.json | 4 + CVE-2024/CVE-2024-514xx/CVE-2024-51479.json | 6 +- CVE-2024/CVE-2024-515xx/CVE-2024-51532.json | 4 + CVE-2024/CVE-2024-516xx/CVE-2024-51646.json | 6 +- CVE-2024/CVE-2024-523xx/CVE-2024-52361.json | 6 +- CVE-2024/CVE-2024-524xx/CVE-2024-52485.json | 6 +- CVE-2024/CVE-2024-525xx/CVE-2024-52542.json | 6 +- CVE-2024/CVE-2024-525xx/CVE-2024-52579.json | 6 +- CVE-2024/CVE-2024-525xx/CVE-2024-52589.json | 4 + CVE-2024/CVE-2024-525xx/CVE-2024-52590.json | 6 +- CVE-2024/CVE-2024-525xx/CVE-2024-52591.json | 6 +- CVE-2024/CVE-2024-525xx/CVE-2024-52592.json | 6 +- CVE-2024/CVE-2024-525xx/CVE-2024-52593.json | 6 +- CVE-2024/CVE-2024-527xx/CVE-2024-52792.json | 6 +- CVE-2024/CVE-2024-527xx/CVE-2024-52794.json | 4 + CVE-2024/CVE-2024-528xx/CVE-2024-52896.json | 4 + CVE-2024/CVE-2024-528xx/CVE-2024-52897.json | 4 + CVE-2024/CVE-2024-530xx/CVE-2024-53089.json | 2 +- CVE-2024/CVE-2024-530xx/CVE-2024-53090.json | 2 +- CVE-2024/CVE-2024-530xx/CVE-2024-53091.json | 2 +- CVE-2024/CVE-2024-530xx/CVE-2024-53092.json | 2 +- CVE-2024/CVE-2024-530xx/CVE-2024-53093.json | 2 +- CVE-2024/CVE-2024-530xx/CVE-2024-53094.json | 2 +- CVE-2024/CVE-2024-530xx/CVE-2024-53096.json | 2 +- CVE-2024/CVE-2024-530xx/CVE-2024-53097.json | 2 +- CVE-2024/CVE-2024-530xx/CVE-2024-53098.json | 2 +- CVE-2024/CVE-2024-530xx/CVE-2024-53099.json | 2 +- CVE-2024/CVE-2024-531xx/CVE-2024-53100.json | 2 +- CVE-2024/CVE-2024-531xx/CVE-2024-53144.json | 6 +- CVE-2024/CVE-2024-532xx/CVE-2024-53269.json | 4 + CVE-2024/CVE-2024-532xx/CVE-2024-53270.json | 4 + CVE-2024/CVE-2024-532xx/CVE-2024-53271.json | 4 + CVE-2024/CVE-2024-535xx/CVE-2024-53580.json | 4 + CVE-2024/CVE-2024-536xx/CVE-2024-53688.json | 6 +- CVE-2024/CVE-2024-537xx/CVE-2024-53745.json | 2 +- CVE-2024/CVE-2024-539xx/CVE-2024-53991.json | 4 + CVE-2024/CVE-2024-53xx/CVE-2024-5333.json | 6 +- CVE-2024/CVE-2024-540xx/CVE-2024-54083.json | 6 +- CVE-2024/CVE-2024-541xx/CVE-2024-54125.json | 6 +- CVE-2024/CVE-2024-541xx/CVE-2024-54139.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54229.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54231.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54233.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54234.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54235.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54236.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54237.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54238.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54239.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54240.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54241.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54242.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54243.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54244.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54245.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54246.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54248.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54249.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54250.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54252.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54256.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54257.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54258.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54259.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54261.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54262.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54264.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54265.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54266.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54267.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54268.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54270.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54271.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54272.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54273.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54274.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54275.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54276.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54277.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54278.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54279.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54280.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54282.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54283.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54284.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54285.json | 6 +- CVE-2024/CVE-2024-542xx/CVE-2024-54286.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54287.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54288.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54289.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54290.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54292.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54293.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54294.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54295.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54296.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54297.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54298.json | 4 + CVE-2024/CVE-2024-542xx/CVE-2024-54299.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54300.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54301.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54302.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54303.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54304.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54305.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54306.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54307.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54308.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54309.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54310.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54311.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54312.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54313.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54314.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54315.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54316.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54317.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54318.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54319.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54320.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54321.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54322.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54323.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54324.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54325.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54326.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54327.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54328.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54329.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54330.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54331.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54332.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54333.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54334.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54335.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54336.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54337.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54338.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54339.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54340.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54341.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54342.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54343.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54344.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54345.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54346.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54347.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54348.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54349.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54350.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54351.json | 4 + CVE-2024/CVE-2024-543xx/CVE-2024-54352.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54353.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54354.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54355.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54356.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54357.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54358.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54359.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54360.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54361.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54363.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54364.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54365.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54366.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54367.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54368.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54369.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54370.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54372.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54373.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54374.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54375.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54376.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54378.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54379.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54380.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54381.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54382.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54383.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54384.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54385.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54386.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54387.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54388.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54389.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54390.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54391.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54392.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54393.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54394.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54395.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54396.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54397.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54398.json | 6 +- CVE-2024/CVE-2024-543xx/CVE-2024-54399.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54400.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54401.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54402.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54403.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54404.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54405.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54406.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54407.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54408.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54409.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54410.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54411.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54412.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54413.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54414.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54415.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54416.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54417.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54418.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54419.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54420.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54421.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54422.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54423.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54424.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54425.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54426.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54427.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54428.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54429.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54430.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54431.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54432.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54433.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54434.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54435.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54436.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54437.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54438.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54439.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54440.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54441.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54442.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54443.json | 6 +- CVE-2024/CVE-2024-544xx/CVE-2024-54457.json | 6 +- CVE-2024/CVE-2024-546xx/CVE-2024-54662.json | 2 +- CVE-2024/CVE-2024-546xx/CVE-2024-54682.json | 6 +- CVE-2024/CVE-2024-547xx/CVE-2024-54790.json | 4 + CVE-2024/CVE-2024-549xx/CVE-2024-54982.json | 4 + CVE-2024/CVE-2024-549xx/CVE-2024-54983.json | 4 + CVE-2024/CVE-2024-549xx/CVE-2024-54984.json | 4 + CVE-2024/CVE-2024-54xx/CVE-2024-5493.json | 2 +- CVE-2024/CVE-2024-54xx/CVE-2024-5494.json | 2 +- CVE-2024/CVE-2024-54xx/CVE-2024-5495.json | 2 +- CVE-2024/CVE-2024-54xx/CVE-2024-5496.json | 2 +- CVE-2024/CVE-2024-54xx/CVE-2024-5497.json | 2 +- CVE-2024/CVE-2024-54xx/CVE-2024-5498.json | 2 +- CVE-2024/CVE-2024-54xx/CVE-2024-5499.json | 2 +- CVE-2024/CVE-2024-550xx/CVE-2024-55056.json | 6 +- CVE-2024/CVE-2024-550xx/CVE-2024-55057.json | 6 +- CVE-2024/CVE-2024-550xx/CVE-2024-55058.json | 6 +- CVE-2024/CVE-2024-550xx/CVE-2024-55059.json | 6 +- CVE-2024/CVE-2024-550xx/CVE-2024-55081.json | 4 + CVE-2024/CVE-2024-550xx/CVE-2024-55082.json | 4 + CVE-2024/CVE-2024-550xx/CVE-2024-55085.json | 4 + CVE-2024/CVE-2024-550xx/CVE-2024-55086.json | 6 +- CVE-2024/CVE-2024-551xx/CVE-2024-55196.json | 4 + CVE-2024/CVE-2024-552xx/CVE-2024-55231.json | 4 + CVE-2024/CVE-2024-552xx/CVE-2024-55232.json | 4 + CVE-2024/CVE-2024-552xx/CVE-2024-55239.json | 4 + CVE-2024/CVE-2024-554xx/CVE-2024-55451.json | 4 + CVE-2024/CVE-2024-554xx/CVE-2024-55452.json | 4 + CVE-2024/CVE-2024-554xx/CVE-2024-55461.json | 4 + CVE-2024/CVE-2024-554xx/CVE-2024-55492.json | 6 +- CVE-2024/CVE-2024-555xx/CVE-2024-55505.json | 4 + CVE-2024/CVE-2024-555xx/CVE-2024-55506.json | 4 + CVE-2024/CVE-2024-555xx/CVE-2024-55513.json | 6 +- CVE-2024/CVE-2024-555xx/CVE-2024-55514.json | 6 +- CVE-2024/CVE-2024-555xx/CVE-2024-55515.json | 6 +- CVE-2024/CVE-2024-555xx/CVE-2024-55516.json | 6 +- CVE-2024/CVE-2024-556xx/CVE-2024-55603.json | 4 + CVE-2024/CVE-2024-556xx/CVE-2024-55661.json | 4 + CVE-2024/CVE-2024-558xx/CVE-2024-55864.json | 6 +- CVE-2024/CVE-2024-558xx/CVE-2024-55887.json | 4 + CVE-2024/CVE-2024-558xx/CVE-2024-55889.json | 4 + CVE-2024/CVE-2024-558xx/CVE-2024-55890.json | 4 + CVE-2024/CVE-2024-559xx/CVE-2024-55946.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55949.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55951.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55952.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55953.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55969.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55970.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55972.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55973.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55974.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55975.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55976.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55977.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55978.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55979.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55980.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55981.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55982.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55983.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55984.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55985.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55986.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55987.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55988.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55989.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55990.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55992.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55993.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55994.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55996.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55997.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55998.json | 6 +- CVE-2024/CVE-2024-559xx/CVE-2024-55999.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56001.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56003.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56004.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56005.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56007.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56008.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56009.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56010.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56011.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56012.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56013.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56015.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56016.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56017.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56047.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56048.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56049.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56050.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56051.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56052.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56053.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56054.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56055.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56057.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56058.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56059.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56072.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56073.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56074.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56082.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56083.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56084.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56085.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56086.json | 6 +- CVE-2024/CVE-2024-560xx/CVE-2024-56087.json | 6 +- CVE-2024/CVE-2024-561xx/CVE-2024-56112.json | 6 +- CVE-2024/CVE-2024-561xx/CVE-2024-56115.json | 4 + CVE-2024/CVE-2024-561xx/CVE-2024-56116.json | 4 + CVE-2024/CVE-2024-561xx/CVE-2024-56128.json | 6 +- CVE-2024/CVE-2024-561xx/CVE-2024-56140.json | 6 +- CVE-2024/CVE-2024-561xx/CVE-2024-56142.json | 6 +- CVE-2024/CVE-2024-561xx/CVE-2024-56169.json | 6 +- CVE-2024/CVE-2024-561xx/CVE-2024-56170.json | 6 +- CVE-2024/CVE-2024-561xx/CVE-2024-56173.json | 6 +- CVE-2024/CVE-2024-561xx/CVE-2024-56174.json | 6 +- CVE-2024/CVE-2024-561xx/CVE-2024-56175.json | 6 +- CVE-2024/CVE-2024-562xx/CVE-2024-56200.json | 4 + CVE-2024/CVE-2024-563xx/CVE-2024-56317.json | 4 + CVE-2024/CVE-2024-563xx/CVE-2024-56318.json | 4 + CVE-2024/CVE-2024-563xx/CVE-2024-56319.json | 4 + CVE-2024/CVE-2024-60xx/CVE-2024-6001.json | 6 +- CVE-2024/CVE-2024-62xx/CVE-2024-6290.json | 2 +- CVE-2024/CVE-2024-62xx/CVE-2024-6291.json | 2 +- CVE-2024/CVE-2024-62xx/CVE-2024-6292.json | 2 +- CVE-2024/CVE-2024-62xx/CVE-2024-6293.json | 2 +- CVE-2024/CVE-2024-67xx/CVE-2024-6772.json | 2 +- CVE-2024/CVE-2024-67xx/CVE-2024-6773.json | 2 +- CVE-2024/CVE-2024-67xx/CVE-2024-6774.json | 2 +- CVE-2024/CVE-2024-67xx/CVE-2024-6775.json | 2 +- CVE-2024/CVE-2024-67xx/CVE-2024-6776.json | 2 +- CVE-2024/CVE-2024-67xx/CVE-2024-6777.json | 2 +- CVE-2024/CVE-2024-67xx/CVE-2024-6778.json | 2 +- CVE-2024/CVE-2024-67xx/CVE-2024-6779.json | 2 +- CVE-2024/CVE-2024-70xx/CVE-2024-7018.json | 2 +- CVE-2024/CVE-2024-70xx/CVE-2024-7019.json | 2 +- CVE-2024/CVE-2024-70xx/CVE-2024-7020.json | 2 +- CVE-2024/CVE-2024-70xx/CVE-2024-7022.json | 2 +- CVE-2024/CVE-2024-70xx/CVE-2024-7023.json | 2 +- CVE-2024/CVE-2024-70xx/CVE-2024-7024.json | 2 +- CVE-2024/CVE-2024-70xx/CVE-2024-7025.json | 2 +- CVE-2024/CVE-2024-71xx/CVE-2024-7137.json | 4 + CVE-2024/CVE-2024-71xx/CVE-2024-7138.json | 4 + CVE-2024/CVE-2024-71xx/CVE-2024-7139.json | 4 + CVE-2024/CVE-2024-72xx/CVE-2024-7233.json | 2 +- CVE-2024/CVE-2024-72xx/CVE-2024-7256.json | 2 +- CVE-2024/CVE-2024-77xx/CVE-2024-7701.json | 6 +- CVE-2024/CVE-2024-77xx/CVE-2024-7726.json | 4 + CVE-2024/CVE-2024-79xx/CVE-2024-7970.json | 2 +- CVE-2024/CVE-2024-80xx/CVE-2024-8058.json | 6 +- CVE-2024/CVE-2024-81xx/CVE-2024-8116.json | 6 +- CVE-2024/CVE-2024-83xx/CVE-2024-8326.json | 6 +- CVE-2024/CVE-2024-83xx/CVE-2024-8362.json | 2 +- CVE-2024/CVE-2024-84xx/CVE-2024-8429.json | 6 +- CVE-2024/CVE-2024-84xx/CVE-2024-8475.json | 6 +- CVE-2024/CVE-2024-86xx/CVE-2024-8650.json | 6 +- CVE-2024/CVE-2024-87xx/CVE-2024-8798.json | 6 +- CVE-2024/CVE-2024-88xx/CVE-2024-8809.json | 2 +- CVE-2024/CVE-2024-88xx/CVE-2024-8811.json | 2 +- CVE-2024/CVE-2024-89xx/CVE-2024-8904.json | 2 +- CVE-2024/CVE-2024-89xx/CVE-2024-8905.json | 2 +- CVE-2024/CVE-2024-89xx/CVE-2024-8972.json | 6 +- CVE-2024/CVE-2024-91xx/CVE-2024-9101.json | 4 + CVE-2024/CVE-2024-91xx/CVE-2024-9102.json | 4 + CVE-2024/CVE-2024-91xx/CVE-2024-9120.json | 2 +- CVE-2024/CVE-2024-91xx/CVE-2024-9121.json | 2 +- CVE-2024/CVE-2024-91xx/CVE-2024-9122.json | 2 +- CVE-2024/CVE-2024-91xx/CVE-2024-9123.json | 2 +- CVE-2024/CVE-2024-91xx/CVE-2024-9154.json | 4 + CVE-2024/CVE-2024-92xx/CVE-2024-9257.json | 2 +- CVE-2024/CVE-2024-93xx/CVE-2024-9341.json | 2 +- CVE-2024/CVE-2024-93xx/CVE-2024-9369.json | 2 +- CVE-2024/CVE-2024-96xx/CVE-2024-9602.json | 2 +- CVE-2024/CVE-2024-96xx/CVE-2024-9603.json | 2 +- CVE-2024/CVE-2024-96xx/CVE-2024-9608.json | 4 + CVE-2024/CVE-2024-96xx/CVE-2024-9619.json | 4 + CVE-2024/CVE-2024-96xx/CVE-2024-9624.json | 6 +- CVE-2024/CVE-2024-96xx/CVE-2024-9654.json | 6 +- CVE-2024/CVE-2024-96xx/CVE-2024-9665.json | 2 +- CVE-2024/CVE-2024-96xx/CVE-2024-9675.json | 2 +- CVE-2024/CVE-2024-96xx/CVE-2024-9676.json | 2 +- CVE-2024/CVE-2024-96xx/CVE-2024-9678.json | 6 +- CVE-2024/CVE-2024-96xx/CVE-2024-9679.json | 6 +- CVE-2024/CVE-2024-96xx/CVE-2024-9698.json | 6 +- CVE-2024/CVE-2024-97xx/CVE-2024-9710.json | 2 +- CVE-2024/CVE-2024-97xx/CVE-2024-9779.json | 6 +- CVE-2024/CVE-2024-98xx/CVE-2024-9819.json | 6 +- CVE-2024/CVE-2024-98xx/CVE-2024-9859.json | 2 +- CVE-2024/CVE-2024-99xx/CVE-2024-9945.json | 4 + CVE-2024/CVE-2024-99xx/CVE-2024-9955.json | 2 +- CVE-2024/CVE-2024-99xx/CVE-2024-9956.json | 2 +- CVE-2024/CVE-2024-99xx/CVE-2024-9957.json | 2 +- CVE-2024/CVE-2024-99xx/CVE-2024-9959.json | 2 +- CVE-2024/CVE-2024-99xx/CVE-2024-9960.json | 2 +- CVE-2024/CVE-2024-99xx/CVE-2024-9961.json | 2 +- README.md | 39 +- _state.csv | 2219 ++++++++++--------- 1111 files changed, 5157 insertions(+), 1915 deletions(-) create mode 100644 CVE-2024/CVE-2024-118xx/CVE-2024-11852.json diff --git a/CVE-2015/CVE-2015-03xx/CVE-2015-0310.json b/CVE-2015/CVE-2015-03xx/CVE-2015-0310.json index 7645218fbfa..0fb0c41e9e0 100644 --- a/CVE-2015/CVE-2015-03xx/CVE-2015-0310.json +++ b/CVE-2015/CVE-2015-03xx/CVE-2015-0310.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@adobe.com", "published": "2015-01-23T21:59:00.050", "lastModified": "2024-11-21T02:22:47.480", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { diff --git a/CVE-2020/CVE-2020-124xx/CVE-2020-12484.json b/CVE-2020/CVE-2020-124xx/CVE-2020-12484.json index e8fb219fc45..389ca23bdeb 100644 --- a/CVE-2020/CVE-2020-124xx/CVE-2020-12484.json +++ b/CVE-2020/CVE-2020-124xx/CVE-2020-12484.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@vivo.com", "published": "2024-12-17T03:15:05.613", "lastModified": "2024-12-17T03:15:05.613", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks." + }, + { + "lang": "es", + "value": "Al usar el modo especial para conectarse a una red wifi empresarial, ciertas opciones no est\u00e1n configuradas correctamente y los atacantes pueden hacerse pasar por una red wifi empresarial a trav\u00e9s de una red wifi cuidadosamente construida con el mismo nombre, lo que puede conducir a ataques de intermediario." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-124xx/CVE-2020-12487.json b/CVE-2020/CVE-2020-124xx/CVE-2020-12487.json index a825256d7b5..01ce38cc3f4 100644 --- a/CVE-2020/CVE-2020-124xx/CVE-2020-12487.json +++ b/CVE-2020/CVE-2020-124xx/CVE-2020-12487.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@vivo.com", "published": "2024-12-17T03:15:06.453", "lastModified": "2024-12-17T03:15:06.453", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege." + }, + { + "lang": "es", + "value": "Debido a las fallas en la verificaci\u00f3n de los par\u00e1metros de entrada, el atacante puede ingresar comandos cuidadosamente construidos para hacer que el servicio ABE ejecute algunos comandos con privilegios de superusuario." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-128xx/CVE-2020-12819.json b/CVE-2020/CVE-2020-128xx/CVE-2020-12819.json index 4f76fabd295..59000238646 100644 --- a/CVE-2020/CVE-2020-128xx/CVE-2020-12819.json +++ b/CVE-2020/CVE-2020-128xx/CVE-2020-12819.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el mont\u00f3n durante el procesamiento de mensajes del Protocolo de control de enlaces en las versiones 5.6.12, 6.0.10, 6.2.4 y 6.4.1 y anteriores de FortiGate puede permitir que un atacante remoto con credenciales de VPN SSL v\u00e1lidas bloquee el daemon de VPN SSL mediante el env\u00edo de un paquete LCP de gran tama\u00f1o cuando el modo t\u00fanel est\u00e1 habilitado. La ejecuci\u00f3n de c\u00f3digo arbitrario puede ser te\u00f3ricamente posible, aunque en la pr\u00e1ctica es muy dif\u00edcil de lograr en este contexto" } ], "metrics": { diff --git a/CVE-2020/CVE-2020-128xx/CVE-2020-12820.json b/CVE-2020/CVE-2020-128xx/CVE-2020-12820.json index be57746caf6..f5e87253a3f 100644 --- a/CVE-2020/CVE-2020-128xx/CVE-2020-12820.json +++ b/CVE-2020/CVE-2020-128xx/CVE-2020-12820.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter." + }, + { + "lang": "es", + "value": "En una configuraci\u00f3n no predeterminada, un desbordamiento de b\u00fafer basado en pila en FortiOS versi\u00f3n 6.0.10 y anteriores, versi\u00f3n 5.6.12 y anteriores puede permitir que un atacante remoto autenticado en la VPN SSL bloquee el daemon NAC de FortiClient (fcnacd) y potencialmente ejecute c\u00f3digo arbitrario mediante la solicitud de un nombre de archivo FortiClient grande. No tenemos conocimiento de ning\u00fan c\u00f3digo de prueba de concepto que logre esto \u00faltimo con \u00e9xito." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-159xx/CVE-2020-15934.json b/CVE-2020/CVE-2020-159xx/CVE-2020-15934.json index e9ba8461388..a08bd64c477 100644 --- a/CVE-2020/CVE-2020-159xx/CVE-2020-15934.json +++ b/CVE-2020/CVE-2020-159xx/CVE-2020-15934.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de ejecuci\u00f3n con privilegios innecesarios en el motor VCM de FortiClient para Linux versiones 6.2.7 y anteriores, versi\u00f3n 6.4.0, puede permitir que usuarios locales eleven sus privilegios a superusuario mediante la creaci\u00f3n de un script o programa malicioso en la m\u00e1quina de destino." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-69xx/CVE-2020-6923.json b/CVE-2020/CVE-2020-69xx/CVE-2020-6923.json index 9a673ea2c2a..546f3d1b1ad 100644 --- a/CVE-2020/CVE-2020-69xx/CVE-2020-6923.json +++ b/CVE-2020/CVE-2020-69xx/CVE-2020-6923.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow." + }, + { + "lang": "es", + "value": "El software HP Linux Imaging and Printing (HPLIP) puede verse afectado por un desbordamiento del b\u00fafer de memoria." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-205xx/CVE-2021-20553.json b/CVE-2021/CVE-2021-205xx/CVE-2021-20553.json index 458e49fb8f9..da5bc65bf5d 100644 --- a/CVE-2021/CVE-2021-205xx/CVE-2021-20553.json +++ b/CVE-2021/CVE-2021-205xx/CVE-2021-20553.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 a 6.1.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-225xx/CVE-2021-22501.json b/CVE-2021/CVE-2021-225xx/CVE-2021-22501.json index c13316f4e2d..185ab71d024 100644 --- a/CVE-2021/CVE-2021-225xx/CVE-2021-22501.json +++ b/CVE-2021/CVE-2021-225xx/CVE-2021-22501.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Restriction of XML External Entity Reference vulnerability in OpenText\u2122 Operations Bridge Manager allows Input Data Manipulation.\u00a0\n\nThe vulnerability could be exploited to confidential information\n\nThis issue affects Operations Bridge Manager: 2017.05, 2017.11, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10." + }, + { + "lang": "es", + "value": "La vulnerabilidad de restricci\u00f3n incorrecta de referencia de entidad externa XML en OpenText\u2122 Operations Bridge Manager permite la manipulaci\u00f3n de datos de entrada. La vulnerabilidad podr\u00eda aprovecharse para obtener informaci\u00f3n confidencial. Este problema afecta a Operations Bridge Manager: 2017.05, 2017.11, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-260xx/CVE-2021-26093.json b/CVE-2021/CVE-2021-260xx/CVE-2021-26093.json index 3021ec647be..6d3b9e7c437 100644 --- a/CVE-2021/CVE-2021-260xx/CVE-2021-26093.json +++ b/CVE-2021/CVE-2021-260xx/CVE-2021-26093.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An access of uninitialized pointer (CWE-824) vulnerability\u00a0in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point\u00a0being managed by the controller by executing a crafted CLI command." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de acceso a un puntero no inicializado (CWE-824) en FortiWLC versiones 8.6.0, 8.5.3 y anteriores puede permitir que un atacante local y autenticado bloquee el punto de acceso administrado por el controlador mediante la ejecuci\u00f3n de un comando CLI manipulado espec\u00edficamente." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-261xx/CVE-2021-26102.json b/CVE-2021/CVE-2021-261xx/CVE-2021-26102.json index 03a9956985b..4b3557f01d5 100644 --- a/CVE-2021/CVE-2021-261xx/CVE-2021-26102.json +++ b/CVE-2021/CVE-2021-261xx/CVE-2021-26102.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de path traversal relativo (CWE-23) en FortiWAN versi\u00f3n 4.5.7 y anteriores, 4.4 y todas las versiones puede permitir que un atacante remoto no autenticado elimine archivos del sistema mediante el env\u00edo de una solicitud POST manipulada. En particular, la eliminaci\u00f3n de archivos de configuraci\u00f3n espec\u00edficos restablecer\u00e1 la contrase\u00f1a de administrador a su valor predeterminado." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-261xx/CVE-2021-26115.json b/CVE-2021/CVE-2021-261xx/CVE-2021-26115.json index 1997647bb7f..67521103ce8 100644 --- a/CVE-2021/CVE-2021-261xx/CVE-2021-26115.json +++ b/CVE-2021/CVE-2021-261xx/CVE-2021-26115.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de comando del sistema operativo (CWE-78) en la interfaz de l\u00ednea de comandos de FortiWAN versi\u00f3n 4.5.7 y anteriores puede permitir que un atacante local, autenticado y sin privilegios escale sus privilegios a superusuario mediante la ejecuci\u00f3n de un comando especialmente manipulado.Una vulnerabilidad de inyecci\u00f3n de comando del sistema operativo (CWE-78) en la interfaz de l\u00ednea de comandos de FortiWAN puede permitir que un atacante local, autenticado y sin privilegios escale sus privilegios a superusuario mediante la ejecuci\u00f3n de un comando especialmente manipulado." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-262xx/CVE-2021-26278.json b/CVE-2021/CVE-2021-262xx/CVE-2021-26278.json index 0276869403c..9aebdd312c3 100644 --- a/CVE-2021/CVE-2021-262xx/CVE-2021-26278.json +++ b/CVE-2021/CVE-2021-262xx/CVE-2021-26278.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@vivo.com", "published": "2024-12-17T03:15:06.573", "lastModified": "2024-12-17T03:15:06.573", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device." + }, + { + "lang": "es", + "value": "El m\u00f3dulo wifi expone la interfaz y tiene un control de permisos indebido, filtrando informaci\u00f3n confidencial sobre el dispositivo." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-262xx/CVE-2021-26279.json b/CVE-2021/CVE-2021-262xx/CVE-2021-26279.json index e78bb590659..56566c9b546 100644 --- a/CVE-2021/CVE-2021-262xx/CVE-2021-26279.json +++ b/CVE-2021/CVE-2021-262xx/CVE-2021-26279.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@vivo.com", "published": "2024-12-17T04:15:05.333", "lastModified": "2024-12-17T04:15:05.333", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Some parameters of the weather module are improperly stored, leaking some sensitive information." + }, + { + "lang": "es", + "value": "Algunos par\u00e1metros del m\u00f3dulo meteorol\u00f3gico se almacenan incorrectamente, lo que da lugar a una filtraci\u00f3n de informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-262xx/CVE-2021-26280.json b/CVE-2021/CVE-2021-262xx/CVE-2021-26280.json index a58741e9188..5d1553a2e1a 100644 --- a/CVE-2021/CVE-2021-262xx/CVE-2021-26280.json +++ b/CVE-2021/CVE-2021-262xx/CVE-2021-26280.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@vivo.com", "published": "2024-12-17T07:15:05.343", "lastModified": "2024-12-17T07:15:05.343", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Locally installed application can bypass the permission check and perform system operations that require permission." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n instalada localmente puede eludir la verificaci\u00f3n de permisos y realizar operaciones del sistema que requieren permiso." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-262xx/CVE-2021-26281.json b/CVE-2021/CVE-2021-262xx/CVE-2021-26281.json index d0a751e1c8a..7b63590b7f5 100644 --- a/CVE-2021/CVE-2021-262xx/CVE-2021-26281.json +++ b/CVE-2021/CVE-2021-262xx/CVE-2021-26281.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@vivo.com", "published": "2024-12-17T07:15:05.927", "lastModified": "2024-12-17T07:15:05.927", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Some parameters of the alarm clock module are improperly stored, leaking some sensitive information." + }, + { + "lang": "es", + "value": "Algunos par\u00e1metros del m\u00f3dulo del despertador se almacenan incorrectamente, lo que da lugar a una filtraci\u00f3n de informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-298xx/CVE-2021-29827.json b/CVE-2021/CVE-2021-298xx/CVE-2021-29827.json index 957d4fa16a3..d3b98b25d70 100644 --- a/CVE-2021/CVE-2021-298xx/CVE-2021-29827.json +++ b/CVE-2021/CVE-2021-298xx/CVE-2021-29827.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim." + }, + { + "lang": "es", + "value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un atacante remoto secuestrara la acci\u00f3n de clic de la v\u00edctima. Al persuadir a la v\u00edctima para que visite un sitio web malicioso, un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para secuestrar las acciones de clic de la v\u00edctima y posiblemente lanzar m\u00e1s ataques contra ella." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-325xx/CVE-2021-32589.json b/CVE-2021/CVE-2021-325xx/CVE-2021-32589.json index 73430839438..bf8e6568189 100644 --- a/CVE-2021/CVE-2021-325xx/CVE-2021-32589.json +++ b/CVE-2021/CVE-2021-325xx/CVE-2021-32589.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Use After Free (CWE-416) en FortiManager versi\u00f3n 7.0.0, versi\u00f3n 6.4.5 y anteriores, versi\u00f3n 6.2.7 y anteriores, versi\u00f3n 6.0.10 y anteriores, versi\u00f3n 5.6.10 y anteriores, versi\u00f3n 5.4.7 y anteriores, versi\u00f3n 5.2.10 y anteriores, versi\u00f3n 5.0.12 y anteriores y FortiAnalyzer versi\u00f3n 7.0.0, versi\u00f3n 6.4.5 y anteriores, versi\u00f3n 6.2.7 y anteriores, versi\u00f3n 6.0.10 y anteriores, versi\u00f3n 5.6.10 y anteriores, versi\u00f3n 5.4.7 y anteriores, versi\u00f3n 5.3.11, versi\u00f3n 5.2.10 a 5.2.4 del daemon fgfmsd puede permitir que un atacante remoto no autenticado ejecute c\u00f3digo no autorizado como superusuario mediante el env\u00edo de una solicitud espec\u00edficamente manipulada al puerto fgfm del dispositivo de destino." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-380xx/CVE-2021-38023.json b/CVE-2021/CVE-2021-380xx/CVE-2021-38023.json index 2c1eea44ae7..ff947b4b508 100644 --- a/CVE-2021/CVE-2021-380xx/CVE-2021-38023.json +++ b/CVE-2021/CVE-2021-380xx/CVE-2021-38023.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-23T22:15:02.763", "lastModified": "2024-09-26T13:32:55.343", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-390xx/CVE-2021-39081.json b/CVE-2021/CVE-2021-390xx/CVE-2021-39081.json index 00d0ee68ec8..967a778a5da 100644 --- a/CVE-2021/CVE-2021-390xx/CVE-2021-39081.json +++ b/CVE-2021/CVE-2021-390xx/CVE-2021-39081.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information." + }, + { + "lang": "es", + "value": "IBM Cognos Analytics Mobile para Android 1.1.14 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46979.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46979.json index 0caf6dcb244..40dbc2d4135 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46979.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46979.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.230", "lastModified": "2024-11-21T06:35:06.310", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46980.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46980.json index 40b41df0c16..2c967dc74ae 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46980.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46980.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.273", "lastModified": "2024-11-21T06:35:06.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46982.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46982.json index 1fbf42981bc..c028fc5b5a5 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46982.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46982.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.367", "lastModified": "2024-11-21T06:35:06.777", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46986.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46986.json index 1b70dfe48bf..bf3112e525e 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46986.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46986.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.540", "lastModified": "2024-11-21T06:35:07.760", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46988.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46988.json index eb988a46550..30d47c74299 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46988.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46988.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.640", "lastModified": "2024-11-21T06:35:08.027", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46990.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46990.json index ddc57d64836..d7b67c46b20 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46990.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46990.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.733", "lastModified": "2024-11-21T06:35:08.370", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46992.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46992.json index b588463a12d..12c41823da7 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46992.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46992.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.833", "lastModified": "2024-11-21T06:35:08.643", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46993.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46993.json index 161b1b8747a..bf829da0b39 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46993.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46993.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.880", "lastModified": "2024-11-21T06:35:08.777", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46997.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46997.json index 863b42cbd1c..f6d72fbd5e4 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46997.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46997.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:38.047", "lastModified": "2024-11-21T06:35:09.237", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-275xx/CVE-2022-27595.json b/CVE-2022/CVE-2022-275xx/CVE-2022-27595.json index 9e5ab2550c6..5f750f1232c 100644 --- a/CVE-2022/CVE-2022-275xx/CVE-2022-27595.json +++ b/CVE-2022/CVE-2022-275xx/CVE-2022-27595.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands.\n\nWe have already fixed the vulnerability in the following versions:\nQVPN Windows 2.0.0.1316 and later\nQVPN Windows 2.0.0.1310 and later" + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad de carga de librer\u00edas inseguras que afecta a QVPN Device Client. Si se explota, la vulnerabilidad podr\u00eda permitir que atacantes locales que hayan obtenido acceso de usuario ejecuten c\u00f3digo o comandos no autorizados. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QVPN Windows 2.0.0.1316 y posteriores QVPN Windows 2.0.0.1310 y posteriores" } ], "metrics": { diff --git a/CVE-2022/CVE-2022-276xx/CVE-2022-27600.json b/CVE-2022/CVE-2022-276xx/CVE-2022-27600.json index 4a037870929..4709ed91e5d 100644 --- a/CVE-2022/CVE-2022-276xx/CVE-2022-27600.json +++ b/CVE-2022/CVE-2022-276xx/CVE-2022-27600.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later" + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad de consumo de recursos no controlado que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a atacantes remotos lanzar un ataque de denegaci\u00f3n de servicio (DoS). Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2277 y posteriores QTS 4.5.4.2280 compilaci\u00f3n 20230112 y posteriores QuTS hero h5.0.1.2277 compilaci\u00f3n 20230112 y posteriores QuTS hero h4.5.4.2374 compilaci\u00f3n 20230417 y posteriores QuTScloud c5.0.1.2374 y posteriores" } ], "metrics": { diff --git a/CVE-2022/CVE-2022-339xx/CVE-2022-33954.json b/CVE-2022/CVE-2022-339xx/CVE-2022-33954.json index ba6d58b083d..905e254cb60 100644 --- a/CVE-2022/CVE-2022-339xx/CVE-2022-33954.json +++ b/CVE-2022/CVE-2022-339xx/CVE-2022-33954.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials." + }, + { + "lang": "es", + "value": "IBM Robotic Process Automation 21.0.1, 21.0.2 y 21.0.3 podr\u00edan permitir que un usuario con acceso f\u00edsico al sistema obtenga informaci\u00f3n confidencial debido a credenciales insuficientemente protegidas." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-407xx/CVE-2022-40732.json b/CVE-2022/CVE-2022-407xx/CVE-2022-40732.json index 36f5629bc08..c7007beb24b 100644 --- a/CVE-2022/CVE-2022-407xx/CVE-2022-40732.json +++ b/CVE-2022/CVE-2022-407xx/CVE-2022-40732.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de violaci\u00f3n de acceso en la funcionalidad DirectComposition del controlador win32kbase.sys versi\u00f3n 10.0.22000.593 como parte de Windows 11 versi\u00f3n 22000.593 y versi\u00f3n 10.0.20348.643 como parte de Windows Server 2022 versi\u00f3n 20348.643. Un conjunto de llamadas al sistema especialmente manipulado puede provocar un reinicio. Un usuario sin privilegios puede ejecutar c\u00f3digo especialmente manipulado para activar una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-407xx/CVE-2022-40733.json b/CVE-2022/CVE-2022-407xx/CVE-2022-40733.json index d44eaed2404..8e215e568e9 100644 --- a/CVE-2022/CVE-2022-407xx/CVE-2022-40733.json +++ b/CVE-2022/CVE-2022-407xx/CVE-2022-40733.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de violaci\u00f3n de acceso en la funcionalidad DirectComposition del controlador win32kbase.sys versi\u00f3n 10.0.22000.593 como parte de Windows 11 versi\u00f3n 22000.593 y versi\u00f3n 10.0.20348.643 como parte de Windows Server 2022 versi\u00f3n 20348.643. Un conjunto de llamadas al sistema especialmente manipulado puede provocar un reinicio. Un usuario sin privilegios puede ejecutar c\u00f3digo especialmente manipulado para activar una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43472.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43472.json index 25a12b2f3a7..8cb7bdf8703 100644 --- a/CVE-2022/CVE-2022-434xx/CVE-2022-43472.json +++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43472.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in StylemixThemes eRoom \u2013 Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom \u2013 Zoom Meetings & Webinar: from n/a through 1.4.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en StylemixThemes eRoom \u2013 Zoom Meetings y Webinar permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a eRoom \u2013 Zoom Meetings y Webinar: desde n/a hasta 1.4.6." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43880.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43880.json index 3d7b972a743..260c26b4d75 100644 --- a/CVE-2022/CVE-2022-438xx/CVE-2022-43880.json +++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43880.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-03-03T16:15:49.570", "lastModified": "2024-11-21T07:27:19.277", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44512.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44512.json index d883f54eeb3..a207f31848a 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44512.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44512.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.001.20085 (y anteriores), 20.005.3031x (y anteriores) y 17.012.30205 (y anteriores) de Acrobat Reader DC se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44513.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44513.json index d70556739e6..e571e874f2b 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44513.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44513.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.001.20085 (y anteriores), 20.005.3031x (y anteriores) y 17.012.30205 (y anteriores) de Acrobat Reader DC se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44514.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44514.json index d59abdb78c8..bdb49e42f24 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44514.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44514.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.001.20085 (y anteriores), 20.005.3031x (y anteriores) y 17.012.30205 (y anteriores) de Acrobat Reader DC se ven afectadas por una vulnerabilidad de use after free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44515.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44515.json index e4fa3610956..bee935ae3e9 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44515.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44515.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.001.20085 (y anteriores), 20.005.3031x (y anteriores) y 17.012.30205 (y anteriores) de Acrobat Reader DC se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda provocar una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44516.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44516.json index 9cf83e77991..d31c860248b 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44516.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44516.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.001.20085 (y anteriores), 20.005.3031x (y anteriores) y 17.012.30205 (y anteriores) de Acrobat Reader DC se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda provocar una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44517.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44517.json index 32e159a34a7..10b5a114366 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44517.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44517.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.001.20085 (y anteriores), 20.005.3031x (y anteriores) y 17.012.30205 (y anteriores) de Acrobat Reader DC se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda provocar una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44518.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44518.json index 5c3321fce1b..92a89995245 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44518.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44518.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.001.20085 (y anteriores), 20.005.3031x (y anteriores) y 17.012.30205 (y anteriores) de Acrobat Reader DC se ven afectadas por una vulnerabilidad de use after free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44519.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44519.json index 0ea87220f69..ab4e620c330 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44519.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44519.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.001.20085 (y anteriores), 20.005.3031x (y anteriores) y 17.012.30205 (y anteriores) de Acrobat Reader DC se ven afectadas por una vulnerabilidad de use after free que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44520.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44520.json index 0994bddb31a..563ce34b7d3 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44520.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44520.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.001.20085 (y anteriores), 20.005.3031x (y anteriores) y 17.012.30205 (y anteriores) de Acrobat Reader DC se ven afectadas por una vulnerabilidad de use after free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44578.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44578.json index fb9610fd05e..128a1db11ad 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44578.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44578.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Pierre JEHAN Owl Carousel permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Owl Carousel: desde n/a hasta 0.5.3." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45806.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45806.json index 2f9aa0cf982..687fa0fb42b 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45806.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45806.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Strategy11 Form Builder Team Formidable Forms permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Formidable Forms: desde n/a hasta 5.5.4." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45819.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45819.json index 1a2f5eacd3f..c5eec085dfb 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45819.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45819.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Popup Maker Popup Maker permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Popup Maker: desde n/a hasta 1.17.1." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45826.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45826.json index 497e8dc805f..4d595ca2784 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45826.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45826.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en WP Sunshine Sunshine Photo Cart permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Sunshine Photo Cart: desde n/a hasta 2.9.13." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45840.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45840.json index 0695f6debd4..73f60db8810 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45840.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45840.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Lucian Apostol Auto Affiliate Links permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los enlaces de afiliados autom\u00e1ticos: desde n/a hasta 6.2.1.5." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45841.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45841.json index fc0c589ae4c..597c7a29a9a 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45841.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45841.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en RoboSoft Robo Gallery permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Robo Gallery: desde n/a hasta 3.2.9." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46795.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46795.json index 61d2ddb01ca..94a0325e634 100644 --- a/CVE-2022/CVE-2022-467xx/CVE-2022-46795.json +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46795.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Tyche Softwares Print Invoice & Delivery Notes for WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Print Invoice y Delivery Notes para WooCommerce: desde n/a hasta 4.7.2." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46796.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46796.json index 9fbe4eb6ea1..ee8253f0bee 100644 --- a/CVE-2022/CVE-2022-467xx/CVE-2022-46796.json +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46796.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en VillaTheme CURCY permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a CURCY: desde n/a hasta 2.1.25." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46807.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46807.json index 460b86d2dcc..96d2e0ace49 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46807.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46807.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Lauri Karisola / WP Trio Stock Sync para WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Stock Sync para WooCommerce: desde n/a hasta 2.3.2." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46811.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46811.json index 632aa590c46..807b4a78ab7 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46811.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46811.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD \u2013 Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en VillaTheme (villatheme.com) ALD \u2013 Dropshipping and Fulfillment para AliExpress y WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a ALD \u2013 Dropshipping and Fulfillment para AliExpress y WooCommerce: desde n/a hasta 1.0.21." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46838.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46838.json index 6f4a30c3706..d39d2a1ee3c 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46838.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46838.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk \u2013 Best Help Desk & Support Plugin: from n/a through 2.7.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a JS Help Desk \u2013 Best Help Desk & Support Plugin: desde n/a hasta 2.7.1." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46840.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46840.json index 1e39f85db08..81ebf20a6d1 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46840.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46840.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk \u2013 Best Help Desk & Support Plugin: from n/a through 2.7.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en JS Help Desk JS Help Desk \u2013 Best Help Desk y Support Plugin permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a JS Help Desk \u2013 Best Help Desk y Support Plugin: desde n/a hasta 2.7.1." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46846.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46846.json index e40c4d181b8..4d25c1d4b15 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46846.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46846.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trending/Popular Post Slider and Widget: from n/a through 1.5.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en WP OnlineSupport, Essential Plugin Trending/Popular Post Slider y Widget permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al control deslizante de publicaciones populares/tendencias y al widget: desde n/a hasta 1.5.7." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47168.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47168.json index 000ba893aff..c507b2f8b01 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47168.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47168.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Printful Printful Integration for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooCommerce: from n/a through 2.2.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Printful Integration para WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Printful Integration para WooCommerce: desde n/a hasta 2.2.3." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47176.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47176.json index 36959aed35b..55febda64ce 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47176.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47176.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Depicter Slider y Popup de Averta Depicter Slider permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Depicter Slider: desde n/a hasta 1.9.0." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47182.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47182.json index 855b76fbd38..78693862fc5 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47182.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47182.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for WooCommerce: from n/a through 4.4.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Wpexpertsio APIExperts Square para WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a APIExperts Square para WooCommerce: desde n/a hasta 4.4.1." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47429.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47429.json index 32b06798f30..45a17976c36 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47429.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47429.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Page and Maintenance Mode WordPress Plugin: from n/a through 2.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin permite recuperar datos confidenciales integrados. Este problema afecta a la p\u00e1gina de destino Coming Soon y al complemento de modo de mantenimiento de WordPress: desde n/a hasta 2.2.0." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47594.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47594.json index 6e6cffdca4d..bcead13c65e 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47594.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47594.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en WPDeveloper Essential Blocks para Gutenberg permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Essential Blocks para Gutenberg: desde n/a hasta 3.8.5." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48695.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48695.json index beaa9a9af5a..1ce71ead0cb 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48695.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48695.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-03T18:15:08.247", "lastModified": "2024-11-21T07:33:48.257", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21586.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21586.json index 9be0ee566a1..05c34290b7e 100644 --- a/CVE-2023/CVE-2023-215xx/CVE-2023-21586.json +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21586.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 22.003.20282 (y anteriores), 22.003.20281 (y anteriores) y 20.005.30418 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de desreferencia de puntero nulo. Un atacante no autenticado podr\u00eda aprovechar esta vulnerabilidad para lograr una denegaci\u00f3n de servicio de la aplicaci\u00f3n en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22697.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22697.json index 9a30b0c739c..d4c11a173c2 100644 --- a/CVE-2023/CVE-2023-226xx/CVE-2023-22697.json +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22697.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Survey Maker team Survey Maker permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Survey Maker: desde n/a hasta 3.2.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23354.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23354.json index 82333b56574..1fbf4dc2a98 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23354.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23354.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later" + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad de cross-site scripting (XSS) que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a atacantes remotos que hayan obtenido acceso de usuario eludir los mecanismos de seguridad o leer datos de la aplicaci\u00f3n. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QuLog Center 1.5.0.738 (06/03/2023) y posteriores QuLog Center 1.4.1.691 (01/03/2023) y posteriores QuLog Center 1.3.1.645 (22/02/2023) y posteriores" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23356.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23356.json index 7d8cdbdddf1..d45b950db9c 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23356.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23356.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQuFirewall 2.3.3 ( 2023/03/27 ) and later\n and later" + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n de comandos que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir que atacantes remotos que hayan obtenido acceso de administrador ejecuten comandos arbitrarios. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QuFirewall 2.3.3 (2023/03/27) y posteriores." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23357.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23357.json index d315e8a7f6f..2efbcf6da0e 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23357.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23357.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.5.0.738 ( 2023/03/06 ) and later\nQuLog Center 1.4.1.691 ( 2023/03/01 ) and later\nQuLog Center 1.3.1.645 ( 2023/02/22 ) and later" + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad de cross-site scripting (XSS) que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a atacantes remotos que hayan obtenido acceso de administrador eludir los mecanismos de seguridad o leer datos de la aplicaci\u00f3n. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QuLog Center 1.5.0.738 (06/03/2023) y posteriores QuLog Center 1.4.1.691 (01/03/2023) y posteriores QuLog Center 1.3.1.645 (22/02/2023) y posteriores" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25988.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25988.json index 335f02e3519..267ea4a947c 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25988.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25988.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery \u2013 YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery \u2013 YouTube Gallery: from n/a through 1.7.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Video Gallery de Total-Soft Video Gallery \u2013 YouTube Gallery permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Video Gallery \u2013 YouTube Gallery: desde n/a hasta 1.7.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27291.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27291.json index 9ef070c6d79..5ffeaddf056 100644 --- a/CVE-2023/CVE-2023-272xx/CVE-2023-27291.json +++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27291.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-03-03T16:15:49.777", "lastModified": "2024-11-21T07:52:35.513", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27456.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27456.json index f9de41cab2e..b1cac82928d 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27456.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27456.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en HashThemes Total permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Total: desde n/a hasta 2.1.19." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28990.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28990.json index 15fc95d6980..d4305097e8f 100644 --- a/CVE-2023/CVE-2023-289xx/CVE-2023-28990.json +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28990.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en HashThemes Viral Mag permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Viral Mag: desde n/a hasta 1.0.9." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29476.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29476.json index eb9c7c576b9..1cc1cd73217 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29476.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29476.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-14T02:15:05.010", "lastModified": "2024-12-16T18:15:05.407", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to intentionally malformed client requests. This is fixed in 2.88.2+, 2.89.1+, and 2.90.1+." + }, + { + "lang": "es", + "value": "En Menlo On-Premise Appliance anterior a la versi\u00f3n 2.88, es posible que la pol\u00edtica web no se aplique de manera correcta y consistente a las solicitudes de clientes malformadas intencionalmente. Esto se solucion\u00f3 en las versiones 2.88.2+, 2.89.1+ y 2.90.1+." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30443.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30443.json index 0a2ac6ff13b..bd18e091d89 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30443.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30443.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query." + }, + { + "lang": "es", + "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegaci\u00f3n de servicio con una consulta especialmente manipulada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30490.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30490.json index 817ed8abff6..b68e9f4a98f 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30490.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30490.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Matthew Ruddy Easing Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easing Slider : from n/a through 3.0.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Matthew Ruddy Easing Slider permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Easing Slider: desde n/a hasta 3.0.8." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32506.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32506.json index 6d02713243d..292ed51b577 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32506.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32506.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Link Whisper Link Whisper Free permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Link Whisper Free: desde n/a hasta 0.6.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32507.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32507.json index f1f3a4cec7a..b242a8aeb64 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32507.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32507.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en wp3sixty Woo Custom Emails permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los correos electr\u00f3nicos personalizados de Woo: desde n/a hasta 2.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32519.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32519.json index 96107260d9f..172c283785f 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32519.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32519.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Webcodin WCP Contact Form permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al formulario de contacto de WCP: desde n/a hasta 3.1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32520.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32520.json index a82c0429f7c..3d8c1507f4a 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32520.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32520.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Webcodin WCP Contact Form permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al formulario de contacto de WCP: desde n/a hasta 3.1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32574.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32574.json index 40fc9217e37..ee26b03818f 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32574.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32574.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Fahad Mahmood Injection Guard permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Injection Guard: desde n/a hasta 1.2.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32581.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32581.json index 7188de32630..c59c601e13d 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32581.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32581.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en MobileMonkey WP-Chatbot para Messenger permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP-Chatbot para Messenger: desde n/a hasta 4.7." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32585.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32585.json index 6c333818bd2..7c2719f9716 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32585.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32585.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Total-Soft Portfolio Gallery \u2013 Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery \u2013 Responsive Image Gallery: from n/a through 1.4.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Total-Soft Portfolio Gallery \u2013 Responsive Image Gallery permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Portfolio Gallery \u2013 Responsive Image Gallery: desde n/a hasta 1.4.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32586.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32586.json index 87e60710e20..60f5bfb3bab 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32586.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32586.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Thomas Michalak Soundcloud Is Gold permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Soundcloud Is Gold: desde n/a hasta 2.5.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32593.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32593.json index f603720f76a..2379e1fb04a 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32593.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32593.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en GS Plugins GS Pins for Pinterest permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a GS Pins para Pinterest: desde n/a hasta 1.6.7." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32599.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32599.json index da500651d7f..bd1e66c8c8f 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32599.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32599.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Bill Minozzi reCAPTCHA for all permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a reCAPTCHA para todos: desde n/a hasta 1.22." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32601.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32601.json index f7a2779e123..c81f0aec1ce 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32601.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32601.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Booking Ultra Pro Booking Ultra Pro permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Booking Ultra Pro: desde n/a hasta 1.1.12." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32798.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32798.json index 69f30250e6f..80335e37fe3 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32798.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32798.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en 10up Simple Page Ordering permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Simple Page Ordering: desde n/a hasta 2.5.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32963.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32963.json index d3f83e65407..7e30216f419 100644 --- a/CVE-2023/CVE-2023-329xx/CVE-2023-32963.json +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32963.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in a3rev Software WooCommerce Predictive Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Predictive Search: from n/a through 5.8.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en a3rev Software WooCommerce Predictive Search permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WooCommerce Predictive Search: desde n/a hasta 5.8.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33215.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33215.json index 258c74e64ef..3735036960d 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33215.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33215.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Tagbox Taggbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through 3.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Tagbox Taggbox permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Taggbox: desde n/a hasta 3.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33324.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33324.json index 6bf2c636fd3..92e77bd9409 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33324.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33324.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en wppal Easy Captcha permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Easy Captcha: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33928.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33928.json index f90d885fa32..9094fce55bb 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33928.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33928.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en WebToffee WordPress Backup y Migration permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WordPress Backup y Migration: desde n/a hasta 1.4.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33994.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33994.json index c6cce5951bf..5df4efeaeb2 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33994.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33994.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through 5.0.5.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Jason Crouse, VeronaLabs Slimstat Analytics permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Slimstat Analytics: desde n/a hasta 5.0.5.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33995.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33995.json index 47406a069b2..a99c3477db0 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33995.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33995.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Photo Gallery Team Photo Gallery by 10Web permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Photo Gallery de 10Web: desde n/a hasta 1.8.15." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33996.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33996.json index 8c7c4b560f4..784f5a88829 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33996.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33996.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in \u0421leanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through 6.10." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en ?leanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a la protecci\u00f3n antispam, AntiSpam y FireWall de CleanTalk: desde n/a hasta 6.10." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33998.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33998.json index 2c0c4fbea5b..31a3a88ae4f 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33998.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33998.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in cybernetikz Easy Social Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Icons: from n/a through 3.2.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en cybernetikz Easy Social Icons permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Easy Social Icons: desde n/a hasta 3.2.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34009.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34009.json index a424ae4afec..50c0b04499b 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34009.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34009.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Inisev Social Media & Share Icons permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los \u00edconos de redes sociales y para compartir: desde n/a hasta 2.8.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34014.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34014.json index 2ffee70a564..b65f44f7a96 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34014.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34014.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en G5Theme Grid Plus permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Grid Plus: desde n/a hasta 1.3.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34019.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34019.json index fb20b37332e..3cfd887de9b 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34019.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34019.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Uncanny Owl Uncanny Toolkit para LearnDash permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Uncanny Toolkit para LearnDash: desde n/a hasta 3.6.4.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34376.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34376.json index 5fb5c534dda..b9981827a4e 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34376.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34376.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Rextheme Change WooCommerce Add To Cart Button Text permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Cambiar texto de bot\u00f3n Agregar al carrito de WooCommerce: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34381.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34381.json index 3771b649965..dcc02a5bd0f 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34381.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34381.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Gesundheit Bewegt GmbH Zippy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zippy: from n/a through 1.6.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Gesundheit Bewegt GmbH Zippy permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Zippy: desde n/a hasta 1.6.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34387.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34387.json index ced54a738fa..0fc3a4594a2 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34387.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34387.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Constant Contact Constant Contact Forms permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Constant Contact Forms: desde n/a hasta 2.0.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34990.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34990.json index 43bc24c72f3..add96cf941e 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34990.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34990.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@fortinet.com", "published": "2024-12-18T13:15:05.547", "lastModified": "2024-12-18T15:15:06.137", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests." + }, + { + "lang": "es", + "value": "Path traversal relativo en Fortinet FortiWLM versi\u00f3n 8.6.0 a 8.6.5 y 8.5.0 a 8.5.4 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes web especialmente manipuladas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35037.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35037.json index 3b4a2d50ae1..c5b6de4505a 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35037.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35037.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through 1.3.2.357." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Surfer Surfer permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Surfer: desde n/a hasta 1.3.2.357." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35046.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35046.json index 3e03b1a35ff..d9cd1f5a992 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35046.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35046.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Dynamic.ooo Dynamic Visibility para Elementor permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Dynamic Visibility para Elementor: desde n/a hasta 5.0.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35051.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35051.json index d08c48f3cb7..00ba604bec4 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35051.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35051.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Cimatti Consulting Contact Forms by Cimatti permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los formularios de contacto de Cimatti: desde n/a hasta 1.5.7." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35052.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35052.json index d506250fda2..e5105d01468 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35052.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35052.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through 7.5.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Directorist: desde n/a hasta 7.5.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35777.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35777.json index f5432d53e4b..ff077a4f80e 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35777.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35777.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through 6.1.2.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en The Events Calendar The Events Calendar permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a The Events Calendar: desde n/a hasta 6.1.2.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35875.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35875.json index d385c93de74..3b85865f173 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35875.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35875.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Jegstudio Gutenverse permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Gutenverse: desde n/a hasta 1.8.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36506.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36506.json index e041a80c6d6..b5124a12b65 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36506.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36506.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en YITH YITH WooCommerce Waiting List permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a YITH WooCommerce Waiting List: desde n/a hasta 2.13.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36509.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36509.json index 86cc3a69c25..4a429f305b8 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36509.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36509.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Suresh Chand CHP Ads Block Detector permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a CHP Ads Block Detector: desde n/a hasta 3.9.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36510.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36510.json index c8831d514f0..b5b4512519e 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36510.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36510.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Reservation Diary ReDi Restaurant Reservation permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a ReDi Restaurant Reservation: desde n/a hasta 23.0211." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36518.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36518.json index 3670f5cc80c..8863ce8d0b6 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36518.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36518.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Hit Counter: from n/a through 1.3.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Hugh Lashbrooke Post Hit Counter permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Post Hit Counter: desde n/a hasta 1.3.2. " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36519.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36519.json index 402c0afb97f..e5f10ce41c3 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36519.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36519.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in wpthemego SW Product Bundles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SW Product Bundles: from n/a through 2.0.15." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en wpthemego SW Product Bundles permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los paquetes de productos SW: desde n/a hasta 2.0.15." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36526.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36526.json index af613e9a2c6..a74a9d67f40 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36526.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36526.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplicate Post Page Menu & Custom Post Type: from n/a through 2.4.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Inqsys Technology Duplicate Post Page Menu & Custom Post Type permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al men\u00fa de p\u00e1gina de publicaci\u00f3n duplicada y al tipo de publicaci\u00f3n personalizada: desde n/a hasta 2.4.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36528.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36528.json index 368facb0a44..9a3cb8ccfc0 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36528.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36528.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en FeedbackWP kk Star Ratings permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a kk Star Ratings: desde n/a hasta 5.4.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36531.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36531.json index 17efaea0c2f..08192a49f4d 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36531.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36531.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in LiquidPoll LiquidPoll \u2013 Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll \u2013 Advanced Polls for Creators and Brands: from n/a through 3.3.68." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en LiquidPoll LiquidPoll \u2013 Advanced Polls para Creators and Brands permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a LiquidPoll \u2013 Advanced Polls para Creators and Brands: desde n/a hasta 3.3.68." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36680.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36680.json index 85558d29b38..03c5966c6d4 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36680.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36680.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Iulia Cazan Image Regenerate & Select Crop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Regenerate & Select Crop: from n/a through 7.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Iulia Cazan Image Regenerate & Select Crop permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Image Regenerate & Select Crop: desde n/a hasta 7.1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36681.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36681.json index 7132439f507..f157e1bc9c6 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36681.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36681.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets \u2013 Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets \u2013 Price Ticker & Coins List: from n/a through 2.6.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Cool Plugins Cryptocurrency Widgets \u2013 Price Ticker & Coins List permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los widgets de criptomonedas, el indicador de precios y la lista de monedas: desde n/a hasta 2.6.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37887.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37887.json index a248aa5bd62..e85aea2cbf0 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37887.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37887.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en WPSchoolPress Team WPSchoolPress permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WPSchoolPress: desde n/a hasta 2.2.7." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37940.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37940.json index bc58054d386..cf3da6be6f3 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37940.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37940.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@liferay.com", "published": "2024-12-17T22:15:05.080", "lastModified": "2024-12-17T22:15:05.080", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) en Service Access Policy page en Liferay Portal 7.0.0 a 7.4.3.87, y Liferay DXP 7.4 GA a la actualizaci\u00f3n 87, 7.3 GA a la actualizaci\u00f3n 29 y versiones anteriores no compatibles permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo de texto \"Clase de servicio\" de una pol\u00edtica de acceso al servicio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37967.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37967.json index 8d928334a7b..f4c9b37dfe9 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37967.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37967.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Designinvento DirectoryPress permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a DirectoryPress: desde n/a hasta 3.6.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37969.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37969.json index efc82ebcd89..242aab4ddbf 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37969.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37969.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en African Boss Checkout with Zelle en Woocommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Checkout con Zelle en Woocommerce: desde n/a hasta 3.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37971.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37971.json index a5d3d6a4f3a..04f5216620f 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37971.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37971.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en MultiVendorX WooCommerce Product Stock Alert permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WooCommerce Product Stock Alert: desde n/a hasta 2.0.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37984.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37984.json index 97461147b9b..daff60d06cb 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37984.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37984.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en ExpressTech Quiz And Survey Master permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.1.10." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37987.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37987.json index d9015a50321..701e9bfccc2 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37987.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37987.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through 1.1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en miniOrange YourMembership Single Sign On permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a YourMembership Single Sign On: desde n/a hasta 1.1.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37989.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37989.json index 9da735eaee7..e68e831c146 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37989.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37989.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shipping Rates: from n/a through 0.9.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Easyship Easyship WooCommerce Shipping Rates permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Easyship WooCommerce Shipping Rates: desde n/a hasta 0.9.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38383.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38383.json index ced56fc43e9..e921d54645f 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38383.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38383.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en OnTheGoSystems Language permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al lenguaje: desde n/a hasta 1.2.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38385.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38385.json index 544fbf367d1..2568b888ab9 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38385.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38385.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Artbees JupiterX Core permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a JupiterX Core: desde la versi\u00f3n 3.0.0 hasta la 3.3.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38475.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38475.json index cb12d5e42f6..a3e3d3ce53c 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38475.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38475.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in RedNao Donations Made Easy \u2013 Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy \u2013 Smart Donations: from n/a through 4.0.12." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en RedNao Donations Made Easy \u2013 Smart Donations permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Donations Made Easy \u2013 Smart Donations: desde n/a hasta 4.0.12." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38477.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38477.json index 7d24b8536f6..382deee83b9 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38477.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38477.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Stanislav Kuznetsov QR code MeCard/vCard generator permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al generador de c\u00f3digos QR MeCard/vCard: desde n/a hasta 1.6.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38479.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38479.json index b4dbbb833f7..5a2f2d18477 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38479.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38479.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Codents Simple Googlebot Visit permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Simple Googlebot Visit: desde n/a hasta 1.2.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38480.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38480.json index 02a40bb7a9f..a2f6cd85362 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38480.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38480.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Certain Dev Booster Elementor Addons permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los complementos de Booster Elementor: desde n/a hasta 1.4.9." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38483.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38483.json index 5c0878a089a..e136955f07a 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38483.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38483.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Dylan Blokhuis Instant CSS permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Instant CSS: desde n/a hasta 1.1.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38514.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38514.json index d7b824c2f14..1aa4dc0d4a8 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38514.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38514.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.5.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en social share pro Social Share Icons & Social Share Buttons permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Social Share Icones & Social Share Buttons: desde n/a hasta 3.5.7." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39305.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39305.json index 87294ac88f7..38f7356b4f3 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39305.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39305.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in YetAnotherStarsRating.com Yet Another Stars Rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Another Stars Rating: from n/a through 3.4.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en YetAnotherStarsRating.com Yet Another Stars Rating permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Yet Another Stars Rating: desde n/a hasta 3.4.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39920.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39920.json index 67d8f2bbbcb..8589c45c4c2 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39920.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39920.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through 2.9.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Themeisle Redirection para Contact Form 7 permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a la redirecci\u00f3n para Contact Form 7: desde n/a hasta 2.9.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39995.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39995.json index a9faf805f85..262860a130a 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39995.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39995.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en WP OnlineSupport, Essential Plugin Portfolio and Projects permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Portfolio y Proyectos: desde n/a hasta 1.3.7." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39996.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39996.json index 77e6c4eac02..ba72669d287 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39996.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39996.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion and Accordion Slider: from n/a through 1.2.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en WP OnlineSupport, Essential Plugin Accordion y Accordion Slider permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Accordion y Accordion Slider: desde n/a hasta 1.2.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39997.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39997.json index fd8ec0be5dd..013b731a43d 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39997.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39997.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en supsystic.com Popup de Supsystic permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Popup de Supsystic: desde n/a hasta 1.10.19." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40001.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40001.json index ec82f2f64ae..c575e980844 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40001.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40001.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en SolidWP iThemes Sync permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a iThemes Sync: desde n/a hasta 2.1.13." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40003.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40003.json index 0143cfc2848..0323d76960d 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40003.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40003.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en weDevs WP Project Manager permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Project Manager: desde n/a hasta 2.6.7." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40005.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40005.json index 5dbafc92e46..fcdf1ec5a5d 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40005.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40005.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Easy Digital Downloads Easy Digital Downloads permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.1.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40011.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40011.json index d067de29a72..502b6d31864 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40011.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40011.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en StylemixThemes Cost Calculator Builder permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al generador de calculadora de costos: desde n/a hasta 3.1.42." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40203.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40203.json index d1d849808f5..b647d967b1f 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40203.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40203.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en MailMunch MailChimp Forms de MailMunch permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a MailChimp Forms de MailMunch: desde n/a hasta 3.1.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40213.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40213.json index 1874703d491..9a28ad2e71b 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40213.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40213.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Mateusz Czardybon Justified Gallery permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Justified Gallery: desde n/a hasta 1.7.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40331.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40331.json index 1fce3aeb51e..18c58a46af8 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40331.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40331.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en bqworks Accordion Slider permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Accordion Slider: desde n/a hasta 1.9.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40334.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40334.json index f1698dc0498..9fbc2aadc1b 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40334.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40334.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in realmag777 HUSKY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through 1.3.4.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en realmag777 HUSKY permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a HUSKY: desde n/a hasta 1.3.4.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40670.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40670.json index 4101b9471de..13766ff7179 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40670.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40670.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en ReviewX Team ReviewX permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a ReviewX: desde n/a hasta 1.6.17." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40678.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40678.json index 2265ef514d5..ff42508ff90 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40678.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40678.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Lasso Simple URLs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through 117." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Lasso Simple URLs permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a las URL simples: desde n/a hasta 117." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41130.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41130.json index 100abe8818f..b8175414265 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41130.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41130.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Premmerce Premmerce User Roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through 1.0.12." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Premmerce Premmerce User Roles permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los roles de usuario de Premmerce: desde n/a hasta 1.0.12." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41132.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41132.json index fd6920b12f8..1d73025d83c 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41132.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41132.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Category Slider for WooCommerce: from n/a through 1.4.15." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en ShapedPlugin LLC Category Slider para WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Category Slider para WooCommerce: desde n/a hasta 1.4.15." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41133.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41133.json index ad4f6acbbf2..0086cbeb108 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41133.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41133.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Authentication Bypass by Spoofing vulnerability in Michal Nov\u00e1k Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n por suplantaci\u00f3n de identidad en Michal Nov\u00e1k Secure Admin IP permite omitir la funcionalidad. Este problema afecta a Secure Admin IP: desde n/a hasta 2.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41649.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41649.json index 18ed53ed580..c3f349e6882 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41649.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41649.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Ovic Team Ovic Product Bundle permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al paquete de productos Ovic: desde n/a hasta 1.1.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41664.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41664.json index 71e650841f7..44fe56d3065 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41664.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41664.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in AlphaBPO Easy Newsletter Signups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Newsletter Signups: from n/a through 1.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en AlphaBPO Easy Newsletter Signups permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Easy Newsletter Signups: desde n/a hasta 1.0.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41671.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41671.json index 615192156f6..58be6a5ddf2 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41671.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41671.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through 5.16.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Tyche Softwares Abandoned Cart Lite para WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Abandoned Cart Lite para WooCommerce: desde n/a hasta 5.16.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41683.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41683.json index 67b54c445dc..68bc0d0c1ec 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41683.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41683.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Pechenki TelSender permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a TelSender: desde n/a hasta 1.14.11." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41686.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41686.json index 3e86fd274f9..be8735e790a 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41686.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41686.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en ilGhera Woocommerce Support System permite Cross-Site Request Forgery. Este problema afecta al sistema de soporte Woocommerce: desde n/a hasta 1.2.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41688.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41688.json index d88019c9d39..d294d503cf3 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41688.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41688.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Mad Fish Digital Bulk NoIndex & NoFollow Toolkit permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Bulk NoIndex & NoFollow Toolkit: desde n/a hasta 1.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41689.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41689.json index ade66ffb048..3e3dff4e1d1 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41689.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41689.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a through 3.1.14." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Koen Reus Post en Google My Business (perfil comercial de Google) permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Post en Google My Business (perfil comercial de Google): desde n/a hasta 3.1.14." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41690.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41690.json index 7296d16246d..e19c44a6c83 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41690.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41690.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Wiser Notify WiserNotify Social Proof permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WiserNotify Social Proof: desde n/a hasta 2.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41695.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41695.json index 6c2fa9de5b2..400393a8c4e 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41695.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41695.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Analytify Analytify permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Analytify: desde n/a hasta 5.1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41802.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41802.json index 3d335467680..fec49ea2c88 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41802.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41802.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Team Heat o Super Socializer permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Super Socializer: desde n/a hasta 7.13.54." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41803.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41803.json index 455374621ed..b3654778abd 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41803.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41803.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BitPay Checkout for WooCommerce: from n/a through 4.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en BitPay BitPay Checkout para WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a BitPay Checkout para WooCommerce: desde n/a hasta 4.1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41848.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41848.json index ba29d914b5e..00e78fae0cb 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41848.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41848.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Majeed Raza Carousel Slider permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Carousel Slider: desde n/a hasta 2.2.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41849.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41849.json index 193b4da4115..54ff0d877d8 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41849.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41849.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en WP Happy Coders Posts Like Dislike permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Posts Like Dislike: desde n/a hasta 1.1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41857.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41857.json index 1f767650e6e..4ed72c0aa5b 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41857.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41857.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.14." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en ClickToTweet.com Click To Tweet permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Click To Tweet: desde n/a hasta 2.0.14." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41862.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41862.json index 7acb8cbe632..9126a722244 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41862.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41862.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autenticaci\u00f3n d\u00e9bil en Guido VS Contact Form permite el abuso de autenticaci\u00f3n. Este problema afecta a VS Contact Form: desde n/a hasta 14.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41865.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41865.json index c33784138eb..aa2d84b16f5 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41865.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41865.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in bqworks Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Pro: from n/a through 4.8.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en bqworks Slider Pro permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Slider Pro: desde n/a hasta 4.8.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41866.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41866.json index cc739b7721c..f2cb6ea5fb3 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41866.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41866.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Team Plugins360 Automatic YouTube Gallery permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a la Galer\u00eda autom\u00e1tica de YouTube: desde n/a hasta 2.3.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41869.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41869.json index 3012324367b..19f13037f3d 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41869.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41869.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Alex Volkov WP Accessibility Helper (WAH) permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Accessibility Helper (WAH): desde n/a hasta 0.6.2.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41870.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41870.json index fb114678025..e7ef70c120e 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41870.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41870.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Themeum WP Crowdfunding permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Crowdfunding: desde n/a hasta 2.1.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41873.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41873.json index 26fe37b9525..e450d46b8c1 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41873.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41873.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en miniOrange SAML SP Single Sign On permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a SAML SP Single Sign On: desde n/a hasta 5.0.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41875.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41875.json index 2731baf1bd9..b9a0ae1be2e 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41875.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41875.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en wpdirectorykit.com WP Directory Kit permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Directory Kit: desde n/a hasta 1.2.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41951.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41951.json index 9e5ae7fcb98..7dac00e42bc 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41951.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41951.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en rtCamp rtMedia para WordPress, BuddyPress y bbPress permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a rtMedia para WordPress, BuddyPress y bbPress: desde n/a hasta 4.6.14." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41952.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41952.json index b38059466e7..b6f95f3602d 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41952.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41952.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Contact Form - WPManageNinja LLC FluentForm permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a FluentForm: desde n/a hasta 5.0.8." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43054.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43054.json index 416263da417..e9bb6db803e 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43054.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43054.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-03-03T13:15:06.880", "lastModified": "2024-11-21T08:23:39.313", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44142.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44142.json index 047ca6600d4..5a3c89242d0 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44142.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44142.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Inactive Logout Inactive Logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through 3.2.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Inactive Logout Inactive Logout permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al cierre de sesi\u00f3n inactivo: desde n/a hasta 3.2.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44147.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44147.json index 8ea61193863..d97beb47499 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44147.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44147.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Apasionados Comment Blacklist Updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comment Blacklist Updater: from n/a through 1.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Apasionados Comment Blacklist Updater permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Comment Blacklist Updater: desde n/a hasta 1.1.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44149.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44149.json index 321fa40b874..1c5a1ada8ab 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44149.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44149.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in BeRocket Brands for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through 3.8.2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en BeRocket Brands para WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Brands for WooCommerce: desde n/a hasta 3.8.2.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4617.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4617.json index 345103ef281..54d155305e3 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4617.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4617.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing \"device\", \"sku\" and \"type\" fields' values.\u00a0\nThis issue affects Govee Home applications on Android and iOS in versions\u00a0before 5.9." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de autorizaci\u00f3n incorrecta en el m\u00e9todo HTTP POST de la aplicaci\u00f3n Govee Home en Android e iOS permite a un atacante remoto controlar dispositivos propiedad de otros usuarios modificando los valores de los campos \"device\", \"sku\" y \"type\". Este problema afecta a las aplicaciones Govee Home en Android e iOS en versiones anteriores a la 5.9." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47742.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47742.json index 52d7c9e4008..22643f74492 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47742.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47742.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-03-03T13:15:07.090", "lastModified": "2024-11-21T08:30:44.953", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47745.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47745.json index 7a84f30b115..90c6ce1bc86 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47745.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47745.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-03-03T12:15:36.280", "lastModified": "2024-11-21T08:30:45.087", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4860.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4860.json index 9e37abb4ea3..2c00b685b1f 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4860.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4860.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-07-16T23:15:11.070", "lastModified": "2024-11-21T08:36:07.650", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50956.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50956.json index c2e9fd1cf8f..b288505fe9b 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50956.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50956.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-18T16:15:10.597", "lastModified": "2024-12-18T16:15:10.597", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 \n\ncould allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text." + }, + { + "lang": "es", + "value": "IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.9 podr\u00eda permitir que un usuario privilegiado obtenga credenciales de usuario altamente confidenciales a partir de claves secretas almacenadas en texto plano." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52649.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52649.json index 9da4ece69e6..abf5526fef7 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52649.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52649.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:48.280", "lastModified": "2024-11-21T08:40:17.107", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52650.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52650.json index 26622110f95..3006fcdd1e3 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52650.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52650.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:48.323", "lastModified": "2024-11-21T08:40:17.237", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7010.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7010.json index 980d33d005f..020024e37ef 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7010.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7010.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-07-16T23:15:11.140", "lastModified": "2024-11-21T08:45:01.507", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7011.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7011.json index 5262ae0e676..2490c505fb1 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7011.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7011.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-07-16T23:15:11.210", "lastModified": "2024-11-21T08:45:01.717", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7012.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7012.json index 28578f7baa1..a2db7ac8676 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7012.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7012.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-07-16T23:15:11.270", "lastModified": "2024-11-21T08:45:01.923", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7261.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7261.json index a8da4f6ef3b..d29882db7f0 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7261.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7261.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-06-07T20:15:10.887", "lastModified": "2024-11-21T08:45:37.777", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7281.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7281.json index 215143a0cae..61f01be728f 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7281.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7281.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-23T22:15:03.027", "lastModified": "2024-09-26T13:32:55.343", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7282.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7282.json index 178f5623901..629700f47fe 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7282.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7282.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-09-23T22:15:03.083", "lastModified": "2024-09-26T13:32:55.343", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0765.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0765.json index 5d64fbd12d8..6de48285213 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0765.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0765.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-03-03T15:15:07.113", "lastModified": "2024-11-21T08:47:19.380", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10205.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10205.json index b28909269c5..ab46308063a 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10205.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10205.json @@ -3,12 +3,16 @@ "sourceIdentifier": "hirt@hitachi.co.jp", "published": "2024-12-17T02:15:04.670", "lastModified": "2024-12-17T02:15:04.670", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authentication Bypass\nvulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics \n\ncomponent\n\n).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Hitachi Ops Center Analyzer en Linux, 64 bits (componente de vista detallada de Hitachi Ops Center Analyzer), Hitachi Infrastructure Analytics Advisor en Linux, 64 bits (componente Hitachi Data Center Analytics). Este problema afecta a Hitachi Ops Center Analyzer: desde 10.0.0-00 hasta 11.0.3-00; Hitachi Infrastructure Analytics Advisor: desde 2.1.0-00 hasta 4.4.0-00." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10244.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10244.json index 8cbc5317b43..dcb1302c15f 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10244.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10244.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en ISDO Software Web Software permite la inyecci\u00f3n SQL. Este problema afecta al software web: anterior a 3.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10356.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10356.json index 24ffd646038..320553666f8 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10356.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10356.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T13:15:17.520", "lastModified": "2024-12-17T13:15:17.520", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." + }, + { + "lang": "es", + "value": "El complemento ElementsReady Addons for Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 6.4.8 incluida en inc/Widgets/accordion/output/content.php. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos confidenciales de plantillas privadas, pendientes y en borrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10476.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10476.json index 9d05b76fc8d..1d60383f458 100644 --- a/CVE-2024/CVE-2024-104xx/CVE-2024-10476.json +++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10476.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cybersecurity@bd.com", "published": "2024-12-17T16:15:23.390", "lastModified": "2024-12-17T16:15:23.390", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys\u2122 Informatics\nSolution is only in scope of\nthis vulnerability when\ninstalled on a NUC server. BD Synapsys\u2122\nInformatics Solution installed\non a customer-provided virtual machine or on the BD Kiestra\u2122 SCU hardware is\nnot in scope." + }, + { + "lang": "es", + "value": "Las credenciales predeterminadas se utilizan en BD Diagnostic Solutions products enumerados anteriormente. Si se explota esta vulnerabilidad, los actores de amenazas pueden acceder, modificar o eliminar datos, incluida informaci\u00f3n confidencial como informaci\u00f3n m\u00e9dica protegida (PHI) e informaci\u00f3n de identificaci\u00f3n personal (PII). La explotaci\u00f3n de esta vulnerabilidad puede permitir que un atacante apague o afecte de otro modo la disponibilidad del sistema. Nota: BD Synapsys\u2122 Informatics Solution solo est\u00e1 dentro del alcance de esta vulnerabilidad cuando se instala en un servidor NUC. BD Synapsys\u2122 Informatics Solution instalada en una m\u00e1quina virtual proporcionada por el cliente o en el hardware BD Kiestra\u2122 SCU no est\u00e1 dentro del alcance." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10487.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10487.json index 776a966d00d..ff17fb94a41 100644 --- a/CVE-2024/CVE-2024-104xx/CVE-2024-10487.json +++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10487.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-10-29T22:15:03.430", "lastModified": "2024-11-01T12:57:35.843", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10488.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10488.json index e6649271fc2..eae1f82ce20 100644 --- a/CVE-2024/CVE-2024-104xx/CVE-2024-10488.json +++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10488.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-10-29T22:15:03.523", "lastModified": "2024-11-01T12:57:35.843", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10548.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10548.json index a8b562c3405..cf18ae0d7cc 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10548.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10548.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the hashed passwords of project owners (e.g. adminstrators)." + }, + { + "lang": "es", + "value": "El complemento WP Project Manager para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.6.15 incluida a trav\u00e9s del endpoint de la API REST de la lista de tareas del proyecto ('/wp-json/pm/v2/projects/1/task-lists'). Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, extraigan datos confidenciales, incluidas las contrase\u00f1as cifradas de los propietarios del proyecto (por ejemplo, los administradores)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10646.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10646.json index 1610b78f7cd..212d85b6362 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10646.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10646.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T06:15:18.863", "lastModified": "2024-12-14T06:15:18.863", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro subject del formulario en todas las versiones hasta la 5.2.6 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10690.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10690.json index 0a995f4ce69..1cd8146ad0d 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10690.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10690.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T06:15:19.057", "lastModified": "2024-12-14T06:15:19.057", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento Shortcodes para Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 1.0.4 incluida a trav\u00e9s del shortcode 'SHORTCODE_ELEMENTOR' debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones privadas y borradores creadas con Elementor a las que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10826.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10826.json index afc64858f9a..a7212131929 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10826.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10826.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-06T17:15:13.930", "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10827.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10827.json index 3d196d5edab..ee08d22d2fd 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10827.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10827.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-06T17:15:14.030", "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10892.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10892.json index a332cd9713c..e0849fdb9a7 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10892.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10892.json @@ -3,12 +3,16 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2024-12-18T06:15:21.567", "lastModified": "2024-12-18T15:15:08.067", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks." + }, + { + "lang": "es", + "value": "El complemento Cost Calculator Builder de WordPress anterior a la versi\u00f3n 3.2.43 no tiene comprobaciones CSRF en algunas acciones AJAX, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados realicen acciones no deseadas a trav\u00e9s de ataques CSRF." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10972.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10972.json index ec837401b53..e07434f79c0 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10972.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10972.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@rapid7.com", "published": "2024-12-16T15:15:06.067", "lastModified": "2024-12-16T16:15:05.880", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD\u00a0with a parallel thread changing the memory\u2019s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the\u00a0userspace to change page permissions half way through the routine.\u00a0 A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations." + }, + { + "lang": "es", + "value": "Las versiones 4.1 y anteriores de Velocidex WinPmem sufren una vulnerabilidad de validaci\u00f3n de entrada incorrecta mediante la cual un atacante con acceso de administrador puede generar un BSOD con un subproceso paralelo que cambia el derecho de acceso a la memoria bajo el control de la aplicaci\u00f3n en modo de usuario. Esto se debe a que la verificaci\u00f3n solo se realiza al comienzo de la rutina, lo que permite que el espacio de usuario cambie los permisos de la p\u00e1gina a mitad de la rutina. Un workaround v\u00e1lida es una regla para detectar la carga no autorizada de winpmem fuera de las operaciones de respuesta a incidentes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10973.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10973.json index 8493ee50b63..b7ebe26c459 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10973.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10973.json @@ -3,12 +3,16 @@ "sourceIdentifier": "secalert@redhat.com", "published": "2024-12-17T23:15:05.423", "lastModified": "2024-12-17T23:15:05.423", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Keycloak. La opci\u00f3n de entorno `KC_CACHE_EMBEDDED_MTLS_ENABLED` no funciona y la configuraci\u00f3n de replicaci\u00f3n de JGroups siempre se utiliza en texto plano, lo que puede permitir que un atacante que tenga acceso a redes adyacentes relacionadas con JGroups lea informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1093.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1093.json index 5bc7c0531c8..0f20a0dac3e 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1093.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1093.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-05T02:15:25.970", "lastModified": "2024-11-21T08:49:46.857", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1095.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1095.json index 66c954cfa34..0e459863829 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1095.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1095.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-05T02:15:26.130", "lastModified": "2024-11-21T08:49:47.093", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11095.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11095.json index 9ddd3bccd48..c93aa756e2f 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11095.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11095.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:06.370", "lastModified": "2024-12-14T05:15:06.370", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento Visualmodo Elements para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de las cargas de archivos SVG de la API REST en todas las versiones hasta la 1.0.2 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11110.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11110.json index 86ff7550c62..34e42721ddb 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11110.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11110.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:10.920", "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11111.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11111.json index cefe9ebf0d4..8f9b5757a59 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11111.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11111.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.000", "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11112.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11112.json index 91e03695f06..a4a969a496a 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11112.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11112.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.057", "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11113.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11113.json index 0f2b335db94..0f1b3b6e4bf 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11113.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11113.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.143", "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11114.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11114.json index db88fd1bf0d..1ddb0188b38 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11114.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11114.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.223", "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11115.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11115.json index 44c8ce6693d..92c80e41342 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11115.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11115.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.280", "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11116.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11116.json index ac53c3adf57..c4f1975703c 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11116.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11116.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.340", "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11117.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11117.json index 216e9de57f2..487a0bd1cfb 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11117.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11117.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.393", "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11144.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11144.json index 53afa354aff..8c532037692 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11144.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11144.json @@ -3,12 +3,16 @@ "sourceIdentifier": "disclosure@synopsys.com", "published": "2024-12-16T17:15:07.327", "lastModified": "2024-12-16T17:15:07.327", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it could lead to incomplete file transfers, potentially corrupting data. The repeated crash might also affect the stability of the underlying system, especially if it leads to resource leaks or affects other services." + }, + { + "lang": "es", + "value": "El servidor carece de seguridad de subprocesos y puede bloquearse debido a datos an\u00f3malos enviados por un usuario an\u00f3nimo desde una red remota. El bloqueo hace que el servicio FTP deje de estar disponible, lo que afecta a todos los usuarios y procesos que dependen de \u00e9l para las transferencias de archivos. Si el bloqueo se produce durante la carga o descarga de archivos, podr\u00eda provocar transferencias de archivos incompletas, lo que podr\u00eda da\u00f1ar los datos. El bloqueo repetido tambi\u00e9n puede afectar la estabilidad del sistema subyacente, especialmente si provoca fugas de recursos o afecta a otros servicios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11157.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11157.json index a66bd12a439..f320af9d4f7 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11157.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11157.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A third-party vulnerability exists in the Rockwell Automation Arena\u00ae that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de terceros en Rockwell Automation Arena\u00ae que podr\u00eda permitir que un actor de amenazas escriba m\u00e1s all\u00e1 de los l\u00edmites de la memoria asignada en un archivo DOE. Si se explota, un actor de amenazas podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario. Para explotar esta vulnerabilidad, un usuario leg\u00edtimo debe ejecutar el c\u00f3digo malicioso manipulado por el actor de amenazas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11254.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11254.json index 62bb52e63e5..3814cfe961b 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11254.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11254.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T04:15:07.053", "lastModified": "2024-12-18T04:15:07.053", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento AMP for WP \u2013 Accelerated Mobile Pages para WordPress es vulnerable a ataques de Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro disqus_name en todas las versiones hasta la 1.1.1 incluida, debido a una validaci\u00f3n de entrada insuficiente. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11280.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11280.json index ea896069e27..ce8a2d7ae6e 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11280.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11280.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T12:15:19.343", "lastModified": "2024-12-17T12:15:19.343", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator." + }, + { + "lang": "es", + "value": "El complemento PPWP \u2013 Password Protect Pages para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.9.5 incluida a trav\u00e9s de la funci\u00f3n de b\u00fasqueda principal de WordPress. Esto permite que atacantes no autenticados extraigan datos confidenciales de publicaciones que han sido restringidas a roles de nivel superior, como el de administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11291.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11291.json index 4f639d2aaca..ee49f07bfc6 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11291.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11291.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T12:15:08.710", "lastModified": "2024-12-18T12:15:08.710", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users." + }, + { + "lang": "es", + "value": "El complemento Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction de WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.13.4 incluida a trav\u00e9s de la funci\u00f3n de b\u00fasqueda principal de WordPress. Esto permite que atacantes no autenticados extraigan datos confidenciales de publicaciones que se han restringido a roles de nivel superior, como usuarios registrados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11294.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11294.json index a31a62ef3d0..cce0b8f7feb 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11294.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11294.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T09:15:05.193", "lastModified": "2024-12-17T09:15:05.193", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members." + }, + { + "lang": "es", + "value": "El complemento Memberful para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.73.9 incluida a trav\u00e9s de la funci\u00f3n de b\u00fasqueda principal de WordPress. Esto permite que atacantes no autenticados extraigan datos confidenciales de publicaciones que se han restringido a roles de nivel superior, como los miembros del sitio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11295.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11295.json index 4c900372d40..a80c8244f82 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11295.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11295.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T07:15:06.737", "lastModified": "2024-12-18T07:15:06.737", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users." + }, + { + "lang": "es", + "value": "El complemento Simple Page Access Restriction para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.0.29 incluida a trav\u00e9s de la funci\u00f3n de b\u00fasqueda principal de WordPress. Esto permite que atacantes no autenticados extraigan datos confidenciales de publicaciones que se han restringido a roles de nivel superior, como usuarios registrados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11358.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11358.json index a88c72def06..59396653ab7 100644 --- a/CVE-2024/CVE-2024-113xx/CVE-2024-11358.json +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11358.json @@ -3,12 +3,16 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-12-16T17:15:07.543", "lastModified": "2024-12-16T17:15:07.543", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider." + }, + { + "lang": "es", + "value": "Las versiones <=2.21.0 de las aplicaciones m\u00f3viles de Mattermost para Android no configuran correctamente los proveedores de archivos, lo que permite que un atacante con acceso local acceda a los archivos a trav\u00e9s del proveedor de archivos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11364.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11364.json index 70fc79f0be5..28746370c06 100644 --- a/CVE-2024/CVE-2024-113xx/CVE-2024-11364.json +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11364.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Another \u201cuninitialized variable\u201d code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor." + }, + { + "lang": "es", + "value": "Existe otra vulnerabilidad de ejecuci\u00f3n de c\u00f3digo de \u201cvariable no inicializada\u201d en Rockwell Automation Arena\u00ae que podr\u00eda permitir que un actor de amenazas manipular un archivo DOE y obligue al software a acceder a una variable antes de que se inicialice. Si se explota, un actor de amenazas podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario. Para explotar esta vulnerabilidad, un usuario leg\u00edtimo debe ejecutar el c\u00f3digo malicioso manipulado por el actor de amenazas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11422.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11422.json index 23d18ee956e..3f427db251b 100644 --- a/CVE-2024/CVE-2024-114xx/CVE-2024-11422.json +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11422.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:23.557", "lastModified": "2024-12-17T16:15:23.557", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, puede provocar una vulnerabilidad de escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, provocar da\u00f1os en los datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11439.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11439.json index 20c5a3ce497..9bdf57a342b 100644 --- a/CVE-2024/CVE-2024-114xx/CVE-2024-11439.json +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11439.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T03:15:24.583", "lastModified": "2024-12-18T03:15:24.583", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'scancircle' shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento ScanCircle para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado \"scancircle\" del complemento en todas las versiones hasta la 2.9.2 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11462.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11462.json index 7ee413248a5..09bdc805c1c 100644 --- a/CVE-2024/CVE-2024-114xx/CVE-2024-11462.json +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11462.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:06.560", "lastModified": "2024-12-14T05:15:06.560", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Filestack Official plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fstab' and 'filestack_options' parameters in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Filestack Official para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s de los par\u00e1metros 'fstab' y 'filestack_options' en todas las versiones hasta la 2.0.0 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten web scripts en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11578.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11578.json index d2f97db0ef3..e1f514fd437 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11578.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11578.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:16.920", "lastModified": "2024-11-22T21:15:16.920", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11614.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11614.json index 2037d345eda..affd2b7d214 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11614.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11614.json @@ -3,12 +3,16 @@ "sourceIdentifier": "secalert@redhat.com", "published": "2024-12-18T09:15:06.660", "lastModified": "2024-12-18T09:15:06.660", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en la funci\u00f3n de descarga de suma de comprobaci\u00f3n de la librer\u00eda DPDK's Vhost. Este problema permite que un invitado no confiable o comprometido bloquee el vSwitch del hipervisor falsificando descriptores Virtio para provocar lecturas fuera de los l\u00edmites. Esta falla permite que un atacante con una m\u00e1quina virtual maliciosa que utilice un controlador Virtio haga que el lado del usuario vhost se bloquee enviando un paquete con una solicitud de descarga de suma de comprobaci\u00f3n Tx y un desplazamiento csum_start no v\u00e1lido." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11616.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11616.json index cdee913d879..34ba8662902 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11616.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11616.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Netskope was made aware of a security vulnerability in Netskope Endpoint DLP\u2019s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes\u00a0argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction\u00a0function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory\u00a0call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue.\nThis issue affects Endpoint DLP version below R119." + }, + { + "lang": "es", + "value": "Netskope fue informado de una vulnerabilidad de seguridad en el controlador de control de contenido de Netskope Endpoint DLP, en la que un problema de doble b\u00fasqueda provoca un desbordamiento del mont\u00f3n. La vulnerabilidad surge del hecho de que el argumento NumberOfBytes de ExAllocatePoolWithTag y el argumento Length de RtlCopyMemory desreferencian de forma independiente su valor del b\u00fafer de entrada proporcionado por el usuario dentro de la funci\u00f3n EpdlpSetUsbAction, lo que se conoce como doble b\u00fasqueda. Si este valor de longitud aumenta hasta un valor mayor entre estas dos llamadas, la llamada RtlCopyMemory copiar\u00e1 el contenido de la memoria proporcionada por el usuario fuera del rango del b\u00fafer asignado, lo que provocar\u00e1 un desbordamiento del mont\u00f3n. Un atacante malintencionado necesitar\u00e1 privilegios de administrador para explotar el problema. Este problema afecta a la versi\u00f3n de Endpoint DLP anterior a R119." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11710.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11710.json index fc3aad2bf9c..380afdd330b 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11710.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11710.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T07:15:04.560", "lastModified": "2024-12-14T07:15:04.560", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento WP Job Portal \u2013 A Complete Recruitment System para Company y Job Board website para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de los par\u00e1metros 'fieldfor', 'visibleParent' e 'id' en todas las versiones hasta la 2.2.2 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que los atacantes autenticados, con acceso de nivel de administrador o superior, agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11711.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11711.json index ba7c9b7b1f7..46659b3adb6 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11711.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11711.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T07:15:06.187", "lastModified": "2024-12-14T07:15:06.187", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento WP Job Portal \u2013 A Complete Recruitment System para Company y Job Board website para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'resumeid' en todas las versiones hasta la 2.2.1 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11712.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11712.json index e0654c45f7b..80444d2a885 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11712.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11712.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T07:15:06.360", "lastModified": "2024-12-14T07:15:06.360", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes." + }, + { + "lang": "es", + "value": "El complemento WP Job Portal \u2013 A Complete Recruitment System para Company y Job Board website para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n getResumeFileDownloadById() en todas las versiones hasta la 2.2.2 incluida. Esto hace posible que atacantes no autenticados descarguen los curr\u00edculos de otros usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11713.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11713.json index 73344578089..fde71d31397 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11713.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11713.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T07:15:06.540", "lastModified": "2024-12-14T07:15:06.540", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento WP Job Portal \u2013 A Complete Recruitment System para Company y Job Board website para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'page_id' de la funci\u00f3n wpjobportal_deactivate() en todas las versiones hasta la 2.2.2 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que los atacantes autenticados, con acceso de nivel de administrador o superior, agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11714.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11714.json index 1b827d2a9fd..9c23a5ace3b 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11714.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11714.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T07:15:06.713", "lastModified": "2024-12-14T07:15:06.713", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento WP Job Portal \u2013 A Complete Recruitment System para Company y Job Board website para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'ff' de la funci\u00f3n getFieldsForVisibleCombobox() en todas las versiones hasta la 2.2.2 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que los atacantes autenticados, con acceso de nivel de administrador o superior, agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11715.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11715.json index cfa9be652ef..47b8d15e7ce 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11715.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11715.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T07:15:06.880", "lastModified": "2024-12-14T07:15:06.880", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer." + }, + { + "lang": "es", + "value": "El complemento WP Job Portal \u2013 A Complete Recruitment System para Company y Job Board website para WordPress es vulnerable al acceso no autorizado debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n assignmentUserRole() en todas las versiones hasta la 2.2.2 incluida. Esto permite que atacantes no autenticados eleven sus privilegios a los de un empleador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11720.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11720.json index 76a29e14055..888bab721f5 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11720.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11720.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T09:15:05.083", "lastModified": "2024-12-14T09:15:05.083", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when lower-level users have been granted access to submit specific forms, which is disabled by default." + }, + { + "lang": "es", + "value": "El complemento Frontend Admin de DynamiApps para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de formularios de env\u00edo en todas las versiones hasta la 3.24.5 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en el nuevo formulario de taxonom\u00eda. Esto permite que atacantes no autenticados inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo se puede explotar cuando a los usuarios de nivel inferior se les ha concedido acceso para enviar formularios espec\u00edficos, lo que est\u00e1 deshabilitado de forma predeterminada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11721.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11721.json index d66e0dfece9..a41ce181fec 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11721.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11721.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T09:15:06.383", "lastModified": "2024-12-14T09:15:06.383", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form." + }, + { + "lang": "es", + "value": "El complemento Frontend Admin de DynamiApps para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 3.24.5 incluida. Esto se debe a que no hay suficientes controles en el campo de selecci\u00f3n de rol de usuario cuando se utiliza el campo \"Rol\" en un formulario. Esto hace posible que atacantes no autenticados creen nuevas cuentas de usuario administrativo, incluso cuando el rol de usuario administrativo no se ha proporcionado como una opci\u00f3n para el usuario, siempre que se haya proporcionado acceso al formulario a usuarios no autenticados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11740.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11740.json index b87de1a1e69..cf22aa23d14 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11740.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11740.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + }, + { + "lang": "es", + "value": "El complemento Download Manager para WordPress es vulnerable a la ejecuci\u00f3n de c\u00f3digos cortos arbitrarios en todas las versiones hasta la 3.3.03 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11748.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11748.json index 704ebe4815c..ff35a10bda2 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11748.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11748.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T03:15:25.943", "lastModified": "2024-12-18T03:15:25.943", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Taeggie Feed para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'taeggie-feed' del complemento en todas las versiones hasta la 0.1.9 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11751.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11751.json index cdf6b742ae0..2d52c2e47de 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11751.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11751.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:06.923", "lastModified": "2024-12-14T05:15:06.923", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento TCBD Popover para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'tcbd-popover-image' del complemento en todas las versiones hasta la 1.2 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11752.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11752.json index 3faa7eb4c19..0988436f2d6 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11752.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11752.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T06:15:19.210", "lastModified": "2024-12-14T06:15:19.210", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Eveeno plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Eveeno para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto \"eveeno\" del complemento en todas las versiones hasta la 1.7 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11755.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11755.json index ff7cf69a8d2..f5cb426f851 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11755.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11755.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:07.100", "lastModified": "2024-12-14T05:15:07.100", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento IMS Countdown para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la configuraci\u00f3n de las publicaciones de Countdown en todas las versiones hasta la 1.3.4 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11759.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11759.json index 8e187c3ed76..f6df42d87ef 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11759.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11759.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:07.287", "lastModified": "2024-12-14T05:15:07.287", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bukza' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Bukza para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto 'bukza' del complemento en todas las versiones hasta la 2.0.0 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11763.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11763.json index d2eb38e6b35..527fca38515 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11763.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11763.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:07.457", "lastModified": "2024-12-14T05:15:07.457", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Plezi para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto \"plezi\" del complemento en todas las versiones hasta la 1.0.6 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11768.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11768.json index 3322b5b469e..f6f0aa88476 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11768.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11768.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files." + }, + { + "lang": "es", + "value": "El complemento Download Manager para WordPress es vulnerable a la descarga no autorizada de contenido protegido con contrase\u00f1a debido a una validaci\u00f3n incorrecta de la contrase\u00f1a en la funci\u00f3n checkFilePassword en todas las versiones hasta la 3.3.03 incluida. Esto permite que atacantes no autenticados descarguen archivos protegidos con contrase\u00f1a." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-117xx/CVE-2024-11770.json b/CVE-2024/CVE-2024-117xx/CVE-2024-11770.json index c4a938c9223..dea4cffe316 100644 --- a/CVE-2024/CVE-2024-117xx/CVE-2024-11770.json +++ b/CVE-2024/CVE-2024-117xx/CVE-2024-11770.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:07.627", "lastModified": "2024-12-14T05:15:07.627", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Post Carousel & Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Post Carousel & Slider para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto 'post-cs' del complemento en todas las versiones hasta la 1.0.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11827.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11827.json index 38f2c553c3c..f09d947dd26 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11827.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11827.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Out of the Block: OpenStreetMap para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado ootb_query del complemento en todas las versiones hasta la 2.8.3 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11841.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11841.json index 103cf711bc0..28ff0a2f291 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11841.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11841.json @@ -3,12 +3,16 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2024-12-16T06:15:05.967", "lastModified": "2024-12-16T17:15:07.830", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento Tithe.ly Giving Button para WordPress hasta la versi\u00f3n 1.1 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de mostrarlos nuevamente en una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross-Site Scripting almacenado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11852.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11852.json new file mode 100644 index 00000000000..16a899f3dcc --- /dev/null +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11852.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-11852", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-12-22T02:15:16.510", + "lastModified": "2024-12-22T02:15:16.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/includes/template-library/editor/manager/api.php#L100", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3208986%40bdthemes-element-pack-lite%2Ftrunk&old=3204020%40bdthemes-element-pack-lite%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d23e6f-d48f-4734-95f8-12bd58eb1c2f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11855.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11855.json index 0df45494a89..081557f0075 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11855.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11855.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:07.960", "lastModified": "2024-12-14T05:15:07.960", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Koalendar \u2013 Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018height\u2019 parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Koalendar \u2013 Events & Appointments Booking Calendar para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'height' en todas las versiones hasta la 1.0.2 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11858.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11858.json index 529335060d0..7d95af30c59 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11858.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11858.json @@ -3,12 +3,16 @@ "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-12-15T14:15:22.320", "lastModified": "2024-12-15T14:15:22.320", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing\u200b" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Radare2 que contiene una vulnerabilidad de inyecci\u00f3n de comandos causada por una validaci\u00f3n de entrada insuficiente al gestionar archivos de la aplicaci\u00f3n Pebble. Las entradas manipuladas con fines malintencionados pueden inyectar comandos de shell durante el an\u00e1lisis de comandos, lo que genera un comportamiento no deseado durante el procesamiento de archivos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11865.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11865.json index b7b827ae946..bf258239451 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11865.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11865.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:08.150", "lastModified": "2024-12-14T05:15:08.150", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on tab descriptions. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Tabs Maker para WordPress es vulnerable a Cross-Site Scripting almacenado en versiones hasta la 1.0 incluida debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en las descripciones de las pesta\u00f1as. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11867.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11867.json index 1268792c52e..a0e0c58a144 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11867.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11867.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:08.343", "lastModified": "2024-12-14T05:15:08.343", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Companion Portfolio \u2013 Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Companion Portfolio \u2013 Responsive Portfolio Plugin para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'companion-portfolio' del complemento en todas las versiones hasta la 2.4.0.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11869.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11869.json index 9e078b5c386..151dbca267c 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11869.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11869.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:08.533", "lastModified": "2024-12-14T05:15:08.533", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Buk for WordPress para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto 'buk' del complemento en todas las versiones hasta la 1.0.7 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11873.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11873.json index bec601315dd..89eea3817f6 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11873.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11873.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:08.707", "lastModified": "2024-12-14T05:15:08.707", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento glomex oEmbed para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'glomex_integration' del complemento en todas las versiones hasta la 0.9.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11876.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11876.json index 0b9d2e73e74..1365d44d9a6 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11876.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11876.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:08.890", "lastModified": "2024-12-14T05:15:08.890", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum_opensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto 'kredeum_opensky' del complemento en todas las versiones hasta la 1.6.9 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11877.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11877.json index 8129f753bfb..eae7ea5e915 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11877.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11877.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:09.060", "lastModified": "2024-12-14T05:15:09.060", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Cricket Live Score para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'cricket_score' del complemento en todas las versiones hasta la 2.0.2 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11879.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11879.json index 62e182d852a..3b5999d732d 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11879.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11879.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:09.257", "lastModified": "2024-12-14T05:15:09.257", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stripe_donation' shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Stripe Donation para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'stripe_donation' del complemento en todas las versiones hasta la 1.2.5 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11881.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11881.json index e430df56d9e..001fb872ab2 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11881.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11881.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T03:15:26.103", "lastModified": "2024-12-18T03:15:26.103", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Easy Waveform Player para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'easywaveformplayer' del complemento en todas las versiones hasta la 1.2.0 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11883.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11883.json index 9b3350831c7..6df86906fcf 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11883.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11883.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:09.440", "lastModified": "2024-12-14T05:15:09.440", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Connatix Video Embed para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'cnx_script_code' del complemento en todas las versiones hasta la 1.0.5 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11884.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11884.json index c2496bcab78..3b91a7ed5dd 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11884.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11884.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:09.640", "lastModified": "2024-12-14T05:15:09.640", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-photo-slider' shortcode in all versions up to, and including, 8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Wp photo text slider 50 para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'wp-photo-slider' del complemento en todas las versiones hasta la 8.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11888.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11888.json index d84e80b5026..c50e5344102 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11888.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11888.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:09.837", "lastModified": "2024-12-14T05:15:09.837", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ider_login_button' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento IDer Login para WordPress para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'ider_login_button' del complemento en todas las versiones hasta la 2.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11889.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11889.json index f9809b0b911..4a30a41ddea 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11889.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11889.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:10.030", "lastModified": "2024-12-14T05:15:10.030", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento My IDX Home Search para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'homeasap-idx-search' del complemento en todas las versiones hasta la 2.0.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11894.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11894.json index b243a925fae..b76c59680e9 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11894.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11894.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:10.227", "lastModified": "2024-12-14T05:15:10.227", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Permalinker para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado \"permalink\" del complemento en todas las versiones hasta la 1.8.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11900.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11900.json index 006c832d346..efde4dcf511 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11900.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11900.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T00:15:04.917", "lastModified": "2024-12-17T00:15:04.917", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Portfolio \u2013 Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Portfolio \u2013 Filterable Masonry Portfolio Gallery for Professionals para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'portfolio-pro' del complemento en todas las versiones hasta la 1.2.2 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11902.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11902.json index 2542b0a5261..2151c86daa0 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11902.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11902.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T00:15:05.927", "lastModified": "2024-12-17T00:15:05.927", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Slope Widgets para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'slope-reservations' del complemento en todas las versiones hasta la 4.2.11 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11905.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11905.json index aef67853e20..5cf727f8b38 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11905.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11905.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T00:15:06.073", "lastModified": "2024-12-17T00:15:06.073", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Animated Counters para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'animatedcounte' del complemento en todas las versiones hasta la 2.0 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11906.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11906.json index 48471dc037b..671635fe3d8 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11906.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11906.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T00:15:06.217", "lastModified": "2024-12-17T00:15:06.217", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento TPG Get Posts para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'tpg_get_posts' del complemento en todas las versiones hasta la 3.6.5 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11912.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11912.json index c0cea608d32..9aa99bae946 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11912.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11912.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T12:15:08.950", "lastModified": "2024-12-18T12:15:08.950", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the \u2018order_id\u2019 parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "Travel Booking WordPress Theme theme para WordPress es vulnerable a la inyecci\u00f3n SQL ciega basada en tiempo a trav\u00e9s del par\u00e1metro 'order_id' en todas las versiones hasta la 3.1.6 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11926.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11926.json index 98ec84c84b8..a92063683ac 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11926.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11926.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T12:15:09.107", "lastModified": "2024-12-18T12:15:09.107", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information." + }, + { + "lang": "es", + "value": "Travel Booking WordPress Theme theme para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de comprobaci\u00f3n de capacidad en las funciones '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item' y '__userDenyEachInfo' en todas las versiones hasta la 3.1.6 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, modifiquen publicaciones, eliminen publicaciones y p\u00e1ginas, aprueben pedidos arbitrarios, inserten pedidos con precios arbitrarios y denieguen informaci\u00f3n de usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11986.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11986.json index 397b27a1627..814120b8752 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11986.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11986.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'." + }, + { + "lang": "es", + "value": "El manejo inadecuado de la entrada en el 'Host Header' permite que un atacante no autenticado almacene un payload en los registros de la aplicaci\u00f3n web. Cuando un administrador ve los registros mediante la funcionalidad est\u00e1ndar de la aplicaci\u00f3n, permite la ejecuci\u00f3n de el payload, lo que da como resultado XSS almacenado o 'Cross-Site Scripting'." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11993.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11993.json index 0d5e67373fa..c5f666b711c 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11993.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11993.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@liferay.com", "published": "2024-12-17T21:15:07.013", "lastModified": "2024-12-17T21:15:07.013", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field" + }, + { + "lang": "es", + "value": "La vulnerabilidad de cross-site scripting (XSS) reflejado en Liferay Portal 7.1.0 a 7.4.3.38 y Liferay DXP 7.4 GA a la actualizaci\u00f3n 38, 7.3 GA a la actualizaci\u00f3n 36, 7.2 GA a la actualizaci\u00f3n 20 y 7.1 GA a la actualizaci\u00f3n 28 permite a atacantes remotos ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo de nombre de Dispatch" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11999.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11999.json index b31f1e74458..0f80763cdba 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11999.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11999.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cybersecurity@se.com", "published": "2024-12-17T07:15:06.113", "lastModified": "2024-12-17T07:15:06.113", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete\ncontrol of the device when an authenticated user installs malicious code into HMI product." + }, + { + "lang": "es", + "value": "CWE-1104: Existe una vulnerabilidad de uso de componentes de terceros sin mantenimiento que podr\u00eda causar el control total del dispositivo cuando un usuario autenticado instala c\u00f3digo malicioso en el producto HMI." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1178.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1178.json index eb69d6a7301..a871401199e 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1178.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1178.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-05T02:15:26.290", "lastModified": "2024-11-21T08:49:58.357", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1191.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1191.json index 91b8a168d10..3ba94880175 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1191.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1191.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-29T01:43:42.540", "lastModified": "2024-11-21T08:50:00.150", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1192.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1192.json index 86c7f281b5e..96c4b291969 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1192.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1192.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-29T01:43:42.763", "lastModified": "2024-11-21T08:50:00.287", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12024.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12024.json index bd892ee52f8..f454b47dacb 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12024.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12024.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T10:15:05.643", "lastModified": "2024-12-17T10:15:05.643", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.\r\nNote: this vulnerability requires the \"Guest Submissions\" setting to be enabled. It is disabled by default." + }, + { + "lang": "es", + "value": "El complemento EventPrime \u2013 Events Calendar, Bookings and Tickets para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los par\u00e1metros em_ticket_category_data y em_ticket_individual_data en todas las versiones hasta la 4.0.5.3 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario administrativo acceda a una p\u00e1gina inyectada. Nota: esta vulnerabilidad requiere que la configuraci\u00f3n \"Env\u00edos de invitados\" est\u00e9 habilitada. Est\u00e1 deshabilitada de forma predeterminada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12025.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12025.json index 3268e2bed58..e2c7cf8b130 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12025.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12025.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T04:15:07.347", "lastModified": "2024-12-18T04:15:07.347", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Collapsing Categories para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'taxonomy' de la API REST /wp-json/collapsing-categories/v1/get en todas las versiones hasta la 3.0.8 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12053.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12053.json index 66e34250040..3e98bb817f4 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12053.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12053.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-12-03T19:15:08.413", "lastModified": "2024-12-03T20:15:14.513", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12061.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12061.json index 9d6d1c93c25..00487317ed1 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12061.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12061.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T04:15:07.500", "lastModified": "2024-12-18T04:15:07.500", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento Events Addon for Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 2.2.3 incluida a trav\u00e9s del shortcode naevents_elementor_template debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones privadas o borradores creadas por Elementor a las que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12089.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12089.json index 4387e7ea9e0..df06bb9c643 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12089.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12089.json @@ -3,12 +3,16 @@ "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2024-12-16T15:15:06.250", "lastModified": "2024-12-16T15:15:06.250", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado que afecta a ENOVIA Collaborative Industry Innovator desde la versi\u00f3n 3DEXPERIENCE R2022x hasta la versi\u00f3n 3DEXPERIENCE R2024x permite a un atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en la sesi\u00f3n del navegador del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12090.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12090.json index 0571230289c..87034d5c575 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12090.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12090.json @@ -3,12 +3,16 @@ "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2024-12-16T15:15:06.393", "lastModified": "2024-12-16T15:15:06.393", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado que afecta a ENOVIA Collaborative Industry Innovator en la versi\u00f3n 3DEXPERIENCE R2024x permite a un atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en la sesi\u00f3n del navegador del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12091.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12091.json index de7aebcad29..1b8ff230dd0 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12091.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12091.json @@ -3,12 +3,16 @@ "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2024-12-16T15:15:06.540", "lastModified": "2024-12-16T15:15:06.540", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado que afecta a ENOVIA Collaborative Industry Innovator desde la versi\u00f3n 3DEXPERIENCE R2022x hasta la versi\u00f3n 3DEXPERIENCE R2024x permite a un atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en la sesi\u00f3n del navegador del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12092.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12092.json index e1a4ccc87c2..7bfb4415477 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12092.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12092.json @@ -3,12 +3,16 @@ "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2024-12-16T15:15:06.677", "lastModified": "2024-12-16T15:15:06.677", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado que afecta a ENOVIA Collaborative Industry Innovator en la versi\u00f3n 3DEXPERIENCE R2024x permite a un atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en la sesi\u00f3n del navegador del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12111.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12111.json index 751db7faa2e..fbbfe25214d 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12111.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12111.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In a specific scenario a LDAP user can abuse the authentication process in OpenText\u00a0Privileged Access Manager that allows authentication bypass.\u00a0This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)" + }, + { + "lang": "es", + "value": "En un escenario espec\u00edfico, un usuario LDAP puede abusar del proceso de autenticaci\u00f3n en OpenText Privileged Access Manager que permite omitir la autenticaci\u00f3n. Este problema afecta a Privileged Access Manager versi\u00f3n 23.3(4.4); 24.3(4.5)" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12121.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12121.json index 1b1a8766092..44456d7cd13 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12121.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12121.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + }, + { + "lang": "es", + "value": "El complemento Broken Link Checker | Finder para WordPress es vulnerable a Blind Server-Side Request Forgery en todas las versiones hasta la 2.5.0 incluida a trav\u00e9s de la funci\u00f3n 'moblc_check_link'. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y se pueden usar para consultar y modificar informaci\u00f3n de servicios internos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12127.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12127.json index 1b6c11a092f..ba507fa3f80 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12127.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12127.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T10:15:05.830", "lastModified": "2024-12-17T10:15:05.830", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin \u2013 Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page\u2019 parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Sikshya LMS para WordPress, Learning Management System, eLearning, Course Builder, WordPress LMS, es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro 'page' en todas las versiones hasta la 0.0.21 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12175.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12175.json index cad7e6776fd..cae29652d3b 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12175.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12175.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Another \u201cuse after free\u201d\u00a0code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae\u00a0that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor." + }, + { + "lang": "es", + "value": "Existe otra vulnerabilidad de ejecuci\u00f3n de c\u00f3digo de \u201cuse after free\u201d en Rockwell Automation Arena\u00ae que podr\u00eda permitir que un actor de amenazas manipular un archivo DOE y obligue al software a utilizar un recurso que ya se utiliz\u00f3. Si se explota, un actor de amenazas podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario. Para explotar esta vulnerabilidad, un usuario leg\u00edtimo debe ejecutar el c\u00f3digo malicioso manipulado por el actor de amenazas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12178.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12178.json index 1d7dc8af972..adec2d52114 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12178.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12178.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:23.687", "lastModified": "2024-12-17T16:15:23.687", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, al analizarse mediante Autodesk Navisworks, puede provocar una vulnerabilidad de corrupci\u00f3n de memoria. Un actor malintencionado puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12179.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12179.json index 44633875a4d..a40e6593070 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12179.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12179.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:23.870", "lastModified": "2024-12-17T16:15:23.870", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage\u00a0this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, se puede utilizar para provocar una vulnerabilidad de desbordamiento basada en mont\u00f3n. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12191.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12191.json index 792192d84fa..1844d2d7792 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12191.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12191.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:24.007", "lastModified": "2024-12-17T16:15:24.007", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, puede provocar una vulnerabilidad de escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, provocar da\u00f1os en los datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12192.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12192.json index 9cf64c6637c..3ba52089d60 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12192.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12192.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:24.130", "lastModified": "2024-12-17T16:15:24.130", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWF manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, puede provocar una vulnerabilidad de escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, provocar da\u00f1os en los datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12193.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12193.json index f3aed6f8171..fc6f39edda2 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12193.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12193.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:24.247", "lastModified": "2024-12-17T16:15:24.247", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, puede provocar una vulnerabilidad de escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, provocar da\u00f1os en los datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12194.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12194.json index a6198b88ee8..eb58a02c2ca 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12194.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12194.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:24.370", "lastModified": "2024-12-17T16:15:24.370", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, al analizarse mediante Autodesk Navisworks, puede provocar una vulnerabilidad de corrupci\u00f3n de memoria. Un actor malintencionado puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12197.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12197.json index 1e97fd8235c..cfd49ad95dd 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12197.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12197.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:24.493", "lastModified": "2024-12-17T16:15:24.493", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, puede provocar una vulnerabilidad de escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, provocar da\u00f1os en los datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12198.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12198.json index b30fd2ee1ec..04716e45fc5 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12198.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12198.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:24.617", "lastModified": "2024-12-17T16:15:24.617", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, puede provocar una vulnerabilidad de escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, provocar da\u00f1os en los datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12199.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12199.json index 6e210d96f77..d8b66cc7bd6 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12199.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12199.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:24.750", "lastModified": "2024-12-17T16:15:24.750", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, puede provocar una vulnerabilidad de escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, provocar da\u00f1os en los datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12200.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12200.json index 6335e65568d..1f7b6dd3cc8 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12200.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12200.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:24.897", "lastModified": "2024-12-17T16:15:24.897", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, puede provocar una vulnerabilidad de escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, provocar da\u00f1os en los datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12219.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12219.json index 2c1c0090d39..2ec13b556e1 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12219.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12219.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T08:15:05.010", "lastModified": "2024-12-17T08:15:05.010", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Stop Registration Spam para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.23 incluida. Esto se debe a una validaci\u00f3n de nonce incorrecta o faltante. Esto hace posible que atacantes no autenticados inyecten secuencias de comandos web maliciosas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12220.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12220.json index 40e501cb897..3ad67b676ec 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12220.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12220.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T08:15:05.393", "lastModified": "2024-12-17T08:15:05.393", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento SMS para WooCommerce para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.8.1 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de un nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados inyecten secuencias de comandos web maliciosas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12239.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12239.json index f0f4ae1b2a1..b65eeaa3032 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12239.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12239.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T03:15:06.710", "lastModified": "2024-12-17T03:15:06.710", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento PowerPack Lite para Beaver Builder para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro de navegaci\u00f3n en todas las versiones hasta la 1.3.0.5 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario administrativo para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12250.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12250.json index 402681aedd3..7e12e0645c6 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12250.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12250.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T04:15:07.657", "lastModified": "2024-12-18T04:15:07.657", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in other attacks." + }, + { + "lang": "es", + "value": "El complemento Accept Authorize.NET Payments Using Contact Form 7 para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 2.2 incluida a trav\u00e9s del archivo cf7adn-info.php. Esto permite que atacantes no autenticados extraigan datos de configuraci\u00f3n que pueden utilizarse para ayudar en otros ataques." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12259.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12259.json index f550400295e..b4791533bfe 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12259.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12259.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T04:15:07.803", "lastModified": "2024-12-18T04:15:07.803", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The CRM WordPress Plugin \u2013 RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account." + }, + { + "lang": "es", + "value": "El complemento CRM WordPress Plugin \u2013 RepairBuddy para WordPress es vulnerable a la escalada de privilegios mediante la apropiaci\u00f3n de cuentas en todas las versiones hasta la 3.8120 incluida. Esto se debe a que el complemento no valida correctamente la identidad de un usuario antes de actualizar su correo electr\u00f3nico a trav\u00e9s de la acci\u00f3n AJAX wc_update_user_data. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, cambien las direcciones de correo electr\u00f3nico de usuarios arbitrarios, incluidos los administradores, y aprovechen eso para restablecer la contrase\u00f1a del usuario y obtener acceso a su cuenta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12287.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12287.json index 184383692d1..66f936cc345 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12287.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12287.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T07:15:07.040", "lastModified": "2024-12-18T07:15:07.040", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email." + }, + { + "lang": "es", + "value": "El complemento Biagiotti Membership para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en todas las versiones hasta la 1.0.2 incluida. Esto se debe a que el complemento no verifica correctamente la identidad de un usuario antes de autenticarlo. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como otros usuarios, como administradores, siempre que tengan acceso a un correo electr\u00f3nico." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12293.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12293.json index 6e069de323e..e0db4fdce01 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12293.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12293.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T09:15:05.347", "lastModified": "2024-12-17T09:15:05.347", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_roles() function. This makes it possible for unauthenticated attackers to add or remove roles for arbitrary users, including escalating their privileges to administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento User Role Editor para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 4.64.3 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n update_roles(). Esto permite que atacantes no autenticados agreguen o eliminen roles para usuarios arbitrarios, lo que incluye aumentar sus privilegios a administrador, a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12331.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12331.json index 8ad008278f1..3aaeb4b3614 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12331.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12331.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin." + }, + { + "lang": "es", + "value": "El complemento File Manager Pro \u2013 Filester para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'ajax_install_plugin' en todas las versiones hasta la 1.8.6 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, instalen el complemento Filebird." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12340.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12340.json index ddd3aa6ad81..7e8286b3336 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12340.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12340.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T10:15:07.827", "lastModified": "2024-12-18T10:15:07.827", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data." + }, + { + "lang": "es", + "value": "El complemento Animation Addons para Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.1.6 incluida a trav\u00e9s de la funci\u00f3n \"render\" en widgets/content-slider.php y widgets/tabs.php. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos confidenciales privados, pendientes y en borrador de plantillas de Elementor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12362.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12362.json index a8f747111a2..cc0d50e0fc7 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12362.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12362.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-16T10:15:05.097", "lastModified": "2024-12-16T10:15:05.097", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en InvoicePlane hasta la versi\u00f3n 1.6.1. Se ha clasificado como problem\u00e1tica. Afecta a la funci\u00f3n de descarga del archivo invoices.php. La manipulaci\u00f3n del argumento invoice provoca un path traversal. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 1.6.2-beta-1 puede solucionar este problema. Se recomienda actualizar el componente afectado. Se contact\u00f3 al proveedor con prontitud, respondi\u00f3 de manera muy profesional y lanz\u00f3 r\u00e1pidamente una versi\u00f3n corregida del producto afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12369.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12369.json index b5a524cf7ea..629c262058d 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12369.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12369.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12371.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12371.json index 481eed31fa8..828d322287e 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12371.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12371.json @@ -3,12 +3,16 @@ "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2024-12-18T16:15:10.907", "lastModified": "2024-12-18T20:15:21.193", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de apropiaci\u00f3n de dispositivos en Rockwell Automation Power Monitor 1000. Esta vulnerabilidad permite la configuraci\u00f3n de un nuevo usuario titular de la p\u00f3liza sin ninguna autenticaci\u00f3n a trav\u00e9s de API. El usuario titular de la p\u00f3liza es el usuario con m\u00e1s privilegios que puede realizar operaciones de edici\u00f3n, crear usuarios administradores y realizar restablecimientos de f\u00e1brica." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12372.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12372.json index efb4a4e465c..a245201534f 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12372.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12372.json @@ -3,12 +3,16 @@ "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2024-12-18T16:15:11.050", "lastModified": "2024-12-18T20:15:22.167", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio y posible ejecuci\u00f3n remota de c\u00f3digo en Rockwell Automation Power Monitor 1000. La vulnerabilidad provoca la corrupci\u00f3n de la memoria del mont\u00f3n, lo que puede comprometer la integridad del sistema y permitir potencialmente la ejecuci\u00f3n remota de c\u00f3digo o un ataque de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12373.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12373.json index 199e6c0f162..3917beeac2a 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12373.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12373.json @@ -3,12 +3,16 @@ "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2024-12-18T16:15:11.163", "lastModified": "2024-12-18T20:15:22.280", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en Rockwell Automation Power Monitor 1000. La vulnerabilidad genera un desbordamiento de b\u00fafer, lo que potencialmente causa una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12395.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12395.json index fa1e898bd16..4e2247164bc 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12395.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12395.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T12:15:20.377", "lastModified": "2024-12-17T12:15:20.377", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018number\u2019 parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Further Fees On Checkout (Free) para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'number' en todas las versiones hasta la 1.4.7 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12411.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12411.json index 4078f2b6c50..cf886722b2f 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12411.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12411.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:10.437", "lastModified": "2024-12-14T05:15:10.437", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Ad Guru \u2013 Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WP Ad Guru \u2013 Banner ad, Responsive popup, Popup maker, Ad rotator y More para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'page' en todas las versiones hasta la 2.5.4 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12422.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12422.json index fe6c1b85cf1..4f198e9b497 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12422.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12422.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T06:15:19.357", "lastModified": "2024-12-14T06:15:19.357", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Import Eventbrite Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Import Events de Eventbrite para WordPress es vulnerable a ataques de cross-site scripting reflejado a trav\u00e9s del par\u00e1metro 'page' en todas las versiones hasta la 1.7.4 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten web scripts en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12432.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12432.json index c67559d78f6..d2c430bb563 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12432.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12432.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T04:15:07.947", "lastModified": "2024-12-18T04:15:07.947", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in." + }, + { + "lang": "es", + "value": "El complemento WPC Shop as a Customer for WooCommerce para WordPress es vulnerable a la apropiaci\u00f3n de cuentas y la escalada de privilegios en todas las versiones hasta la 1.2.8 incluida. Esto se debe a que la funci\u00f3n 'generate_key' no produce un valor suficientemente aleatorio. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, inicien sesi\u00f3n como administradores del sitio, siempre que hayan activado la funci\u00f3n ajax_login() que genera una clave \u00fanica que se puede usar para iniciar sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12443.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12443.json index 84b1b2c5b7b..154aef5c71a 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12443.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12443.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-16T23:15:06.097", "lastModified": "2024-12-16T23:15:06.097", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The CRM Perks \u2013 WordPress HelpDesk Integration \u2013 Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento CRM Perks \u2013 WordPress HelpDesk Integration \u2013 Zendesk, Freshdesk, HelpScout para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'crm-perks-tickets' del complemento en todas las versiones hasta la 1.1.6 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12446.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12446.json index 7383ae27427..9a2b60c890c 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12446.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12446.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T07:15:07.040", "lastModified": "2024-12-14T07:15:07.040", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Post a Pdf para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'gmptp_single_post' del complemento en todas las versiones hasta la 1.0 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12447.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12447.json index fa1380f3651..b943de08b3f 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12447.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12447.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:10.670", "lastModified": "2024-12-14T05:15:10.670", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts." + }, + { + "lang": "es", + "value": "El complemento Get Post Content Shortcode para WordPress es vulnerable a la Referencia directa a objetos inseguros en todas las versiones hasta la 0.4 incluida a trav\u00e9s del c\u00f3digo abreviado 'post-content' debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, lean el contenido de publicaciones protegidas con contrase\u00f1a, privadas, en borrador y pendientes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12448.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12448.json index a36aae81611..1b720f0ea8a 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12448.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12448.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:10.873", "lastModified": "2024-12-14T05:15:10.873", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Posts and Products Views para WooCommerce para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'papvfwc_views' del complemento en todas las versiones hasta la 2.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12449.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12449.json index 0a23bf9ccd9..8cc82228358 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12449.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12449.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T04:15:08.103", "lastModified": "2024-12-18T04:15:08.103", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_player_html' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Video Share VOD \u2013 Turnkey Video Site Builder Script para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'videowhisper_player_html' del complemento en todas las versiones hasta la 2.6.30 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12454.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12454.json index a4540e1b901..0ca6df0d1dc 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12454.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12454.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T10:15:08.117", "lastModified": "2024-12-18T10:15:08.117", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Affiliate Program Suite \u2014 SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Affiliate Program Suite \u2014 SliceWP Affiliates para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.1.23 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de un nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados inyecten secuencias de comandos web maliciosas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12458.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12458.json index 86f104a5b4b..ecd749bb533 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12458.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12458.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:11.060", "lastModified": "2024-12-14T05:15:11.060", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Smart PopUp Blaster para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'spb-button' del complemento en todas las versiones hasta la 1.4.3 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12459.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12459.json index 256fcb98ea1..b9974abc191 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12459.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12459.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T06:15:19.487", "lastModified": "2024-12-14T06:15:19.487", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Ganohrs Toggle Shortcode para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'toggle' del complemento en todas las versiones hasta la 0.2.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12469.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12469.json index 97a1eb148a6..719254bbbdf 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12469.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12469.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T10:15:05.997", "lastModified": "2024-12-17T10:15:05.997", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018status\u2019 parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento WP BASE Booking of Appointments, Services and Events para WordPress es vulnerable a ataques Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro 'status' en todas las versiones hasta la 4.9.1 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12474.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12474.json index f538c1aff79..0c15caa9e75 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12474.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12474.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T06:15:19.627", "lastModified": "2024-12-14T06:15:19.627", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The GeoDataSource Country Region DropDown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento GeoDataSource Country Region DropDown para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'gds-country-dropdown' del complemento en todas las versiones hasta la 1.0.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12478.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12478.json index b190d37e89e..827946f9a64 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12478.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12478.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-16T11:15:04.890", "lastModified": "2024-12-16T11:15:04.890", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en InvoicePlane hasta la versi\u00f3n 1.6.1. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n upload_file del archivo /index.php/upload/upload_file/1/1. La manipulaci\u00f3n del archivo de argumentos provoca una carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 1.6.2-beta-1 puede solucionar este problema. Se recomienda actualizar el componente afectado. Se contact\u00f3 al proveedor con prontitud, respondi\u00f3 de manera muy profesional y lanz\u00f3 r\u00e1pidamente una versi\u00f3n corregida del producto afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12500.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12500.json index b739a33339f..312a0abcbd3 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12500.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12500.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T03:15:26.257", "lastModified": "2024-12-18T03:15:26.257", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Philantro \u2013 Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Philantro \u2013 Donations and Donor Management para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento, como \"donate\" en todas las versiones hasta la 5.2 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12501.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12501.json index b02e1c51aaa..f542486f9ed 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12501.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12501.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T06:15:19.770", "lastModified": "2024-12-14T06:15:19.770", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Simple Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Simple Locator para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 2.0.3 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12502.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12502.json index 7e86ee0b843..c8f6c8c721d 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12502.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12502.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:11.260", "lastModified": "2024-12-14T05:15:11.260", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-landing' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento My IDX Home Search para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'homeasap-idx-landing' del complemento en todas las versiones hasta la 2.0.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12513.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12513.json index e94cd28c71c..581d07d7ec0 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12513.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12513.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T03:15:26.427", "lastModified": "2024-12-18T03:15:26.427", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RF_CONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Contests by Rewards Fuel para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo corto 'RF_CONTEST' del complemento en todas las versiones hasta la 2.0.65 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12517.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12517.json index 774daf60667..f60d820eb85 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12517.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12517.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:11.453", "lastModified": "2024-12-14T05:15:11.453", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Cart Count Shortcode para WordPress es vulnerable a la ejecuci\u00f3n de Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'cart_button' del complemento en todas las versiones hasta la 1.0.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12523.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12523.json index 0bfc6d938c8..025a04d41e5 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12523.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12523.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:11.640", "lastModified": "2024-12-14T05:15:11.640", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento States Map US para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'states_map' del complemento en todas las versiones hasta la 2.4.2 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12539.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12539.json index 5b4f5daef18..b3488f82550 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12539.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12539.json @@ -3,12 +3,16 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2024-12-17T21:15:07.183", "lastModified": "2024-12-17T21:15:07.183", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en el que los controles de autorizaci\u00f3n inadecuados afectaban ciertas consultas que pod\u00edan permitir que un actor malintencionado eludiera la seguridad a nivel de documento en Elasticsearch y obtuviera acceso a documentos que sus roles normalmente no permitir\u00edan." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12552.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12552.json index 864f7789340..2f9d34e728f 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12552.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12552.json @@ -3,12 +3,16 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-12-13T23:15:05.553", "lastModified": "2024-12-13T23:15:05.553", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. \n\nThe specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escalada de privilegios locales en el enlace WTabletServicePro de Wacom Center. Esta vulnerabilidad permite a los atacantes locales escalar privilegios en las instalaciones afectadas de Wacom Center. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para explotar esta vulnerabilidad. La falla espec\u00edfica existe en WTabletServicePro.exe. Al crear un enlace simb\u00f3lico, un atacante puede abusar del servicio para crear un archivo arbitrario. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de SYSTEM. Era ZDI-CAN-25359." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12553.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12553.json index 0cc7c7fc275..b672309416e 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12553.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12553.json @@ -3,12 +3,16 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-12-13T23:15:06.310", "lastModified": "2024-12-13T23:15:06.310", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.\n\nThe specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de autorizaci\u00f3n faltante en GeoVision GV-ASManager. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas de GeoVision GV-ASManager. Aunque se requiere autenticaci\u00f3n para explotar esta vulnerabilidad, se pueden utilizar credenciales de invitado predeterminadas. La falla espec\u00edfica existe dentro del servicio GV-ASWeb. El problema es el resultado de la falta de autorizaci\u00f3n antes de permitir el acceso a la funcionalidad. Un atacante puede aprovechar esta vulnerabilidad para divulgar credenciales almacenados, lo que conduce a una mayor vulnerabilidad. Era ZDI-CAN-25394." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12554.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12554.json index e263a1839be..82e752ef8e9 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12554.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12554.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T10:15:08.493", "lastModified": "2024-12-18T10:15:08.493", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Peter\u2019s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthenticated attackers to blacklist emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Peter's Custom Anti-Spam para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.2.3 incluida. Esto se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n cas_register_post(). Esto hace posible que atacantes no autenticados incluyan correos electr\u00f3nicos en la lista negra a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12555.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12555.json index 90690991cbc..0c654dc5e5b 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12555.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12555.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:11.827", "lastModified": "2024-12-14T05:15:11.827", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento SIP Calculator para WordPress es vulnerable a cross-site request forgery en todas las versiones hasta la 1.0 incluida. Esto se debe a la falta de validaci\u00f3n de nonce en una funci\u00f3n. Esto hace posible que atacantes no autenticados inyecten secuencias de comandos web maliciosas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12560.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12560.json index ce768756c7c..c9eaab7bb40 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12560.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12560.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Button Block \u2013 Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts." + }, + { + "lang": "es", + "value": "El complemento Button Block \u2013 Get fully customizable & multi-function button-buttons para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.1.5 incluida a trav\u00e9s de la funci\u00f3n 'btn_block_duplicate_post'. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos potencialmente confidenciales de publicaciones en borrador, programadas (futuras), privadas y protegidas con contrase\u00f1a." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12578.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12578.json index cb538130498..944b4515664 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12578.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12578.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T05:15:12.000", "lastModified": "2024-12-14T05:15:12.000", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more." + }, + { + "lang": "es", + "value": "El complemento Tickera \u2013 WordPress Event Ticketing para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 3.5.4.8 incluida a trav\u00e9s del endpoint 'tickera_tickets_info'. Esto permite que atacantes no autenticados extraigan datos confidenciales de las reservas, como nombres completos, direcciones de correo electr\u00f3nico, marcas de tiempo de entrada y salida, etc." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12596.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12596.json index a5f5cb6190b..f6328a0e76a 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12596.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12596.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-18T04:15:08.253", "lastModified": "2024-12-18T04:15:08.253", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts." + }, + { + "lang": "es", + "value": "El complemento LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de publicaciones debido a una falta de verificaci\u00f3n de capacidad en la acci\u00f3n 'llms_delete_cert' en todas las versiones hasta la 7.8.5 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen publicaciones arbitrarias." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12601.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12601.json index 5ba8ec63168..086ca8cb882 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12601.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12601.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-17T12:15:20.543", "lastModified": "2024-12-17T12:15:20.543", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks." + }, + { + "lang": "es", + "value": "El complemento Calculated Fields Form para WordPress es vulnerable a ataques de denegaci\u00f3n de servicio en todas las versiones hasta la 5.2.63 incluida. Esto se debe a los par\u00e1metros de alto y ancho ilimitados para las im\u00e1genes CAPTCHA. Esto hace posible que atacantes no autenticados env\u00eden m\u00faltiples solicitudes con valores grandes, lo que resulta en una ralentizaci\u00f3n de los recursos del servidor si este no mitiga los ataques de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12626.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12626.json index d197f896502..24b6997f0cb 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12626.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12626.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018a-0-o-search_field_value\u2019 parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin's import and code action feature, this vulnerability can be leveraged to execute arbitrary code." + }, + { + "lang": "es", + "value": "El complemento AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'a-0-o-search_field_value' en todas las versiones hasta la 5.0.9 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace. Cuando se usa junto con la funci\u00f3n de importaci\u00f3n y acci\u00f3n de c\u00f3digo del complemento, esta vulnerabilidad se puede aprovechar para ejecutar c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12628.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12628.json index 3867934392a..6d40f3ca116 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12628.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12628.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-14T07:15:07.213", "lastModified": "2024-12-14T07:15:07.213", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento Easy cache de bodi0 para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'cache-folder' en todas las versiones hasta la 0.8 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con permisos de nivel de administrador o superior, inyecten web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a instalaciones multisitio e instalaciones en las que se ha deshabilitado unfiltered_html." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12641.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12641.json index 0198d9542e7..4750dbbc257 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12641.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12641.json @@ -3,12 +3,16 @@ "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-12-16T07:15:05.787", "lastModified": "2024-12-16T07:15:05.787", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specific APIs through phishing to execute arbitrary JavaScript code in the user\u2019s browser. Since the web server set by the application supports Node.Js features, attackers can further leverage this to run OS commands." + }, + { + "lang": "es", + "value": "TenderDocTransfer de Chunghwa Telecom tiene una vulnerabilidad de cross-site scripting reflejado. La aplicaci\u00f3n configura un servidor web local simple y proporciona API para la comunicaci\u00f3n con el sitio web de destino. Debido a la falta de protecci\u00f3n CSRF para las API, los atacantes remotos no autenticados podr\u00edan usar API espec\u00edficas a trav\u00e9s de phishing para ejecutar c\u00f3digo JavaScript arbitrario en el navegador del usuario. Dado que el servidor web configurado por la aplicaci\u00f3n admite funciones de Node.Js, los atacantes pueden aprovechar esto para ejecutar comandos del sistema operativo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12642.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12642.json index 97e35fc0cbe..b20de526741 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12642.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12642.json @@ -3,12 +3,16 @@ "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-12-16T07:15:06.023", "lastModified": "2024-12-16T07:15:06.023", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to write arbitrary files to any path on the user's system." + }, + { + "lang": "es", + "value": "TenderDocTransfer de Chunghwa Telecom tiene una vulnerabilidad de escritura de archivos arbitrarios. La aplicaci\u00f3n configura un servidor web local simple y proporciona API para la comunicaci\u00f3n con el sitio web de destino. Debido a la falta de protecci\u00f3n CSRF para las API, los atacantes remotos no autenticados podr\u00edan usar estas API a trav\u00e9s de phishing. Adem\u00e1s, una de las API contiene una vulnerabilidad de path traversal relativa, que permite a los atacantes escribir archivos arbitrarios en cualquier ruta del sistema del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12643.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12643.json index 8ddb4ca1658..3758f55048a 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12643.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12643.json @@ -3,12 +3,16 @@ "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-12-16T07:15:06.217", "lastModified": "2024-12-16T07:15:06.217", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability, allowing attackers to delete arbitrary files on the user's system." + }, + { + "lang": "es", + "value": "El cliente tbm de Chunghwa Telecom tiene una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos. La aplicaci\u00f3n configura un servidor web local simple y proporciona API para la comunicaci\u00f3n con el sitio web de destino. Debido a la falta de protecci\u00f3n CSRF en las API, atacantes remotos no autenticados podr\u00edan usar estas API a trav\u00e9s de phishing. Adem\u00e1s, una de las API contiene una vulnerabilidad de path traversal absoluta, que permite a los atacantes eliminar archivos arbitrarios en el sistema del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12644.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12644.json index fe35da3d262..40abc36eda3 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12644.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12644.json @@ -3,12 +3,16 @@ "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-12-16T07:15:06.387", "lastModified": "2024-12-16T07:15:06.387", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability. Attackers can copy arbitrary files on the user's system and paste them into any path, which poses a potential risk of information leakage or could consume hard drive space by copying files in large volumes." + }, + { + "lang": "es", + "value": "El cliente tbm de Chunghwa Telecom tiene una vulnerabilidad de tipo Archivo arbitrario. La aplicaci\u00f3n configura un servidor web local simple y proporciona API para la comunicaci\u00f3n con el sitio web de destino. Debido a la falta de protecci\u00f3n CSRF en las API, atacantes remotos no autenticados podr\u00edan usar estas API a trav\u00e9s de phishing. Adem\u00e1s, una de las API contiene una vulnerabilidad de tipo Ruta absoluta. Los atacantes pueden copiar archivos arbitrarios en el sistema del usuario y pegarlos en cualquier ruta, lo que plantea un riesgo potencial de fuga de informaci\u00f3n o podr\u00eda consumir espacio en el disco duro al copiar archivos en grandes vol\u00famenes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12645.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12645.json index 57460b0fbee..0b30999e84f 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12645.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12645.json @@ -3,12 +3,16 @@ "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-12-16T07:15:06.560", "lastModified": "2024-12-16T07:15:06.560", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to read arbitrary files on the user's system." + }, + { + "lang": "es", + "value": "El cliente topm de Chunghwa Telecom tiene una vulnerabilidad de lectura de archivos arbitrarios. La aplicaci\u00f3n configura un servidor web local simple y proporciona API para la comunicaci\u00f3n con el sitio web de destino. Debido a la falta de protecci\u00f3n CSRF para las API, los atacantes remotos no autenticados podr\u00edan usar estas API a trav\u00e9s de phishing. Adem\u00e1s, una de las API contiene una vulnerabilidad de path traversal relativa, que permite a los atacantes leer archivos arbitrarios en el sistema del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12646.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12646.json index b422690eddc..034a21c205a 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12646.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12646.json @@ -3,12 +3,16 @@ "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-12-16T07:15:06.737", "lastModified": "2024-12-16T07:15:06.737", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability, allowing attackers to delete arbitrary files on the user's system." + }, + { + "lang": "es", + "value": "El cliente topm de Chunghwa Telecom tiene una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos. La aplicaci\u00f3n configura un servidor web local simple y proporciona API para la comunicaci\u00f3n con el sitio web de destino. Debido a la falta de protecci\u00f3n CSRF en las API, los atacantes remotos no autenticados podr\u00edan usar estas API a trav\u00e9s de phishing. Adem\u00e1s, una de las API contiene una vulnerabilidad de path traversal absoluta, que permite a los atacantes eliminar archivos arbitrarios en el sistema del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12661.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12661.json index 244d4715cd2..120f5b5984c 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12661.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12661.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-16T19:15:06.847", "lastModified": "2024-12-16T20:15:08.840", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been rated as problematic. Affected by this issue is the function 0x8001E024 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en IObit Advanced SystemCare Ultimate hasta la versi\u00f3n 17.0.0. Se ha calificado como problem\u00e1tica. La funci\u00f3n 0x8001E024 de la librer\u00eda AscRegistryFilter.sys del componente IOCTL Handler se ve afectada por este problema. La manipulaci\u00f3n provoca la desreferenciaci\u00f3n de puntero nulo. El ataque debe abordarse de forma local. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12663.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12663.json index 40037339b19..0b796bcf10c 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12663.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12663.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-16T19:15:07.200", "lastModified": "2024-12-16T20:15:08.963", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en funnyzpc Mee-Admin hasta la versi\u00f3n 1.6. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /mee/login del componente Login. La manipulaci\u00f3n del argumento username provoca una discrepancia observable en la respuesta. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece ser dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12668.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12668.json index 909346a5e81..b949faf57d9 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12668.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12668.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@rapid7.com", "published": "2024-12-16T15:15:06.807", "lastModified": "2024-12-16T17:15:09.700", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability.\u00a0By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers." + }, + { + "lang": "es", + "value": "Las versiones de Velocidex WinPmem anteriores a la 4.1 sufren una vulnerabilidad de escritura fuera de los l\u00edmites. Al usar un control de E/S, un programa de espacio de usuario puede enga\u00f1ar al controlador para que escriba un 0 en cualquier ubicaci\u00f3n de memoria elegida. Junto con la fuga de informaci\u00f3n del controlador WinPmem, los atacantes pueden descubrir la ubicaci\u00f3n en la memoria del s\u00edmbolo global g_CiOptions. Esto se puede aprovechar para desactivar la aplicaci\u00f3n de controladores firmados en el sistema de destino, lo que permite a los atacantes cargar controladores no firmados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12669.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12669.json index 861931a72e8..90c30d84c50 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12669.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12669.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:25.020", "lastModified": "2024-12-17T16:15:25.020", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, se puede utilizar para provocar una vulnerabilidad de desbordamiento basada en mont\u00f3n. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12670.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12670.json index 540b5477b39..cb7a3d37a04 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12670.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12670.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:25.140", "lastModified": "2024-12-17T16:15:25.140", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWF manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, se puede utilizar para provocar una vulnerabilidad de desbordamiento basado en el mont\u00f3n. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12671.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12671.json index 6d2ee2839d0..b11f26634d8 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12671.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12671.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@autodesk.com", "published": "2024-12-17T16:15:25.260", "lastModified": "2024-12-17T16:15:25.260", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWFX manipulado con fines malintencionados, cuando se analiza a trav\u00e9s de Autodesk Navisworks, puede provocar una vulnerabilidad de escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, provocar da\u00f1os en los datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12686.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12686.json index 174042baa2d..ffa66e0bbc8 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12686.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12686.json @@ -3,12 +3,16 @@ "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891", "published": "2024-12-18T21:15:08.020", "lastModified": "2024-12-18T21:15:08.020", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user." + }, + { + "lang": "es", + "value": "Se ha descubierto una vulnerabilidad en Privileged Remote Access (PRA) y Remote Support (RS) que puede permitir que un atacante con privilegios administrativos existentes inyecte comandos y se ejecute como un usuario del sitio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12687.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12687.json index df8f68570c1..a959edd453a 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12687.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12687.json @@ -3,12 +3,16 @@ "sourceIdentifier": "5fea7123-217b-4b2d-ada8-8892719b43cd", "published": "2024-12-16T20:15:09.777", "lastModified": "2024-12-16T20:15:09.777", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.\n\nThis issue affects PlexTrac: from 1.61.3 before 2.8.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en PlexTrac (m\u00f3dulos Runbooks) que permite la inyecci\u00f3n de objetos y escrituras arbitrarias en archivos. Este problema afecta a PlexTrac: desde la versi\u00f3n 1.61.3 hasta la versi\u00f3n 2.8.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12692.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12692.json index 1708f1bbddc..e814bfb1ba3 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12692.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12692.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "La confusi\u00f3n de tipos en la versi\u00f3n 8 de Google Chrome anterior a la 131.0.6778.204 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: alta)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12693.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12693.json index 11650dd78ca..c7ced82c9f1 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12693.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12693.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "El acceso a la memoria fuera de los l\u00edmites en la versi\u00f3n 8 de Google Chrome anterior a la versi\u00f3n 131.0.6778.204 permiti\u00f3 que un atacante remoto ejecutara c\u00f3digo arbitrario dentro de un entorno protegido a trav\u00e9s de una p\u00e1gina HTML manipulada espec\u00edficamente. (Gravedad de seguridad de Chromium: alta)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12694.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12694.json index 41731936b0e..bc59175412f 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12694.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12694.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "Use after free en la composici\u00f3n en Google Chrome anterior a la versi\u00f3n 131.0.6778.204 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Alta)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12695.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12695.json index f6dffdbe43b..d41ea4ecda1 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12695.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12695.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "La escritura fuera de los l\u00edmites en la versi\u00f3n 8 de Google Chrome anterior a la 131.0.6778.204 permit\u00eda a un atacante remoto ejecutar c\u00f3digo arbitrario dentro de un entorno protegido a trav\u00e9s de una p\u00e1gina HTML manipulada espec\u00edficamente. (Gravedad de seguridad de Chromium: alta)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12698.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12698.json index 88727c27e2a..38e154d1dfc 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12698.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12698.json @@ -3,12 +3,16 @@ "sourceIdentifier": "secalert@redhat.com", "published": "2024-12-18T05:15:07.840", "lastModified": "2024-12-18T05:15:07.840", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources." + }, + { + "lang": "es", + "value": "Se emiti\u00f3 una correcci\u00f3n incompleta para ose-olm-catalogd-container para la vulnerabilidad de reinicio r\u00e1pido (CVE-2023-39325/CVE-2023-44487) donde solo se proteg\u00edan las transmisiones no autenticadas, no las transmisiones creadas por fuentes autenticadas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12727.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12727.json index cec973ae2dc..ed257fcafe0 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12727.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12727.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL previa a la autenticaci\u00f3n en la funci\u00f3n de protecci\u00f3n de correo electr\u00f3nico de las versiones de Sophos Firewall anteriores a 21.0 MR1 (21.0.1) permite el acceso a la base de datos de informes y puede provocar la ejecuci\u00f3n remota de c\u00f3digo si se habilita una configuraci\u00f3n espec\u00edfica de Secure PDF eXchange (SPX) en combinaci\u00f3n con el firewall ejecut\u00e1ndose en modo de alta disponibilidad (HA)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12728.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12728.json index 6788ad014ac..f21725c12bd 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12728.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12728.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3)." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de credenciales d\u00e9biles permite potencialmente el acceso privilegiado al sistema a trav\u00e9s de SSH a Sophos Firewall anterior a la versi\u00f3n 20.0 MR3 (20.0.3)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12729.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12729.json index 3e9c94a7720..253d6fab747 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12729.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12729.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1)." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo posterior a la autenticaci\u00f3n en el Portal de usuario permite a los usuarios autenticados ejecutar c\u00f3digo de forma remota en Sophos Firewall anterior a la versi\u00f3n 21.0 MR1 (21.0.1)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12741.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12741.json index 878c6534b0c..91a23fa6d0d 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12741.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12741.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@ni.com", "published": "2024-12-18T20:15:22.390", "lastModified": "2024-12-18T20:15:22.390", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "security@ni.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. \u00a0Please note that DAQExpress is an EOL product and will not receive any updates." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de deserializaci\u00f3n de datos no confiables en NI DAQExpress que puede provocar la ejecuci\u00f3n remota de c\u00f3digo. Para explotarla con \u00e9xito, es necesario que un atacante consiga que un usuario abra un archivo de proyecto especialmente manipulado. Esta vulnerabilidad afecta a DAQExpress 5.1 y versiones anteriores. Tenga en cuenta que DAQExpress es un producto que ha alcanzado el fin de su vida \u00fatil y no recibir\u00e1 actualizaciones." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json index c6ca2ff2a4b..4c1f82d2eac 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12782.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en Fujifilm Apeos C3070, Apeos C5570 y Apeos C6580 hasta la versi\u00f3n 24.8.28 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /home/index.html#hashHome del componente Web Interface. La manipulaci\u00f3n conduce a una autorizaci\u00f3n incorrecta. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12783.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12783.json index 908dd56e0f1..913988b2357 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12783.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12783.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en itsourcecode Vehicle Management System 1.0 y se ha clasificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /billaction.php. La manipulaci\u00f3n del argumento extra-cost provoca cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12784.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12784.json index ee33cc7cc08..79ccbcc048d 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12784.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12784.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en itsourcecode Vehicle Management System 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo editbill.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12785.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12785.json index cb8d4fcdb44..10e5ad525d5 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12785.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12785.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en itsourcecode Vehicle Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo sendmail.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12786.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12786.json index a0049586aa3..6111f28c3f5 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12786.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12786.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en X1a0He Adobe Downloader hasta la versi\u00f3n 1.3.1 en macOS. Afecta a la funci\u00f3n shouldAcceptNewConnection del archivo com.x1a0he.macOS.Adobe-Downloader.helper del componente XPC Service. La manipulaci\u00f3n provoca una gesti\u00f3n incorrecta de privilegios. El ataque debe realizarse de forma local. El exploit se ha hecho p\u00fablico y puede utilizarse. Este producto no est\u00e1 afiliado a la empresa Adobe." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12787.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12787.json index 8ff4551c634..f146dbc90d8 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12787.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12787.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument student_emailid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en 1000 Projects Attendance Tracking Management System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /student/check_student_login.php. La manipulaci\u00f3n del argumento student_emailid conduce a una inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12788.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12788.json index d368e30abe6..f91f70ba7b1 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12788.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12788.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Codezips Technical Discussion Forum 1.0 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo signinpost.php. La manipulaci\u00f3n del argumento username conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha revelado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12789.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12789.json index 34f1a48a199..ac90458e5a4 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12789.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12789.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PbootCMS hasta la versi\u00f3n 3.2.3. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo apps/home/controller/IndexController.php. La manipulaci\u00f3n de la etiqueta de argumento provoca la inyecci\u00f3n de c\u00f3digo. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 3.2.4 puede solucionar este problema. Se recomienda actualizar el componente afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12790.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12790.json index b6e410c3d8a..81a9623236a 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12790.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12790.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en code-projects Hostel Management Site 1.0. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo room-details.php. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12791.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12791.json index b48a5ff812d..2ca17552be2 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12791.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12791.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Codezips E-Commerce Site 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo signin.php. La manipulaci\u00f3n del argumento email provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12792.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12792.json index 114b994cb04..429ac1dfc1c 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12792.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12792.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Codezips E-Commerce Site 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo newadmin.php. La manipulaci\u00f3n del argumento email provoca una inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12793.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12793.json index 3e21340f67b..42169dced93 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12793.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12793.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.4 is able to address this issue. It is recommended to upgrade the affected component." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en PbootCMS hasta la versi\u00f3n 5.2.3. Este problema afecta a algunas funciones desconocidas del archivo apps/home/controller/IndexController.php. La manipulaci\u00f3n de la etiqueta de argumento provoca un path traversal. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 5.2.4 puede solucionar este problema. Se recomienda actualizar el componente afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12794.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12794.json index c5aa9b9e279..4cb5b082f56 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12794.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12794.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Codezips E-Commerce Site 1.0. Afecta a una parte desconocida del archivo /admin/editorder.php. La manipulaci\u00f3n del argumento dstatus/quantity/ddate provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12798.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12798.json index 34013b28084..751e94960b0 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12798.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12798.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core\n upto and including version 1.5.12 in Java applications allows\n attacker to execute arbitrary code by compromising an existing\n logback configuration file or by injecting an environment variable\n before program execution.\n\n\n\n\n\nMalicious logback configuration files can allow the attacker to execute \narbitrary code using the JaninoEventEvaluator extension.\n\n\n\nA successful attack requires the user to have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege." + }, + { + "lang": "es", + "value": "La vulnerabilidad ACE en JaninoEventEvaluator por parte de QOS.CH logback-core hasta la versi\u00f3n 1.5.12 incluida en aplicaciones Java permite al atacante ejecutar c\u00f3digo arbitrario comprometiendo un archivo de configuraci\u00f3n de logback existente o inyectando una variable de entorno antes de la ejecuci\u00f3n del programa. Los archivos de configuraci\u00f3n de logback maliciosos pueden permitir al atacante ejecutar c\u00f3digo arbitrario utilizando la extensi\u00f3n JaninoEventEvaluator. Un ataque exitoso requiere que el usuario tenga acceso de escritura a un archivo de configuraci\u00f3n. Alternativamente, el atacante podr\u00eda inyectar una variable de entorno maliciosa que apunte a un archivo de configuraci\u00f3n malicioso. En ambos casos, el ataque requiere privilegios existentes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12801.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12801.json index 20494154ab0..8d7f8a62c49 100644 --- a/CVE-2024/CVE-2024-128xx/CVE-2024-12801.json +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12801.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to \nforge requests by compromising logback configuration files in XML.\n\n\n\nThe attacks involves the modification of DOCTYPE declaration in\u00a0 XML configuration files." + }, + { + "lang": "es", + "value": "Server-Side Request Forgery (SSRF) en SaxEventRecorder de QOS.CH logback versi\u00f3n 1.5.12 en la plataforma Java permite a un atacante falsificar solicitudes comprometiendo los archivos de configuraci\u00f3n de logback en XML. Los ataques implican la modificaci\u00f3n de la declaraci\u00f3n DOCTYPE en los archivos de configuraci\u00f3n XML." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1285.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1285.json index 9a548f2e8b8..9c2a013a4c9 100644 --- a/CVE-2024/CVE-2024-12xx/CVE-2024-1285.json +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1285.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-05T02:15:26.447", "lastModified": "2024-11-21T08:50:13.903", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1381.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1381.json index 065e7866339..a34ad661553 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1381.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1381.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-05T02:15:26.620", "lastModified": "2024-11-21T08:50:27.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1478.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1478.json index af7332bfc69..03b631e5542 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1478.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1478.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-05T02:15:26.773", "lastModified": "2024-11-21T08:50:40.173", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1610.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1610.json index c264756d1e3..a41727be4ad 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1610.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1610.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@oppo.com", "published": "2024-12-18T07:15:07.207", "lastModified": "2024-12-18T16:15:12.060", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In OPPO Store APP, there's a possible escalation of privilege due to improper input validation." + }, + { + "lang": "es", + "value": "En la aplicaci\u00f3n OPPO Store, existe una posible escalada de privilegios debido a una validaci\u00f3n de entrada incorrecta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1694.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1694.json index 1a6f43117c9..1205a8f11a6 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1694.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1694.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-06-07T20:15:10.973", "lastModified": "2024-11-21T08:51:06.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1731.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1731.json index 27c028a3695..5f23e8a2216 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1731.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1731.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-05T02:15:26.937", "lastModified": "2024-11-21T08:51:11.123", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1748.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1748.json index f935ccf2558..665c3e9fbd0 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1748.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1748.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-22T20:15:56.090", "lastModified": "2024-11-21T08:51:13.560", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1749.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1749.json index 961ace7b0af..c47eea92f94 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1749.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1749.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-22T20:15:56.403", "lastModified": "2024-11-21T08:51:13.700", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1750.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1750.json index 58d4718dc0c..ae5e61b6ebf 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1750.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1750.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-22T20:15:56.643", "lastModified": "2024-11-21T08:51:13.837", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1769.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1769.json index a751ee01817..7b068792379 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1769.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1769.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-05T02:15:27.093", "lastModified": "2024-11-21T08:51:16.320", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1782.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1782.json index 130fdfd1d8a..78a5619b71b 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1782.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1782.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-05T02:15:27.253", "lastModified": "2024-11-21T08:51:17.947", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1887.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1887.json index c61a58fff3b..8c2d0634592 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1887.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1887.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-02-29T08:15:46.437", "lastModified": "2024-11-21T08:51:31.743", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1888.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1888.json index 5d3f0df1f40..eb566c6ab78 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1888.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1888.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-02-29T09:15:06.563", "lastModified": "2024-11-21T08:51:31.867", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20837.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20837.json index 21f47ef5f72..bd76bd028ad 100644 --- a/CVE-2024/CVE-2024-208xx/CVE-2024-20837.json +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20837.json @@ -3,7 +3,7 @@ "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-03-05T05:15:11.150", "lastModified": "2024-11-21T08:53:15.047", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20838.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20838.json index f40f58a9bd3..0c084937193 100644 --- a/CVE-2024/CVE-2024-208xx/CVE-2024-20838.json +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20838.json @@ -3,7 +3,7 @@ "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-03-05T05:15:11.517", "lastModified": "2024-11-21T08:53:15.167", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20839.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20839.json index a606da8b510..f68670cd145 100644 --- a/CVE-2024/CVE-2024-208xx/CVE-2024-20839.json +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20839.json @@ -3,7 +3,7 @@ "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-03-05T05:15:12.007", "lastModified": "2024-11-21T08:53:15.273", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21330.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21330.json index cfb2a914869..80b073754e8 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21330.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21330.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:49.143", "lastModified": "2024-11-21T08:54:07.357", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21411.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21411.json index 3fcbff442e5..a0c35501ee2 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21411.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21411.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:50.290", "lastModified": "2024-11-21T08:54:18.473", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21418.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21418.json index c249f4f8e25..767f8e9457b 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21418.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21418.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:50.453", "lastModified": "2024-11-21T08:54:19.313", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21421.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21421.json index 3673d2d66fa..ec615adf1ec 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21421.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21421.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:50.920", "lastModified": "2024-11-21T08:54:19.690", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21546.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21546.json index 9388ae5a25a..0eeaa371a3a 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21546.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21546.json @@ -3,12 +3,16 @@ "sourceIdentifier": "report@snyk.io", "published": "2024-12-18T06:15:22.850", "lastModified": "2024-12-18T06:15:22.850", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code." + }, + { + "lang": "es", + "value": "Las versiones del paquete unisharp/laravel-filemanager anteriores a la 2.9.1 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo (RCE) mediante el uso de un tipo MIME v\u00e1lido y la inserci\u00f3n del car\u00e1cter . despu\u00e9s de la extensi\u00f3n del archivo php. Esto permite al atacante ejecutar c\u00f3digo malicioso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21547.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21547.json index ce908d4a6e6..25b62533f59 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21547.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21547.json @@ -3,12 +3,16 @@ "sourceIdentifier": "report@snyk.io", "published": "2024-12-18T06:15:23.187", "lastModified": "2024-12-18T06:15:23.187", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\\\. An attacker could read any file on the server by exploiting the normalization of \\ into /." + }, + { + "lang": "es", + "value": "Las versiones del paquete spatie/browsershot anteriores a la 5.0.2 son vulnerables a Directory Traversal debido a la normalizaci\u00f3n de URI en el navegador, donde la comprobaci\u00f3n file:// se puede eludir con file:\\\\. Un atacante podr\u00eda leer cualquier archivo del servidor aprovechando la normalizaci\u00f3n de \\ en /." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21548.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21548.json index adcce067ea1..6b649af0014 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21548.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21548.json @@ -3,12 +3,16 @@ "sourceIdentifier": "report@snyk.io", "published": "2024-12-18T06:15:23.360", "lastModified": "2024-12-18T15:15:09.947", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects." + }, + { + "lang": "es", + "value": "Las versiones del paquete bun anteriores a la 1.1.30 son vulnerables a la contaminaci\u00f3n de prototipos debido a una desinfecci\u00f3n de entrada incorrecta. Un atacante puede aprovechar esta vulnerabilidad a trav\u00e9s de las API de Bun que aceptan objetos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21576.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21576.json index 4e2acb59aec..ffe8b56f44a 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21576.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21576.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there\u2019s a call to eval which can be triggered by generating a workflow that injects a crafted string into the node. This can result in executing arbitrary code on the server." + }, + { + "lang": "es", + "value": "ComfyUI-Bmad-Nodes es vulnerable a la inyecci\u00f3n de c\u00f3digo. El problema surge de una omisi\u00f3n de validaci\u00f3n en los nodos personalizados BuildColorRangeHSVAdvanced, FilterContour y FindContour. En la funci\u00f3n de punto de entrada a cada nodo, hay una llamada a eval que se puede activar generando un flujo de trabajo que inyecta una cadena manipulada en el nodo. Esto puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21577.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21577.json index f204903cf7e..7f0d4ca6229 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21577.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21577.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server." + }, + { + "lang": "es", + "value": "ComfyUI-Ace-Nodes es vulnerable a la inyecci\u00f3n de c\u00f3digo. El nodo ACE_ExpressionEval contiene una funci\u00f3n eval() en su punto de entrada que acepta datos arbitrarios controlados por el usuario. Un usuario puede crear un flujo de trabajo que d\u00e9 como resultado la ejecuci\u00f3n de c\u00f3digo arbitrario en el servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2145.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2145.json index 79602f09a62..d20bad48702 100644 --- a/CVE-2024/CVE-2024-21xx/CVE-2024-2145.json +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2145.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-03-03T14:15:52.383", "lastModified": "2024-11-21T09:09:07.667", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2155.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2155.json index 6431ce2da18..99bd12e90f5 100644 --- a/CVE-2024/CVE-2024-21xx/CVE-2024-2155.json +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2155.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-03-04T01:15:07.437", "lastModified": "2024-11-21T09:09:09.070", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2156.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2156.json index d73312e0785..c59d9b1b25b 100644 --- a/CVE-2024/CVE-2024-21xx/CVE-2024-2156.json +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2156.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-03-04T01:15:07.680", "lastModified": "2024-11-21T09:09:09.210", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22355.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22355.json index 64e3098257b..2eb65d28331 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22355.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22355.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-03-03T13:15:07.293", "lastModified": "2024-11-21T08:56:06.433", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22461.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22461.json index a24b51bb693..fbc92353247 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22461.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22461.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system." + }, + { + "lang": "es", + "value": "Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad ejecutando cualquier comando como superusario, lo que le permitir\u00eda obtener acceso a nivel superusario y comprometer todo el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2201.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2201.json index 6e7fa378a90..f7a3d584e10 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2201.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2201.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-privilege en Spectre v2 permite a los atacantes eludir todas las mitigaciones implementadas, incluida la reciente Fine (IBT), y filtrar memoria arbitraria del kernel de Linux en sistemas Intel." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23488.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23488.json index 0459511328a..b87ee3ae139 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23488.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23488.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-02-29T08:15:47.110", "lastModified": "2024-11-21T08:57:48.947", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23493.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23493.json index 5dab2438518..aee85b536e4 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23493.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23493.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-02-29T08:15:47.380", "lastModified": "2024-11-21T08:57:49.490", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24772.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24772.json index 9c727843a74..54d4bafb659 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24772.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24772.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2024-02-28T12:15:47.273", "lastModified": "2024-11-21T08:59:40.283", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24773.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24773.json index c721b5185f0..938ae4312dd 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24773.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24773.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2024-02-28T12:15:47.477", "lastModified": "2024-11-21T08:59:40.423", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24779.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24779.json index 575e337b728..6f1c7e739f5 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24779.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24779.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2024-02-28T12:15:47.660", "lastModified": "2024-11-21T08:59:41.143", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24902.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24902.json index 4a3ff587cb4..202a49b6d04 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24902.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24902.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time." + }, + { + "lang": "es", + "value": "Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad de control de acceso inadecuado. Un atacante local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad y obtener acceso a datos no autorizados durante un tiempo limitado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24988.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24988.json index 5b92e49f9c5..e670501896a 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24988.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24988.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-02-29T08:15:47.640", "lastModified": "2024-11-21T09:00:05.530", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25042.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25042.json index 2dc44a8d573..e64f8dc13cf 100644 --- a/CVE-2024/CVE-2024-250xx/CVE-2024-25042.json +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25042.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-18T17:15:13.057", "lastModified": "2024-12-18T17:15:13.057", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\n\n\nis potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations." + }, + { + "lang": "es", + "value": "IBM Cognos Analytics 11.2.0 a 11.2.4 y 12.0.0 a 12.0.3 es potencialmente vulnerable a Cross Site Scripting (XSS). Un atacante remoto podr\u00eda ejecutar comandos maliciosos debido a una validaci\u00f3n incorrecta de los encabezados de columna en Cognos Explorations." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25131.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25131.json index ee8ec072ef7..5bf0e73ad57 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25131.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25131.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en el recurso definido a medida (CRD) MustGather.managed.openshift.io de OpenShift Dedicated. Un usuario sin privilegios en el cl\u00faster puede crear un objeto MustGather con un archivo especialmente manipulado y configurar la cuenta de servicio con m\u00e1s privilegios para ejecutar el trabajo. Esto puede permitir que un usuario desarrollador est\u00e1ndar escale sus privilegios a un administrador del cl\u00faster y cambie al entorno de AWS." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-260xx/CVE-2024-26016.json b/CVE-2024/CVE-2024-260xx/CVE-2024-26016.json index 615ac8fb406..a269f187fa9 100644 --- a/CVE-2024/CVE-2024-260xx/CVE-2024-26016.json +++ b/CVE-2024/CVE-2024-260xx/CVE-2024-26016.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2024-02-28T12:15:47.850", "lastModified": "2024-11-21T09:01:46.090", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26811.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26811.json index 73a1c7e3266..9290eac6200 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26811.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26811.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-08T10:15:08.540", "lastModified": "2024-11-21T09:03:07.800", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26958.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26958.json index ee0d7d4f65c..fe13fb5b20b 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26958.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26958.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:12.090", "lastModified": "2024-11-21T09:03:29.403", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26961.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26961.json index ac8f60de503..feeb2d7b76e 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26961.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26961.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:12.437", "lastModified": "2024-11-21T09:03:29.877", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26962.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26962.json index f5a05f43c79..1a70c70b660 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26962.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26962.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:12.527", "lastModified": "2024-11-21T09:03:30.013", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26964.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26964.json index 373e1374fc3..2e99ef402aa 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26964.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26964.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:12.707", "lastModified": "2024-11-21T09:03:30.253", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26966.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26966.json index 63c772be2df..9195ae39b5a 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26966.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26966.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:12.913", "lastModified": "2024-11-21T09:03:30.517", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26967.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26967.json index 5b7ecaf0ba0..63288f67619 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26967.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26967.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:13.010", "lastModified": "2024-11-21T09:03:30.650", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26968.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26968.json index 7b2d6e9fa5d..ac3173aeb15 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26968.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26968.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:13.133", "lastModified": "2024-11-21T09:03:30.760", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26969.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26969.json index f10abc21c7f..cf408309e33 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26969.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26969.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:13.220", "lastModified": "2024-11-21T09:03:30.883", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26974.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26974.json index 727d4023f8d..2446fb385ef 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26974.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26974.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:14.313", "lastModified": "2024-11-21T09:03:31.677", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26975.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26975.json index 1379c18d009..128bdc8d58c 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26975.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26975.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:14.533", "lastModified": "2024-11-21T09:03:31.817", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26981.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26981.json index 1dc15e53872..72fa457bb13 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26981.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26981.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:15.517", "lastModified": "2024-11-21T09:03:32.790", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26983.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26983.json index d7054bda93a..82feeda3470 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26983.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26983.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:15.747", "lastModified": "2024-11-21T09:03:33.033", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26989.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26989.json index 8c0631edb31..5fcad794cf6 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26989.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26989.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:16.577", "lastModified": "2024-11-21T09:03:33.953", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26993.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26993.json index e20f045a614..b255087bf2b 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26993.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26993.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:17.110", "lastModified": "2024-11-21T09:03:34.500", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26995.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26995.json index 26019439915..2506a52ea54 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26995.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26995.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:17.313", "lastModified": "2024-11-21T09:03:34.817", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26996.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26996.json index 507727e5e4f..6131c5bf2a8 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26996.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26996.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:17.480", "lastModified": "2024-11-21T09:03:34.937", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26998.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26998.json index e52f33c8645..b82cf790c7d 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26998.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26998.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:17.780", "lastModified": "2024-11-21T09:03:35.200", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27002.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27002.json index c56a903444a..ebac7ecf50a 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27002.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27002.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:18.437", "lastModified": "2024-11-21T09:03:35.720", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27003.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27003.json index 3dc52231ad4..ffbde75c678 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27003.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27003.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:18.597", "lastModified": "2024-11-21T09:03:35.847", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27010.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27010.json index 375839a1c26..185148aa78e 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27010.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27010.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:19.467", "lastModified": "2024-11-21T09:03:39.053", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27011.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27011.json index fb7c4f8ca13..d26f3e7fd73 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27011.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27011.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T06:15:19.583", "lastModified": "2024-11-21T09:03:39.223", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27024.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27024.json index db438a964ea..a174ee86c1d 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27024.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27024.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:48.847", "lastModified": "2024-11-21T09:03:41.273", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27025.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27025.json index 699eb8b7805..2016f230f13 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27025.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27025.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:48.890", "lastModified": "2024-11-21T09:03:41.403", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27029.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27029.json index c6c5e798c2d..d4863c97467 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27029.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27029.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.083", "lastModified": "2024-11-21T09:03:41.980", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27030.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27030.json index 44260c10b6d..9b7ce7e1792 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27030.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27030.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.137", "lastModified": "2024-11-21T09:03:42.103", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27031.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27031.json index e39ebc578a1..9b95181695c 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27031.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27031.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.180", "lastModified": "2024-11-21T09:03:42.230", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27033.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27033.json index fd20991acae..0686aa1064e 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27033.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27033.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.273", "lastModified": "2024-11-21T09:03:42.543", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27038.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27038.json index 1bd6e68cfa3..0166faa4151 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27038.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27038.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.507", "lastModified": "2024-11-21T09:03:43.260", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27042.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27042.json index cf73175b49f..9ea56181ef2 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27042.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27042.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.690", "lastModified": "2024-11-21T09:03:43.930", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27043.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27043.json index 084c41d7fec..e38bbf03f28 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27043.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27043.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.740", "lastModified": "2024-11-21T09:03:44.053", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27044.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27044.json index 8e52840ef9e..4e00333adbd 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27044.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27044.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.783", "lastModified": "2024-11-21T09:03:44.183", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27045.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27045.json index 79937569c11..31a73562420 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27045.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27045.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.837", "lastModified": "2024-11-21T09:03:44.310", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27046.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27046.json index e74d5ca76a0..a6296384a01 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27046.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27046.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.880", "lastModified": "2024-11-21T09:03:44.440", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27047.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27047.json index e185dfebbb3..c5f310cc21d 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27047.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27047.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.930", "lastModified": "2024-11-21T09:03:44.563", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27048.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27048.json index 35212d30973..375f457b23e 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27048.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27048.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:49.977", "lastModified": "2024-11-21T09:03:44.707", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27049.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27049.json index 9836581d7cf..c2b9cc5410a 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27049.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27049.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:50.020", "lastModified": "2024-11-21T09:03:44.820", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27051.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27051.json index ea0a25a9a6d..ce701c1236e 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27051.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27051.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:50.120", "lastModified": "2024-11-21T09:03:45.127", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27060.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27060.json index 83b2cb418a0..892f58d2b43 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27060.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27060.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:50.543", "lastModified": "2024-11-21T09:03:46.540", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27064.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27064.json index e73c924a371..a399b77bbb0 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27064.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27064.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:50.757", "lastModified": "2024-11-21T09:03:47.117", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27068.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27068.json index cc978a50727..bfec7b7f561 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27068.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27068.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:50.937", "lastModified": "2024-11-21T09:03:47.610", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27070.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27070.json index 023c825506b..4df77fbfd63 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27070.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27070.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:51.037", "lastModified": "2024-11-21T09:03:47.847", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27071.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27071.json index d05512eaa2b..c52635820b7 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27071.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27071.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:51.083", "lastModified": "2024-11-21T09:03:47.980", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27074.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27074.json index eeba3d63e43..b006130c014 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27074.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27074.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:51.207", "lastModified": "2024-11-21T09:03:48.473", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27076.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27076.json index cfd2deba354..fd024a0450c 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27076.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27076.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:51.307", "lastModified": "2024-11-21T09:03:48.717", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27077.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27077.json index d1344b92187..58ca919d724 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27077.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27077.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:51.350", "lastModified": "2024-11-21T09:03:48.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27078.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27078.json index 6f042ca54d6..083de2735db 100644 --- a/CVE-2024/CVE-2024-270xx/CVE-2024-27078.json +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27078.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:51.393", "lastModified": "2024-11-21T09:03:48.950", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27255.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27255.json index cd71b2856d9..5f68e059cc6 100644 --- a/CVE-2024/CVE-2024-272xx/CVE-2024-27255.json +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27255.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-03-03T12:15:36.867", "lastModified": "2024-11-21T09:04:11.830", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27295.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27295.json index a4397f43f28..901a1ae1bcd 100644 --- a/CVE-2024/CVE-2024-272xx/CVE-2024-27295.json +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27295.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-01T16:15:46.227", "lastModified": "2024-11-21T09:04:16.080", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27296.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27296.json index 3ac1a507ff8..6f9fb9c9ff2 100644 --- a/CVE-2024/CVE-2024-272xx/CVE-2024-27296.json +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27296.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-01T16:15:46.413", "lastModified": "2024-11-21T09:04:16.197", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27315.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27315.json index 275f44bb573..98a5a2d54c2 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27315.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27315.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2024-02-28T10:15:09.650", "lastModified": "2024-11-21T09:04:18.873", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27392.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27392.json index 7c59b658855..5c01332a564 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27392.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27392.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-01T13:15:51.793", "lastModified": "2024-11-21T09:04:31.040", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-279xx/CVE-2024-27921.json b/CVE-2024/CVE-2024-279xx/CVE-2024-27921.json index aabf0bd705c..341f6e6cfc8 100644 --- a/CVE-2024/CVE-2024-279xx/CVE-2024-27921.json +++ b/CVE-2024/CVE-2024-279xx/CVE-2024-27921.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-21T22:15:11.137", "lastModified": "2024-11-21T09:05:25.690", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-279xx/CVE-2024-27923.json b/CVE-2024/CVE-2024-279xx/CVE-2024-27923.json index 55de3b6a685..db75ff0f5a0 100644 --- a/CVE-2024/CVE-2024-279xx/CVE-2024-27923.json +++ b/CVE-2024/CVE-2024-279xx/CVE-2024-27923.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-21T02:52:21.280", "lastModified": "2024-11-21T09:05:25.970", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28084.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28084.json index f1e045b8227..5a90c39406e 100644 --- a/CVE-2024/CVE-2024-280xx/CVE-2024-28084.json +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28084.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-03-03T21:15:49.963", "lastModified": "2024-11-21T09:05:46.093", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28088.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28088.json index d28aee2a0f4..84f453d0143 100644 --- a/CVE-2024/CVE-2024-280xx/CVE-2024-28088.json +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28088.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-03-04T00:15:47.017", "lastModified": "2024-11-21T09:05:46.753", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28116.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28116.json index 32e30e1ad90..f3ae8cdda6b 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28116.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28116.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-21T22:15:11.577", "lastModified": "2024-11-21T09:05:51.040", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28117.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28117.json index e8f98a3313e..eeb2e0f7dce 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28117.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28117.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-21T22:15:11.820", "lastModified": "2024-11-21T09:05:51.183", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28118.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28118.json index 4ec53100c2d..08fbd76e73e 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28118.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28118.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-21T22:15:12.037", "lastModified": "2024-11-21T09:05:51.323", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28119.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28119.json index 865f1bd2acb..ff53ee1749f 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28119.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28119.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-21T22:15:12.233", "lastModified": "2024-11-21T09:05:51.450", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28237.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28237.json index fb6de0eb797..6ae8ea90c4e 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28237.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28237.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-18T22:15:07.980", "lastModified": "2024-11-21T09:06:04.057", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28238.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28238.json index d6bc6027e90..73a7994feef 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28238.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28238.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-12T21:15:59.297", "lastModified": "2024-11-21T09:06:04.200", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28239.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28239.json index e6d59b0d3bd..ea434f70379 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28239.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28239.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-12T21:15:59.513", "lastModified": "2024-11-21T09:06:04.327", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28980.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28980.json index 2f3da989b1f..91f24cbf84c 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28980.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28980.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution." + }, + { + "lang": "es", + "value": "Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad de uso de un algoritmo criptogr\u00e1fico da\u00f1ado o riesgoso en SSH. Un atacante no autenticado con acceso remoto podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda una ejecuci\u00f3n remota." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29029.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29029.json index a5f466094e4..5d7f3bb1393 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29029.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29029.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-19T16:15:09.853", "lastModified": "2024-11-21T09:07:24.447", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-296xx/CVE-2024-29646.json b/CVE-2024/CVE-2024-296xx/CVE-2024-29646.json index c5bd70e2689..9ddc531f5a2 100644 --- a/CVE-2024/CVE-2024-296xx/CVE-2024-29646.json +++ b/CVE-2024/CVE-2024-296xx/CVE-2024-29646.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T22:15:06.550", "lastModified": "2024-12-18T16:15:12.513", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields." + }, + { + "lang": "es", + "value": "La vulnerabilidad de desbordamiento de b\u00fafer en radarorg radare2 v.5.8.8 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de los campos de nombre, tipo o grupo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31668.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31668.json index 478ff1b80bd..2ef2f585122 100644 --- a/CVE-2024/CVE-2024-316xx/CVE-2024-31668.json +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31668.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T22:15:06.677", "lastModified": "2024-12-18T16:15:12.693", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta." + }, + { + "lang": "es", + "value": "rizin anterior a v0.6.3 es vulnerable a la neutralizaci\u00f3n incorrecta de elementos especiales a trav\u00e9s de la funci\u00f3n meta_set en librz/analysis/meta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31891.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31891.json index c053cb024eb..9edd6345f4d 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31891.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31891.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-14T13:15:17.630", "lastModified": "2024-12-14T13:15:17.630", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 \n\ncontains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system." + }, + { + "lang": "es", + "value": "IBM Storage Scale GUI 5.1.9.0 a 5.1.9.6 y 5.2.0.0 a 5.2.1.1 contiene una vulnerabilidad de escalada de privilegios locales. Un actor malintencionado con acceso de l\u00ednea de comandos al usuario 'scalemgmt' puede elevar los privilegios para obtener acceso ra\u00edz al sistema operativo host." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31892.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31892.json index 276f184a269..023fcecded7 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31892.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31892.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-14T13:15:18.877", "lastModified": "2024-12-14T13:15:18.877", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements." + }, + { + "lang": "es", + "value": "Las versiones de IBM Storage Scale GUI 5.1.9.0 a 5.1.9.6 y 5.2.0.0 a 5.2.1.1 podr\u00edan permitir que un usuario realice acciones no autorizadas despu\u00e9s de interceptar y modificar un archivo csv debido a una neutralizaci\u00f3n incorrecta de los elementos de la f\u00f3rmula." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32461.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32461.json index 2cb24512929..8ed7c521092 100644 --- a/CVE-2024/CVE-2024-324xx/CVE-2024-32461.json +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32461.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-22T22:15:07.840", "lastModified": "2024-11-21T09:14:57.730", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32479.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32479.json index 5227a3f2f0e..f548c3fb123 100644 --- a/CVE-2024/CVE-2024-324xx/CVE-2024-32479.json +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32479.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-22T22:15:08.027", "lastModified": "2024-11-21T09:14:59.760", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-324xx/CVE-2024-32480.json b/CVE-2024/CVE-2024-324xx/CVE-2024-32480.json index 96ba65ea844..7311437e1ec 100644 --- a/CVE-2024/CVE-2024-324xx/CVE-2024-32480.json +++ b/CVE-2024/CVE-2024-324xx/CVE-2024-32480.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-22T23:15:50.440", "lastModified": "2024-11-21T09:14:59.887", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32645.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32645.json index 2e348489cba..cdd36cf362f 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32645.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32645.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-25T18:15:08.593", "lastModified": "2024-11-21T09:15:23.130", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32646.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32646.json index 65bc4790ec3..cfd6e16ccad 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32646.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32646.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-25T18:15:08.780", "lastModified": "2024-11-21T09:15:23.277", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32647.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32647.json index 6e1ae9157d6..ba282414d46 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32647.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32647.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-25T18:15:08.963", "lastModified": "2024-11-21T09:15:23.400", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32648.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32648.json index 31f496f836c..33252775525 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32648.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32648.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-25T18:15:09.157", "lastModified": "2024-11-21T09:15:23.533", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32649.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32649.json index 9070c6beb9b..71190b35a22 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32649.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32649.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-25T18:15:09.350", "lastModified": "2024-11-21T09:15:23.670", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34082.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34082.json index 3337de4f2a5..21039ac2bf2 100644 --- a/CVE-2024/CVE-2024-340xx/CVE-2024-34082.json +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34082.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-15T17:15:12.703", "lastModified": "2024-11-21T09:18:03.223", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34708.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34708.json index 115b4eb75b1..b866b2ad00d 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34708.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34708.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:39:31.083", "lastModified": "2024-11-21T09:19:14.427", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34709.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34709.json index 19b3c9709cb..ffab3ad8726 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34709.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34709.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:39:31.547", "lastModified": "2024-11-21T09:19:14.557", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35141.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35141.json index 6779b9d5b84..40586fc3da7 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35141.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35141.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges." + }, + { + "lang": "es", + "value": "IBM Security Verify Access Docker 10.0.0 a 10.0.6 podr\u00eda permitir que un usuario local aumente sus privilegios debido a la ejecuci\u00f3n de privilegios innecesarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35230.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35230.json index 2d373f21fa3..467e8377af4 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35230.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35230.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "GeoServer es un servidor de software de c\u00f3digo abierto escrito en Java que permite a los usuarios compartir y editar datos geoespaciales. En las versiones afectadas, la p\u00e1gina de bienvenida y la p\u00e1gina de informaci\u00f3n incluyen informaci\u00f3n sobre la versi\u00f3n y la revisi\u00f3n del software en uso (incluida la librer\u00eda y los componentes utilizados). Esta informaci\u00f3n es confidencial desde el punto de vista de la seguridad porque permite identificar f\u00e1cilmente el software utilizado por el servidor. Este problema se ha corregido en la versi\u00f3n 2.26.0 y se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-361xx/CVE-2024-36128.json b/CVE-2024/CVE-2024-361xx/CVE-2024-36128.json index e385296a60a..3d04fe19078 100644 --- a/CVE-2024/CVE-2024-361xx/CVE-2024-36128.json +++ b/CVE-2024/CVE-2024-361xx/CVE-2024-36128.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-03T15:15:09.547", "lastModified": "2024-11-21T09:21:40.603", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-366xx/CVE-2024-36694.json b/CVE-2024/CVE-2024-366xx/CVE-2024-36694.json index b5d3402893c..aeacc5f620f 100644 --- a/CVE-2024/CVE-2024-366xx/CVE-2024-36694.json +++ b/CVE-2024/CVE-2024-366xx/CVE-2024-36694.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-18T20:15:22.637", "lastModified": "2024-12-18T20:15:22.637", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function." + }, + { + "lang": "es", + "value": "OpenCart 4.0.2.3 es vulnerable a Server-Side Template Injection (SSTI) a trav\u00e9s de la funci\u00f3n del editor de temas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-368xx/CVE-2024-36831.json b/CVE-2024/CVE-2024-368xx/CVE-2024-36831.json index 932e950dc7d..3c0b0b3a812 100644 --- a/CVE-2024/CVE-2024-368xx/CVE-2024-36831.json +++ b/CVE-2024/CVE-2024-368xx/CVE-2024-36831.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T15:15:12.720", "lastModified": "2024-12-17T16:15:25.390", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication." + }, + { + "lang": "es", + "value": "Una desreferencia de puntero NULL en plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una solicitud HTTP manipulada sin autenticaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-368xx/CVE-2024-36832.json b/CVE-2024/CVE-2024-368xx/CVE-2024-36832.json index 110492f41af..6ee66f781c8 100644 --- a/CVE-2024/CVE-2024-368xx/CVE-2024-36832.json +++ b/CVE-2024/CVE-2024-368xx/CVE-2024-36832.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T15:15:13.097", "lastModified": "2024-12-17T17:15:08.467", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device." + }, + { + "lang": "es", + "value": "Una desreferencia de puntero nulo en D-Link DAP-1513 REVA_FIRMWARE_1.01 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una solicitud web manipulada sin autenticaci\u00f3n. La vulnerabilidad se produce en el binario /bin/webs del firmware. Cuando /bin/webs recibe una solicitud HTTP cuidadosamente construida, se bloquea y se cierra debido a una referencia de puntero nulo, lo que provoca un ataque de denegaci\u00f3n de servicio al dispositivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-372xx/CVE-2024-37251.json b/CVE-2024/CVE-2024-372xx/CVE-2024-37251.json index a3c39784b20..ec64f19b727 100644 --- a/CVE-2024/CVE-2024-372xx/CVE-2024-37251.json +++ b/CVE-2024/CVE-2024-372xx/CVE-2024-37251.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:06.970", "lastModified": "2024-12-16T15:15:06.970", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WPENGINE, INC. Advanced Custom Fields PRO. Este problema afecta a Advanced Custom Fields PRO: desde n/a hasta 6.3.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-376xx/CVE-2024-37605.json b/CVE-2024/CVE-2024-376xx/CVE-2024-37605.json index d4fc69a8b3b..aa9e67693f4 100644 --- a/CVE-2024/CVE-2024-376xx/CVE-2024-37605.json +++ b/CVE-2024/CVE-2024-376xx/CVE-2024-37605.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T15:15:13.357", "lastModified": "2024-12-17T18:15:22.377", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una desreferencia de puntero NULL en D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-376xx/CVE-2024-37606.json b/CVE-2024/CVE-2024-376xx/CVE-2024-37606.json index 4897785eca1..e3fe4a12c6c 100644 --- a/CVE-2024/CVE-2024-376xx/CVE-2024-37606.json +++ b/CVE-2024/CVE-2024-376xx/CVE-2024-37606.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T15:15:13.643", "lastModified": "2024-12-17T18:15:23.083", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de pila en D-Link DCS-932L REVB_FIRMWARE_2.18.01 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-376xx/CVE-2024-37607.json b/CVE-2024/CVE-2024-376xx/CVE-2024-37607.json index e35d3fd67b3..f25f71456c1 100644 --- a/CVE-2024/CVE-2024-376xx/CVE-2024-37607.json +++ b/CVE-2024/CVE-2024-376xx/CVE-2024-37607.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T15:15:13.950", "lastModified": "2024-12-17T18:15:23.343", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en D-Link DAP-2555 REVA_FIRMWARE_1.20 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-376xx/CVE-2024-37649.json b/CVE-2024/CVE-2024-376xx/CVE-2024-37649.json index 8bae493c3a9..9c78f6ed13b 100644 --- a/CVE-2024/CVE-2024-376xx/CVE-2024-37649.json +++ b/CVE-2024/CVE-2024-376xx/CVE-2024-37649.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials." + }, + { + "lang": "es", + "value": "La vulnerabilidad de permisos inseguros en SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A y anteriores permite que un atacante f\u00edsicamente pr\u00f3ximo obtenga informaci\u00f3n confidencial mediante la modificaci\u00f3n de las credenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37962.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37962.json index d11b361ba8e..bd8741e3709 100644 --- a/CVE-2024/CVE-2024-379xx/CVE-2024-37962.json +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37962.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Agency Dominion Fusion permite XSS almacenado. Este problema afecta a Fusion: desde n/a hasta 1.6.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38264.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38264.json index 8e875977a10..cd902baf701 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38264.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38264.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-384xx/CVE-2024-38488.json b/CVE-2024/CVE-2024-384xx/CVE-2024-38488.json index 2c12d03ba1b..fbe2f538c53 100644 --- a/CVE-2024/CVE-2024-384xx/CVE-2024-38488.json +++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38488.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise.\nThis allows attackers to brute-force the password of valid users in an automated manner." + }, + { + "lang": "es", + "value": "Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad. Se trata de una vulnerabilidad de restricci\u00f3n de autenticaci\u00f3n excesiva que podr\u00eda ser explotada por un atacante de red, lo que provocar\u00eda un ataque de fuerza bruta o un ataque de diccionario contra el formulario de inicio de sesi\u00f3n de RecoverPoint y un compromiso total del sistema. Esto permite a los atacantes obtener por fuerza bruta la contrase\u00f1a de usuarios v\u00e1lidos de forma autom\u00e1tica." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38819.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38819.json index 66ae801deb8..48766a597a1 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38819.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38819.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running." + }, + { + "lang": "es", + "value": "Las aplicaciones que ofrecen recursos est\u00e1ticos a trav\u00e9s de los marcos web funcionales WebMvc.fn o WebFlux.fn son vulnerables a ataques de path traversal. Un atacante puede manipular solicitudes HTTP maliciosas y obtener cualquier archivo del sistema de archivos al que tambi\u00e9n pueda acceder el proceso en el que se ejecuta la aplicaci\u00f3n Spring." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38864.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38864.json index 0273511786b..744fbb8493e 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38864.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38864.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data." + }, + { + "lang": "es", + "value": "Los permisos incorrectos en el directorio de datos del Agente de Windows de Checkmk en Checkmk < 2.3.0p23, < 2.2.0p38 y <= 2.1.0p49 (EOL) permiten que un atacante local lea datos confidenciales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39703.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39703.json index 383ae3b7e0a..e48e07a1051 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39703.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39703.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-18T07:15:07.343", "lastModified": "2024-12-18T07:15:07.343", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint." + }, + { + "lang": "es", + "value": "En ThreatQuotient ThreatQ anterior a la versi\u00f3n 5.29.3, los usuarios autenticados pueden ejecutar comandos arbitrarios enviando una solicitud manipulada a un endpoint de API." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-398xx/CVE-2024-39804.json b/CVE-2024/CVE-2024-398xx/CVE-2024-39804.json index 3ff421eaa0a..3fdaf7ad285 100644 --- a/CVE-2024/CVE-2024-398xx/CVE-2024-39804.json +++ b/CVE-2024/CVE-2024-398xx/CVE-2024-39804.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de librer\u00eda en Microsoft PowerPoint 16.83 para macOS. Una librer\u00eda especialmente manipulada puede aprovechar los privilegios de acceso de PowerPoint, lo que lleva a una omisi\u00f3n de permisos. Una aplicaci\u00f3n malintencionada podr\u00eda inyectar una librer\u00eda e iniciar el programa para activar esta vulnerabilidad y luego hacer uso de los permisos de la aplicaci\u00f3n vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-398xx/CVE-2024-39895.json b/CVE-2024/CVE-2024-398xx/CVE-2024-39895.json index 05116782ddf..a372710da31 100644 --- a/CVE-2024/CVE-2024-398xx/CVE-2024-39895.json +++ b/CVE-2024/CVE-2024-398xx/CVE-2024-39895.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-08T17:15:11.980", "lastModified": "2024-11-21T09:28:31.113", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-398xx/CVE-2024-39896.json b/CVE-2024/CVE-2024-398xx/CVE-2024-39896.json index 02e229ff9e2..ed321e2aca8 100644 --- a/CVE-2024/CVE-2024-398xx/CVE-2024-39896.json +++ b/CVE-2024/CVE-2024-398xx/CVE-2024-39896.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-08T18:15:08.383", "lastModified": "2024-11-21T09:28:31.230", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41138.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41138.json index db54e101a03..5655a4794ae 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41138.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41138.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de librer\u00eda en la aplicaci\u00f3n auxiliar com.microsoft.teams2.modulehost.app de Microsoft Teams (trabajo o escuela) 24046.2813.2770.1094 para macOS. Una librer\u00eda especialmente manipulada puede aprovechar los privilegios de acceso de Teams, lo que lleva a una omisi\u00f3n de permisos. Una aplicaci\u00f3n malintencionada podr\u00eda inyectar una librer\u00eda e iniciar el programa para activar esta vulnerabilidad y luego hacer uso de los permisos de la aplicaci\u00f3n vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41145.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41145.json index 6dc66870f8b..4c74d2fe0e8 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41145.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41145.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de librer\u00eda en la aplicaci\u00f3n auxiliar WebView.app de Microsoft Teams (trabajo o escuela) 24046.2813.2770.1094 para macOS. Una librer\u00eda especialmente manipulada puede aprovechar los privilegios de acceso de Teams, lo que lleva a una omisi\u00f3n de permisos. Una aplicaci\u00f3n malintencionada podr\u00eda inyectar una librer\u00eda e iniciar el programa para activar esta vulnerabilidad y luego hacer uso de los permisos de la aplicaci\u00f3n vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41159.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41159.json index c0b0ea430f7..391a54274a6 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41159.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41159.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de librer\u00eda en Microsoft OneNote 16.83 para macOS. Una librer\u00eda especialmente manipulada puede aprovechar los privilegios de acceso de OneNote, lo que lleva a una omisi\u00f3n de permisos. Una aplicaci\u00f3n malintencionada podr\u00eda inyectar una librer\u00eda e iniciar el programa para activar esta vulnerabilidad y luego hacer uso de los permisos de la aplicaci\u00f3n vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41165.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41165.json index 17a94da7861..b9525318a50 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41165.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41165.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de librer\u00eda en Microsoft Word 16.83 para macOS. Una librer\u00eda especialmente manipulada puede aprovechar los privilegios de acceso de Word, lo que lleva a una omisi\u00f3n de permisos. Una aplicaci\u00f3n malintencionada podr\u00eda inyectar una librer\u00eda e iniciar el programa para activar esta vulnerabilidad y luego hacer uso de los permisos de la aplicaci\u00f3n vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41752.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41752.json index eff1851700a..c5bbcd4dd19 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41752.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41752.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-18T17:15:13.223", "lastModified": "2024-12-18T17:15:13.223", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site." + }, + { + "lang": "es", + "value": "IBM Cognos Analytics 11.2.0 a 11.2.4 y 12.0.0 a 12.0.3 es vulnerable a la inyecci\u00f3n de c\u00f3digo HTML. Un atacante remoto podr\u00eda inyectar c\u00f3digo HTML malicioso que, al visualizarse, se ejecutar\u00eda en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio de alojamiento." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42194.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42194.json index 978d332846f..2a6da6c4d5b 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42194.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42194.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@hcl.com", "published": "2024-12-17T18:15:23.590", "lastModified": "2024-12-17T18:15:23.590", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call." + }, + { + "lang": "es", + "value": "Una gesti\u00f3n inadecuada de permisos o privilegios insuficientes afecta a HCL BigFix Inventory. Un atacante que tenga acceso a trav\u00e9s de una cuenta de solo lectura podr\u00eda cambiar ciertos par\u00e1metros de configuraci\u00f3n manipulando una llamada a la API REST espec\u00edfica." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4229.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4229.json index 73b892f2e84..d7cc8602464 100644 --- a/CVE-2024/CVE-2024-42xx/CVE-2024-4229.json +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4229.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify." + }, + { + "lang": "es", + "value": "La vulnerabilidad de permisos predeterminados incorrectos en Edgecross Basic Software para Windows versiones 1.00 y posteriores y Edgecross Basic Software para desarrolladores versiones 1.00 y posteriores permite que un atacante local malintencionado ejecute un c\u00f3digo malicioso arbitrario, lo que resulta en la divulgaci\u00f3n, manipulaci\u00f3n y eliminaci\u00f3n de informaci\u00f3n, o una condici\u00f3n de denegaci\u00f3n de servicio (DoS), si el producto est\u00e1 instalado en una carpeta distinta a una carpeta que solo los usuarios con privilegios administrativos tienen permiso para modificar." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4230.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4230.json index 5dd6bc88fb0..6f34038608a 100644 --- a/CVE-2024/CVE-2024-42xx/CVE-2024-4230.json +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4230.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition." + }, + { + "lang": "es", + "value": "La vulnerabilidad de control externo de nombre de archivo o ruta en Edgecross Basic Software para Windows versiones 1.00 y posteriores y Edgecross Basic Software para desarrolladores versiones 1.00 y posteriores permite que un atacante local malintencionado ejecute un c\u00f3digo malicioso arbitrario, lo que resulta en la divulgaci\u00f3n, manipulaci\u00f3n y eliminaci\u00f3n de informaci\u00f3n, o una condici\u00f3n de denegaci\u00f3n de servicio (DoS)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43447.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43447.json index 7a8916c36f5..cd9d951a7f2 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43447.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43447.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43449.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43449.json index e30fea9c200..3c307b2536c 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43449.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43449.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43450.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43450.json index 2f2f670f38e..d1841699e31 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43450.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43450.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43452.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43452.json index 9337448fbef..3b9a619a4f5 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43452.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43452.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43530.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43530.json index 17d2628ba7b..8bcfefae981 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43530.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43530.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43600.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43600.json index c6ae01cbd14..fcce2a22a24 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43600.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43600.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43620.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43620.json index 09562093f5b..90085bf596a 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43620.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43620.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43621.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43621.json index 5af0ee76222..eb8332b5176 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43621.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43621.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43622.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43622.json index 8f229a7225a..63bb0e4e975 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43622.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43622.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43623.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43623.json index dda96518ea3..514d94fe0a6 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43623.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43623.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43624.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43624.json index 50815ebce7d..7995c89d0d2 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43624.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43624.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43626.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43626.json index ee35440ec52..242f21c0e03 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43626.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43626.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43627.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43627.json index 119ccb6e6c0..5a4b2ff973b 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43627.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43627.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43628.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43628.json index be05bdf6e1f..33f3a6e19d1 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43628.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43628.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43629.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43629.json index 54bcd873b46..6bb86ecba8f 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43629.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43629.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43630.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43630.json index 4785abe8e3f..194df7cbfef 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43630.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43630.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43633.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43633.json index a3b95d2298a..9b5dfc4bd00 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43633.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43633.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43634.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43634.json index 6b7b942619d..fa2f26bb6b3 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43634.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43634.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43635.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43635.json index a6b07b7497f..da7f14e7b5b 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43635.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43635.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43636.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43636.json index 98cc347c18b..d90c74315e4 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43636.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43636.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43637.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43637.json index 96401756922..5c23c8239ea 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43637.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43637.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43638.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43638.json index 47dc06ac1de..035db0ee12d 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43638.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43638.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43639.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43639.json index 704a9d78bbb..9bf444f8741 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43639.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43639.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43640.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43640.json index 41a6f782119..1f8025d0dff 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43640.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43640.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43641.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43641.json index c9ad01820c4..986c26164c4 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43641.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43641.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43642.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43642.json index 4a4268cb10d..63bbded2ba6 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43642.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43642.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43643.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43643.json index a20ca581c71..91c4af680b0 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43643.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43643.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43644.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43644.json index 2992ba3b2d1..e58ceb84104 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43644.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43644.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4464.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4464.json index 7ea02a0520e..f31e0cef9fb 100644 --- a/CVE-2024/CVE-2024-44xx/CVE-2024-4464.json +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4464.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@synology.com", "published": "2024-12-18T06:15:23.587", "lastModified": "2024-12-18T06:15:23.587", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors." + }, + { + "lang": "es", + "value": "La vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una clave controlada por el usuario en el servicio de transmisi\u00f3n en Synology Media Server anterior a 1.4-2680, 2.0.5-3152 y 2.2.0-3325 permite a atacantes remotos leer archivos espec\u00edficos a trav\u00e9s de vectores no especificados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-450xx/CVE-2024-45082.json b/CVE-2024/CVE-2024-450xx/CVE-2024-45082.json index f8379f725b7..3c042f23e74 100644 --- a/CVE-2024/CVE-2024-450xx/CVE-2024-45082.json +++ b/CVE-2024/CVE-2024-450xx/CVE-2024-45082.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-18T17:15:13.383", "lastModified": "2024-12-18T17:15:13.383", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Cognos Analytics\u00a011.2.0 through 11.2.4 and 12.0.0 through 12.0.3 \n\ncould allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted." + }, + { + "lang": "es", + "value": "IBM Cognos Analytics 11.2.0 a 11.2.4 y 12.0.0 a 12.0.3 podr\u00eda permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para falsificar la URL mostrada y redirigir al usuario a un sitio web malicioso que parezca confiable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45338.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45338.json index 1740e1a0b53..7e00c10492d 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45338.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45338.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@golang.org", "published": "2024-12-18T21:15:08.173", "lastModified": "2024-12-18T21:15:08.173", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service." + }, + { + "lang": "es", + "value": "Un atacante puede manipular una entrada para las funciones de an\u00e1lisis que se procesar\u00eda de forma no lineal con respecto a su longitud, lo que dar\u00eda como resultado un an\u00e1lisis extremadamente lento. Esto podr\u00eda causar una denegaci\u00f3n de servicio." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45496.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45496.json index e8feec84111..f050bc9cf08 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45496.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45496.json @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45818.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45818.json index 86afb7fd4b5..1235386a2d0 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45818.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45818.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The hypervisor contains code to accelerate VGA memory accesses for HVM\nguests, when the (virtual) VGA is in \"standard\" mode. Locking involved\nthere has an unusual discipline, leaving a lock acquired past the\nreturn from the function that acquired it. This behavior results in a\nproblem when emulating an instruction with two memory accesses, both of\nwhich touch VGA memory (plus some further constraints which aren't\nrelevant here). When emulating the 2nd access, the lock that is already\nbeing held would be attempted to be re-acquired, resulting in a\ndeadlock.\n\nThis deadlock was already found when the code was first introduced, but\nwas analysed incorrectly and the fix was incomplete. Analysis in light\nof the new finding cannot find a way to make the existing locking\ndiscipline work.\n\nIn staging, this logic has all been removed because it was discovered\nto be accidentally disabled since Xen 4.7. Therefore, we are fixing the\nlocking problem by backporting the removal of most of the feature. Note\nthat even with the feature disabled, the lock would still be acquired\nfor any accesses to the VGA MMIO region." + }, + { + "lang": "es", + "value": "El hipervisor contiene c\u00f3digo para acelerar los accesos a la memoria VGA para los invitados HVM, cuando el VGA (virtual) est\u00e1 en modo \"est\u00e1ndar\". El bloqueo involucrado all\u00ed tiene una disciplina inusual, dejando un bloqueo adquirido m\u00e1s all\u00e1 del retorno de la funci\u00f3n que lo adquiri\u00f3. Este comportamiento genera un problema al emular una instrucci\u00f3n con dos accesos a la memoria, ambos de los cuales tocan la memoria VGA (adem\u00e1s de algunas restricciones adicionales que no son relevantes aqu\u00ed). Al emular el segundo acceso, se intentar\u00eda volver a adquirir el bloqueo que ya se mantiene, lo que resultar\u00eda en un bloqueo. Este bloqueo ya se encontr\u00f3 cuando se introdujo el c\u00f3digo por primera vez, pero se analiz\u00f3 incorrectamente y la soluci\u00f3n fue incompleta. El an\u00e1lisis a la luz del nuevo hallazgo no puede encontrar una manera de hacer que funcione la disciplina de bloqueo existente. En la etapa de preparaci\u00f3n, se elimin\u00f3 toda esta l\u00f3gica porque se descubri\u00f3 que se hab\u00eda deshabilitado accidentalmente desde Xen 4.7. Por lo tanto, estamos solucionando el problema de bloqueo al incorporar la eliminaci\u00f3n de la mayor parte de la funci\u00f3n. Tenga en cuenta que incluso con la funci\u00f3n deshabilitada, el bloqueo a\u00fan se adquirir\u00eda para cualquier acceso a la regi\u00f3n MMIO de VGA." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45819.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45819.json index a7938905706..e004d82bbe4 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45819.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45819.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "PVH guests have their ACPI tables constructed by the toolstack. The\nconstruction involves building the tables in local memory, which are\nthen copied into guest memory. While actually used parts of the local\nmemory are filled in correctly, excess space that is being allocated is\nleft with its prior contents." + }, + { + "lang": "es", + "value": "Las tablas ACPI de los invitados PVH se construyen mediante la pila de herramientas. La construcci\u00f3n implica la creaci\u00f3n de las tablas en la memoria local, que luego se copian en la memoria del invitado. Si bien las partes realmente utilizadas de la memoria local se completan correctamente, el espacio sobrante que se est\u00e1 asignando se deja con su contenido anterior." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47038.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47038.json index 9725294e63b..4cd75c13bb1 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47038.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47038.json @@ -3,12 +3,16 @@ "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-12-18T19:15:10.703", "lastModified": "2024-12-18T19:15:10.703", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En dhd_prot_flowrings_pool_release de dhd_msgbuf.c, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n con el usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47039.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47039.json index 37fd256a6a7..8c1053c283d 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47039.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47039.json @@ -3,12 +3,16 @@ "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-12-18T19:15:10.850", "lastModified": "2024-12-18T19:15:10.850", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of\u00a0bounds read due to a missing bounds check. This could lead to local\u00a0 information disclosure with no additional execution privileges needed. User\u00a0 interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En isSlotMarkedSuccessful de BootControl.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47040.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47040.json index ea62f3d8be1..5e82947597f 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47040.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47040.json @@ -3,12 +3,16 @@ "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-12-18T19:15:10.963", "lastModified": "2024-12-18T19:15:10.963", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a possible UAF due to a logic error in the code.\u00a0This could lead to local escalation of privilege with no additional\u00a0execution privileges needed. User interaction is not needed for\u00a0exploitation." + }, + { + "lang": "es", + "value": "Existe una posible UAF debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47093.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47093.json index 41d31f9cb86..b5615181ac7 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47093.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47093.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n incorrecta de la entrada en Nagvis antes de la versi\u00f3n 1.9.42 que puede provocar XSS" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47104.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47104.json index 92c908304fc..39e72c7d3db 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47104.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47104.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-18T11:15:05.763", "lastModified": "2024-12-18T11:15:05.763", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges." + }, + { + "lang": "es", + "value": "IBM i 7.4 y 7.5 son vulnerables a que un usuario autenticado obtenga privilegios elevados para acceder a un archivo f\u00edsico. Un usuario con autoridad para acceder a una vista puede alterar los atributos de seguridad basados en archivos f\u00edsicos sin tener derechos de administraci\u00f3n de objetos para acceder a ese archivo. Un actor malintencionado puede utilizar los privilegios elevados para realizar acciones restringidas por sus privilegios de visualizaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47119.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47119.json index 7eba25de1de..34b3b738ffe 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47119.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47119.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-18T16:15:13.110", "lastModified": "2024-12-18T16:15:13.110", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client." + }, + { + "lang": "es", + "value": "IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.9 no valida correctamente un certificado, lo que podr\u00eda permitir a un atacante falsificar una entidad confiable al interferir en la ruta de comunicaci\u00f3n entre el host y el cliente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-473xx/CVE-2024-47397.json b/CVE-2024/CVE-2024-473xx/CVE-2024-47397.json index 3fa6f669001..7d0d50dcb4b 100644 --- a/CVE-2024/CVE-2024-473xx/CVE-2024-47397.json +++ b/CVE-2024/CVE-2024-473xx/CVE-2024-47397.json @@ -3,12 +3,16 @@ "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-12-18T07:15:07.847", "lastModified": "2024-12-18T07:15:07.847", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string." + }, + { + "lang": "es", + "value": "Existe un problema de autenticaci\u00f3n d\u00e9bil en las versiones de firmware 2.0.10 y anteriores de AE1021 y en las versiones de firmware 2.0.10 y anteriores de AE1021PE. Si se explota esta vulnerabilidad, se puede eludir la autenticaci\u00f3n con una cadena espec\u00edfica no documentada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47480.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47480.json index 4644b04187f..745ed1ae22f 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47480.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47480.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-18T03:15:26.583", "lastModified": "2024-12-18T03:15:26.583", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access." + }, + { + "lang": "es", + "value": "Dell Inventory Collector Client, versiones anteriores a la 12.7.0, contiene una vulnerabilidad de resoluci\u00f3n de v\u00ednculo incorrecta antes del acceso a archivos. Un atacante con pocos privilegios y acceso local puede aprovechar esta vulnerabilidad, lo que podr\u00eda dar como resultado una elevaci\u00f3n de privilegios y un acceso no autorizado al sistema de archivos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47810.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47810.json index 4d906017d4c..8e7188d9697 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47810.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47810.json @@ -3,12 +3,16 @@ "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-12-18T16:15:13.327", "lastModified": "2024-12-18T18:15:07.310", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de use-after-free en la forma en que Foxit Reader 2024.3.0.26795 gestiona un objeto de p\u00e1gina 3D. Un c\u00f3digo Javascript especialmente manipulado dentro de un documento PDF malicioso puede desencadenar esta vulnerabilidad, lo que puede provocar da\u00f1os en la memoria y la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante debe enga\u00f1ar al usuario para que abra el archivo malicioso para desencadenar esta vulnerabilidad. La explotaci\u00f3n tambi\u00e9n es posible si un usuario visita un sitio malicioso especialmente manipulado si la extensi\u00f3n del complemento del navegador est\u00e1 habilitada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47822.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47822.json index 1d71b857cf9..db2240968fb 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47822.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47822.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-08T18:15:31.170", "lastModified": "2024-10-10T12:56:30.817", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47984.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47984.json index 15b7e76c19d..a701d9685c6 100644 --- a/CVE-2024/CVE-2024-479xx/CVE-2024-47984.json +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47984.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state." + }, + { + "lang": "es", + "value": "Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad de denegaci\u00f3n de servicio. Un usuario con acceso remoto podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la interrupci\u00f3n de la mayor\u00eda de las funcionalidades de RPA persistente despu\u00e9s del reinicio, lo que requerir\u00eda la intervenci\u00f3n del soporte t\u00e9cnico para que el sistema vuelva a un estado estable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4762.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4762.json index 867a94f7147..76c3a191698 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4762.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4762.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@lenovo.com", "published": "2024-12-16T17:15:10.293", "lastModified": "2024-12-16T17:15:10.293", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges." + }, + { + "lang": "es", + "value": "Se inform\u00f3 de una vulnerabilidad de validaci\u00f3n incorrecta en el mecanismo de actualizaci\u00f3n de firmware de LADM and LDCC que podr\u00eda permitir a un atacante local escalar privilegios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48007.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48007.json index c31c0bb1bab..e015373c854 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48007.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48007.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data." + }, + { + "lang": "es", + "value": "Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad de uso de credenciales codificadas. Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad obteniendo acceso al c\u00f3digo fuente, recuperando f\u00e1cilmente estos secretos y reutiliz\u00e1ndolos para acceder al sistema, lo que le permitir\u00eda obtener acceso a datos no autorizados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48008.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48008.json index 4a4f16ccc2c..bd9c7bfcddd 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48008.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48008.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information" + }, + { + "lang": "es", + "value": "Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad y provocar la divulgaci\u00f3n de informaci\u00f3n, lo que permitir\u00eda realizar acciones no deseadas, como leer archivos que pueden contener informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48872.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48872.json index 1e67fc68757..c2420fc2cb2 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48872.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48872.json @@ -3,12 +3,16 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-12-16T08:15:04.950", "lastModified": "2024-12-16T08:15:04.950", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent\u00a0concurrently checking and updating the failed login attempts. which allows an attacker to bypass of \"Max failed attempts\" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests" + }, + { + "lang": "es", + "value": "Las versiones 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4 y 9.5.x <= 9.5.12 de Mattermost no pueden evitar la verificaci\u00f3n y actualizaci\u00f3n simult\u00e1nea de los intentos de inicio de sesi\u00f3n fallidos, lo que permite a un atacante eludir la restricci\u00f3n \"M\u00e1ximo de intentos fallidos\" y enviar una gran cantidad de intentos de inicio de sesi\u00f3n antes de ser bloqueado mediante el env\u00edo simult\u00e1neo de m\u00faltiples solicitudes de inicio de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48889.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48889.json index 0949d1cfbbc..50a8063788f 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48889.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48889.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@fortinet.com", "published": "2024-12-18T13:15:06.463", "lastModified": "2024-12-18T15:15:11.713", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') [CWE-78] en FortiManager versi\u00f3n 7.6.0, versi\u00f3n 7.4.4 y anteriores, versi\u00f3n 7.2.7 y anteriores, versi\u00f3n 7.0.12 y anteriores, versi\u00f3n 6.4.14 y anteriores y FortiManager Cloud versi\u00f3n 7.4.4 y anteriores, versi\u00f3n 7.2.7 a 7.2.1, versi\u00f3n 7.0.12 a 7.0.1 puede permitir que un atacante remoto autenticado ejecute c\u00f3digo no autorizado a trav\u00e9s de solicitudes manipuladas por FGFM." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49019.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49019.json index 2eb507de96c..e10a0a5436d 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49019.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49019.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49039.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49039.json index bddb1fd31d4..810e7f8c6d5 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49039.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49039.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49046.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49046.json index 96c9de997dd..54816185ec6 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49046.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49046.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49072.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49072.json index f54f4931d34..6e336003826 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49072.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49072.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49073.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49073.json index 0217b31c417..354208a9fe8 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49073.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49073.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49074.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49074.json index f2a5db9d22b..3712069d56b 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49074.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49074.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49075.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49075.json index e73bb03a5be..43e23428eba 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49075.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49075.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49076.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49076.json index 5f122c6ff4b..e1e3a63abdb 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49076.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49076.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49077.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49077.json index 14d9befc508..71aa7229251 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49077.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49077.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49078.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49078.json index 805a5b38386..0e4ad7846d6 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49078.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49078.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49079.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49079.json index db1e1a21626..59224a24747 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49079.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49079.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49080.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49080.json index e012381e561..d80d016d9ac 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49080.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49080.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49081.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49081.json index 7540eea8399..a5ffd6e6ae3 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49081.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49081.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49082.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49082.json index 4ebaa6da4f5..3d66dc8bb9a 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49082.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49082.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49083.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49083.json index 0213c596bf2..aa8112ad45f 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49083.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49083.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49084.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49084.json index de7a94eb135..46b984152dc 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49084.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49084.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49085.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49085.json index 776664429b5..1533c1ed993 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49085.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49085.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49086.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49086.json index 624930aab8c..38fec3e17f7 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49086.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49086.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49087.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49087.json index 54955071f90..9ff52f7d245 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49087.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49087.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49088.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49088.json index c1e5009cbf9..76720153114 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49088.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49088.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49089.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49089.json index f1fcdb29155..bd92bf1df40 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49089.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49089.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49090.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49090.json index d4c3b9a17ab..ca30192b08c 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49090.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49090.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49091.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49091.json index b077c5ccb31..f4e8c0ce4fb 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49091.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49091.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49092.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49092.json index f4784df4dd4..c86d4b84345 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49092.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49092.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49093.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49093.json index 8bc617afef2..6a4ec092485 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49093.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49093.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49094.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49094.json index 339930a2b61..cae2c17bf2f 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49094.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49094.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49095.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49095.json index e3ee4afca44..7a3761c5159 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49095.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49095.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49096.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49096.json index eff227b9126..116c22b9594 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49096.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49096.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49097.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49097.json index b573807cd47..6c94f787322 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49097.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49097.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49098.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49098.json index 1e87321bfea..f33e48ab82c 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49098.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49098.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49099.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49099.json index 7c9250ed59f..617ee9c9b69 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49099.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49099.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49101.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49101.json index f684b8c49a7..6246eb248d4 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49101.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49101.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49102.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49102.json index 556e6d78b91..dfc4f1cb0e1 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49102.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49102.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49103.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49103.json index 699b89f6814..64b32fefe3d 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49103.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49103.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49104.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49104.json index f4e4234c2f6..027daf977f2 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49104.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49104.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49105.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49105.json index 38a24729860..ad571d8985d 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49105.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49105.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49106.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49106.json index 78643d1ee28..264c6437793 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49106.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49106.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49107.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49107.json index da9c9475d34..017a48b405c 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49107.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49107.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49108.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49108.json index f249e811b8e..76d8d665a0f 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49108.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49108.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49109.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49109.json index 2e0bc6c4dab..ab7dccc3546 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49109.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49109.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49110.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49110.json index 2c37dbdfd5e..417e556f9c7 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49110.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49110.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49111.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49111.json index b222e853e10..4864acb6b1b 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49111.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49111.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49112.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49112.json index bfbad4362ba..1055e54cc29 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49112.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49112.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49113.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49113.json index afc9c3a4a72..bbd5696e91e 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49113.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49113.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49114.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49114.json index 90ef7d310c1..1380a80be61 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49114.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49114.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49115.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49115.json index 28f0a994cfb..15a45e68a44 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49115.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49115.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49116.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49116.json index 791d806fea5..9079772d507 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49116.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49116.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49117.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49117.json index 0062ede49d6..4b63771df82 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49117.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49117.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49118.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49118.json index 7eddd8bf9b4..43e2981554c 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49118.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49118.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49119.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49119.json index 53e3baee723..45f22128d71 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49119.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49119.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49120.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49120.json index 7a7739e679e..03af8662a6c 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49120.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49120.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49121.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49121.json index 2f8f7cf6af1..c07a213202b 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49121.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49121.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49122.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49122.json index 1692fe6cc33..7382864e8f8 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49122.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49122.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49123.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49123.json index aae6c3abd9d..2ef110508b8 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49123.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49123.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49124.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49124.json index b7063a1e3a6..28ff2a82bbb 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49124.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49124.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49125.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49125.json index e00a5bafab0..b971a9228de 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49125.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49125.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49126.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49126.json index 222addcf3b8..498d576ed28 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49126.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49126.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49127.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49127.json index 13d18cbf329..48533eb8af6 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49127.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49127.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49128.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49128.json index 8537d2fc094..748493cee3b 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49128.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49128.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49129.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49129.json index 9a7456080d5..19cf0a773ed 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49129.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49129.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49132.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49132.json index 5a0b9142cfb..d1d51efb7eb 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49132.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49132.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49138.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49138.json index d8013adf5aa..56d0a9af46a 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49138.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49138.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49194.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49194.json index f7ef8ad0c72..6e57712203b 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49194.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49194.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T20:15:22.243", "lastModified": "2024-12-18T17:15:13.593", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile." + }, + { + "lang": "es", + "value": "Databricks JDBC Driver anterior a la versi\u00f3n 2.6.40 podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo (RCE) al activar una inyecci\u00f3n JNDI a trav\u00e9s de un par\u00e1metro URL de JDBC. La vulnerabilidad tiene su ra\u00edz en la gesti\u00f3n inadecuada del par\u00e1metro krbJAASFile. Un atacante podr\u00eda explotar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo en el contexto del controlador enga\u00f1ando a una v\u00edctima para que use una URL de conexi\u00f3n manipulada que use la propiedad krbJAASFile." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49336.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49336.json index 622842860a8..406de135419 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49336.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49336.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks." + }, + { + "lang": "es", + "value": "IBM Security Guardium 11.5 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49363.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49363.json index 198e0c90f80..1ea3d9a3ae1 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49363.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49363.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-18T20:15:23.073", "lastModified": "2024-12-18T20:15:23.073", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed denial-of-service via a maliciously crafted note. FileServerService.prototype.proxyHandler did not check incoming requests are not coming from another proxy server. An attacker can execute an amplified denial-of-service by sending a nested proxy request to the server and end the request with a malicious redirect back to another nested proxy request.\nLeading to unbounded recursion until the original request is timed out. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. Users unable to upgrade may configure the reverse proxy to block requests to the proxy with an empty User-Agent header or one containing Misskey/. An attacker can not effectively modify the User-Agent header without making another request to the server." + }, + { + "lang": "es", + "value": "Misskey es una plataforma de redes sociales federada de c\u00f3digo abierto. En las versiones afectadas, FileServerService (proxy multimedia) en github.com/misskey-dev/misskey 2024.10.1 o anteriores no detect\u00f3 bucles de proxy, lo que permite a los actores remotos ejecutar una denegaci\u00f3n de servicio distribuida reflejada/amplificada que se propaga por s\u00ed sola a trav\u00e9s de una nota manipulada con fines malintencionados. FileServerService.prototype.proxyHandler no verific\u00f3 que las solicitudes entrantes no provengan de otro servidor proxy. Un atacante puede ejecutar una denegaci\u00f3n de servicio amplificada enviando una solicitud de proxy anidada al servidor y finalizar la solicitud con una redirecci\u00f3n maliciosa a otra solicitud de proxy anidada. Esto genera una recursi\u00f3n ilimitada hasta que se agota el tiempo de espera de la solicitud original. Este problema se ha solucionado en la versi\u00f3n 2024.11.0-alpha.3. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden configurar el proxy inverso para bloquear las solicitudes al proxy con un encabezado User-Agent vac\u00edo o uno que contenga Misskey/. Un atacante no puede modificar eficazmente el encabezado User-Agent sin realizar otra solicitud al servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49530.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49530.json index f04d9e0a3ec..681ae1868af 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49530.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49530.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T20:15:18.107", "lastModified": "2024-12-10T20:15:18.107", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49531.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49531.json index dd66ee4fa29..9434ae30aed 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49531.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49531.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T20:15:18.270", "lastModified": "2024-12-10T20:15:18.270", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49532.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49532.json index bbe9b790977..e6f520dfe3f 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49532.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49532.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T20:15:18.417", "lastModified": "2024-12-11T12:15:20.753", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49533.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49533.json index ebb2cca696a..09c4c3cfb63 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49533.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49533.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T20:15:18.563", "lastModified": "2024-12-11T12:48:18.580", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49534.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49534.json index aaa5c8bc051..25f1884b1e4 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49534.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49534.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@adobe.com", "published": "2024-12-10T20:15:18.743", "lastModified": "2024-12-11T12:48:19.230", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49576.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49576.json index c6d813b7bc2..da803589a56 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49576.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49576.json @@ -3,12 +3,16 @@ "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-12-18T16:15:13.477", "lastModified": "2024-12-18T18:15:07.417", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de use-after-free en la forma en que Foxit Reader 2024.3.0.26795 gestiona un objeto CBF_Widget de casilla de verificaci\u00f3n. Un c\u00f3digo Javascript especialmente manipulado dentro de un documento PDF malicioso puede desencadenar esta vulnerabilidad, lo que puede provocar la corrupci\u00f3n de la memoria y la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante debe enga\u00f1ar al usuario para que abra el archivo malicioso para desencadenar esta vulnerabilidad. La explotaci\u00f3n tambi\u00e9n es posible si un usuario visita un sitio malicioso especialmente manipulado si la extensi\u00f3n del complemento del navegador est\u00e1 habilitada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49677.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49677.json index b128e47e844..3b46540232f 100644 --- a/CVE-2024/CVE-2024-496xx/CVE-2024-49677.json +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49677.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-18T12:15:09.767", "lastModified": "2024-12-18T12:15:09.767", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through 1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en David Cramer Bootstrap Buttons permite XSS reflejado. Este problema afecta a los botones Bootstrap: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49765.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49765.json index ad1a4d62e15..7467025d1b6 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49765.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49765.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround." + }, + { + "lang": "es", + "value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Los sitios que utilizan Discourse Connect pero que a\u00fan tienen habilitados los inicios de sesi\u00f3n locales podr\u00edan permitir a los atacantes eludir Discourse Connect para crear cuentas e iniciar sesi\u00f3n. Este problema se solucion\u00f3 en la \u00faltima versi\u00f3n de Discourse. Los usuarios que no puedan actualizar y utilicen Discourse Connect pueden deshabilitar todos los dem\u00e1s m\u00e9todos de inicio de sesi\u00f3n como workaround." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49775.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49775.json index 2aeb69e9991..8a0cec6f4bc 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49775.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49775.json @@ -3,12 +3,16 @@ "sourceIdentifier": "productcert@siemens.com", "published": "2024-12-16T15:15:07.173", "lastModified": "2024-12-16T15:15:07.173", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.\r\nThis could allow an unauthenticated remote attacker to execute arbitrary code." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en Opcenter Execution Foundation (todas las versiones), Opcenter Intelligence (todas las versiones), Opcenter Quality (todas las versiones), Opcenter RDL (todas las versiones), SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC PCS neo V4.1 (todas las versiones), SIMATIC PCS neo V5.0 (todas las versiones < V5.0 Update 1), SINEC NMS (todas las versiones si se utilizan junto con UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V17 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V18 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V19 (todas las versiones). Los productos afectados contienen una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en el componente UMC integrado. Esto podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49816.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49816.json index 5b3151bd9c5..2c2b4fcf5c9 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49816.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49816.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-17T18:15:23.760", "lastModified": "2024-12-17T18:15:23.760", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1\u00a0stores potentially sensitive information in log files that could be read by a local privileged user." + }, + { + "lang": "es", + "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0 y 4.2.1 almacena informaci\u00f3n potencialmente confidencial en archivos de registro que un usuario privilegiado local podr\u00eda leer." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49817.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49817.json index 38db8fa205f..c1e72286947 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49817.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49817.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-17T18:15:23.937", "lastModified": "2024-12-17T18:15:23.937", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user." + }, + { + "lang": "es", + "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0 y 4.2.1 almacena las credenciales de usuario en archivos de configuraci\u00f3n que pueden ser le\u00eddos por un usuario privilegiado local." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49818.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49818.json index f4aea5e2cf8..aca2aa4e45e 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49818.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49818.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-17T18:15:24.127", "lastModified": "2024-12-17T18:15:24.127", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 \n\ncould allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0 y 4.2.1 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda utilizarse en futuros ataques contra el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49819.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49819.json index 105494d621d..45a95888dbd 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49819.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49819.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-17T18:15:24.300", "lastModified": "2024-12-17T18:15:24.300", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1\u00a0could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors." + }, + { + "lang": "es", + "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0 y 4.2.1 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial en texto plano en un canal de comunicaci\u00f3n que puede ser detectado por actores no autorizados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49820.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49820.json index 82d9db92cd6..a5e7bdcb70b 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49820.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49820.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-17T18:15:24.463", "lastModified": "2024-12-17T18:15:24.463", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1\u00a0could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques." + }, + { + "lang": "es", + "value": "IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0 y 4.2.1 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial, debido a que no se ha habilitado correctamente la seguridad de transporte estricta HTTP. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial mediante t\u00e9cnicas de intermediario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4995.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4995.json index a3efbd26001..a977c9cac6a 100644 --- a/CVE-2024/CVE-2024-49xx/CVE-2024-4995.json +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4995.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cvd@cert.pl", "published": "2024-12-18T12:15:09.940", "lastModified": "2024-12-18T16:15:13.623", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.\u00a0This issue affects Wapro ERP Desktop versions before 9.00.0." + }, + { + "lang": "es", + "value": "Wapro ERP Desktop es vulnerable a una solicitud de degradaci\u00f3n del protocolo MS SQL desde el lado del servidor, lo que podr\u00eda provocar una comunicaci\u00f3n no cifrada vulnerable a la interceptaci\u00f3n y modificaci\u00f3n de datos. Este problema afecta a las versiones de Wapro ERP Desktop anteriores a la 9.00.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4996.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4996.json index 3bc1b168c7c..affbf45d189 100644 --- a/CVE-2024/CVE-2024-49xx/CVE-2024-4996.json +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4996.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cvd@cert.pl", "published": "2024-12-18T12:15:10.120", "lastModified": "2024-12-18T15:15:12.210", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use of a hard-coded password for a database administrator account created during Wapro ERP\u00a0installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP\u00a0installations.\u00a0This issue affects Wapro ERP Desktop versions before 8.90.0." + }, + { + "lang": "es", + "value": "El uso de una contrase\u00f1a codificada para una cuenta de administrador de base de datos creada durante la instalaci\u00f3n de Wapro ERP permite a un atacante recuperar datos confidenciales integrados almacenados en la base de datos. La contrase\u00f1a es la misma en todas las instalaciones de Wapro ERP. Este problema afecta a las versiones de escritorio de Wapro ERP anteriores a la 8.90.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50570.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50570.json index feba959f7a7..4e07106e075 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50570.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50570.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@fortinet.com", "published": "2024-12-18T13:15:06.723", "lastModified": "2024-12-18T15:15:12.660", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de almacenamiento de informaci\u00f3n confidencial en texto plano [CWE-312] en FortiClientWindows 7.4.0 a 7.4.1, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13 y FortiClientLinux 7.4.0 a 7.4.2, 7.2.0 a 7.2.7, 7.0.0 a 7.0.13 puede permitir que un usuario autenticado local recupere la contrase\u00f1a de VPN a trav\u00e9s de un volcado de memoria, debido al recolector de elementos no utilizados de JavaScript." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51175.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51175.json index 840973f4dc5..848b19a0e11 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51175.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51175.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T22:15:06.967", "lastModified": "2024-12-18T16:15:13.807", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component." + }, + { + "lang": "es", + "value": "Un problema en H3C switch h3c-S1526 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del componente S1526.cfg." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51470.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51470.json index 65f7a1a7e80..37109e00e0c 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51470.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51470.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-18T20:15:23.233", "lastModified": "2024-12-18T20:15:23.233", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values." + }, + { + "lang": "es", + "value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS e IBM MQ para HPE NonStop 8.1.0 a 8.1.0.25 podr\u00edan permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio debido a mensajes con valores configurados incorrectamente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51471.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51471.json index 9da05aa94ab..62e5f89a786 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51471.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51471.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size." + }, + { + "lang": "es", + "value": "La consola web de IBM MQ Appliance 9.3 LTS, 9.3 CD y 9.4 LTS podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio cuando el rastreo est\u00e1 habilitado debido a que la informaci\u00f3n se escribe en la memoria fuera del tama\u00f1o de b\u00fafer previsto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51479.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51479.json index 8cd58d8919f..0dab4ed049b 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51479.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51479.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-17T19:15:06.697", "lastModified": "2024-12-17T19:15:06.697", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Next.js es un framework de trabajo de React para crear aplicaciones web de pila completa. En las versiones afectadas, si una aplicaci\u00f3n Next.js realiza una autorizaci\u00f3n en middleware basada en una ruta de acceso, era posible omitir esta autorizaci\u00f3n para las p\u00e1ginas que se encuentran directamente bajo el directorio ra\u00edz de la aplicaci\u00f3n. Por ejemplo: * [No afectado] `https://example.com/` * [Afectado] `https://example.com/foo` * [No afectado] `https://example.com/foo/bar`. Este problema se solucion\u00f3 en Next.js `14.2.15` y versiones posteriores. Si su aplicaci\u00f3n Next.js est\u00e1 alojada en Vercel, esta vulnerabilidad se ha mitigado autom\u00e1ticamente, independientemente de la versi\u00f3n de Next.js. No existen workarounds oficiales para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51532.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51532.json index 96cfb8f6e89..3aefe3af174 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51532.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51532.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files." + }, + { + "lang": "es", + "value": "Dell PowerStore contiene una vulnerabilidad de neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando ('inyecci\u00f3n de argumentos'). Un atacante con poco nivel de privilegios y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la modificaci\u00f3n de archivos arbitrarios del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51646.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51646.json index 2c8c9271c03..a885b8aae27 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51646.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51646.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-18T12:15:10.270", "lastModified": "2024-12-18T15:15:13.100", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saoshyant Saoshyant Element allows Reflected XSS.This issue affects Saoshyant Element: from n/a through 1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Saoshyant Saoshyant Element permite XSS reflejado. Este problema afecta a Saoshyant Element: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52361.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52361.json index 360754dcf4f..3ae5e480e4d 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52361.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52361.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-12-18T16:15:13.967", "lastModified": "2024-12-18T16:15:13.967", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 \n\n\n\n\u00a0stores user credentials in plain text which can be read by an authenticated user with access to the pod." + }, + { + "lang": "es", + "value": "IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.9 almacena las credenciales de usuario en texto plano que puede leer un usuario autenticado con acceso al pod." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52485.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52485.json index 0ab62334067..68bc24b9dfc 100644 --- a/CVE-2024/CVE-2024-524xx/CVE-2024-52485.json +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52485.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-18T12:15:10.417", "lastModified": "2024-12-18T12:15:10.417", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Yudiz Solutions Ltd. WP Menu Image permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Menu Image: desde n/a hasta 2.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json index 6dfaca97ed9..e3323b10936 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-17T12:15:20.703", "lastModified": "2024-12-17T12:15:20.703", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering." + }, + { + "lang": "es", + "value": "Dell AppSync, versi\u00f3n 4.6.0.x, contiene una vulnerabilidad de seguimiento de enlaces simb\u00f3licos (Symlink). Un atacante con pocos privilegios y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la manipulaci\u00f3n de la informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52579.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52579.json index 5d034f16144..330b8e3c909 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52579.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52579.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-18T20:15:23.383", "lastModified": "2024-12-18T20:15:23.383", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or GET requests (with some controllable URL parameters) to private IPs, enabling further attacks on internal servers. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Misskey es una plataforma de redes sociales federada de c\u00f3digo abierto. Algunas API que utilizan `HttpRequestService` no comprueban correctamente el host de destino. Esta vulnerabilidad permite a un atacante enviar solicitudes POST o GET al servidor interno, lo que puede resultar en un ataque SSRF. Permite a un atacante enviar solicitudes POST o GET (con algunos par\u00e1metros de URL controlables) a direcciones IP privadas, lo que permite m\u00e1s ataques a servidores internos. Este problema se ha solucionado en la versi\u00f3n 2024.11.0-alpha.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52589.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52589.json index 29a7d4639a2..899cbd7c39f 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52589.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52589.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users." + }, + { + "lang": "es", + "value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Los moderadores pueden ver la lista de correos electr\u00f3nicos filtrados en el panel de administraci\u00f3n y, a trav\u00e9s de ella, pueden conocer el correo electr\u00f3nico de un usuario. Este problema se solucion\u00f3 en la \u00faltima versi\u00f3n de Discourse. Los usuarios que no puedan actualizar deben eliminar el rol de moderador de los usuarios que no sean de confianza." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52590.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52590.json index 20e39ded05a..ac4a66daa51 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52590.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52590.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-18T20:15:23.527", "lastModified": "2024-12-18T20:15:23.527", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to impersonate existing users from the target instance. Vulnerable Misskey instances will accept spoofed users as valid, allowing an attacker to impersonate users on another instance. Attackers have full control of the spoofed user and can post, renote, or otherwise interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Misskey es una plataforma de redes sociales federada de c\u00f3digo abierto. En las versiones afectadas, la falta de validaci\u00f3n en `ApRequestService.signedGet` permite a un atacante crear perfiles de usuario falsos que parecen ser de una instancia diferente a la que realmente existen. Estos perfiles se pueden usar para hacerse pasar por usuarios existentes de la instancia de destino. Las instancias vulnerables de Misskey aceptar\u00e1n a los usuarios falsificados como v\u00e1lidos, lo que permite a un atacante hacerse pasar por usuarios de otra instancia. Los atacantes tienen control total del usuario falsificado y pueden publicar, volver a anotar o interactuar de otro modo como si fuera una cuenta real. Este problema se ha solucionado en la versi\u00f3n 2024.11.0-alpha.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52591.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52591.json index 035df9d22a2..e0fa5ffac9e 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52591.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52591.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-18T20:15:23.697", "lastModified": "2024-12-18T20:15:23.697", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` and `HttpRequestService.getActivityJson` allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance than the one where they actually exist, and the forged notes will appear to be posted by a different user. Vulnerable Misskey instances will accept the spoofed objects as valid, allowing an attacker to impersonate other users and instances. The attacker retains full control of the spoofed user / note and can interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Misskey es una plataforma de redes sociales federada de c\u00f3digo abierto. En las versiones afectadas, la falta de validaci\u00f3n en `ApRequestService.signedGet` y `HttpRequestService.getActivityJson` permite a un atacante crear perfiles de usuario falsos y notas falsificadas. Los usuarios falsificados parecer\u00e1n ser de una instancia diferente a la que realmente existen, y las notas falsificadas parecer\u00e1n haber sido publicadas por un usuario diferente. Las instancias vulnerables de Misskey aceptar\u00e1n los objetos falsificados como v\u00e1lidos, lo que permite a un atacante hacerse pasar por otros usuarios e instancias. El atacante conserva el control total del usuario/nota falsificados y puede interactuar como una cuenta real. Este problema se ha solucionado en la versi\u00f3n 2024.11.0-alpha.3. Se recomienda a los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52592.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52592.json index d18445fab68..ac18cc8becb 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52592.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52592.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-18T20:15:23.840", "lastModified": "2024-12-18T20:15:23.840", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Misskey is an open source, federated social media platform. In affected versions missing validation in `ApInboxService.update` allows an attacker to modify the result of polls belonging to another user. No authentication is required, except for a valid signature from any actor on any remote instance. Vulnerable Misskey instances will accept spoofed updates for remote polls. Local polls are unaffected. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Misskey es una plataforma de redes sociales federada de c\u00f3digo abierto. En las versiones afectadas, la falta de validaci\u00f3n en `ApInboxService.update` permite a un atacante modificar el resultado de las encuestas que pertenecen a otro usuario. No se requiere autenticaci\u00f3n, excepto una firma v\u00e1lida de cualquier actor en cualquier instancia remota. Las instancias vulnerables de Misskey aceptar\u00e1n actualizaciones falsificadas para las encuestas remotas. Las encuestas locales no se ven afectadas. Este problema se ha solucionado en la versi\u00f3n 2024.11.0-alpha.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52593.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52593.json index d040e9b3e1a..25faf742592 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52593.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52593.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-18T20:15:23.983", "lastModified": "2024-12-18T20:15:23.983", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Misskey is an open source, federated social media platform.In affected versions missing validation in `NoteCreateService.insertNote`, `ApPersonService.createPerson`, and `ApPersonService.updatePerson` allows an attacker to control the target of any \"origin\" links (such as the \"view on remote instance\" banner). Any HTTPS URL can be set, even if it belongs to a different domain than the note / user. Vulnerable Misskey instances will use the unverified URL for several clickable links, allowing an attacker to conduct phishing or other attacks against remote users. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Misskey es una plataforma de redes sociales federada de c\u00f3digo abierto. En las versiones afectadas, la falta de validaci\u00f3n en `NoteCreateService.insertNote`, `ApPersonService.createPerson` y `ApPersonService.updatePerson` permite a un atacante controlar el destino de cualquier enlace de \"origen\" (como el banner \"ver en instancia remota\"). Se puede configurar cualquier URL HTTPS, incluso si pertenece a un dominio diferente al de la nota/usuario. Las instancias vulnerables de Misskey utilizar\u00e1n la URL no verificada para varios enlaces en los que se puede hacer clic, lo que permite a un atacante realizar ataques de phishing u otros ataques contra usuarios remotos. Este problema se ha solucionado en la versi\u00f3n 2024.11.0-alpha.3. Se recomienda a los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-527xx/CVE-2024-52792.json b/CVE-2024/CVE-2024-527xx/CVE-2024-52792.json index d1e570a3b77..6649cfab81e 100644 --- a/CVE-2024/CVE-2024-527xx/CVE-2024-52792.json +++ b/CVE-2024/CVE-2024-527xx/CVE-2024-52792.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-12-17T22:15:07.083", "lastModified": "2024-12-17T22:15:07.083", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`.\nThe values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line.\nAn attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed in version 9.0. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "LDAP Account Manager (LAM) es una interfaz web php para administrar entradas (por ejemplo, usuarios, grupos, configuraciones DHCP) almacenado en un directorio LDAP. En las versiones afectadas, LAM no desinfecta correctamente los valores de configuraci\u00f3n que se establecen a trav\u00e9s de `mainmanage.php` y `confmain.php`. Esto permite establecer valores de configuraci\u00f3n arbitrarios y, por lo tanto, evitar de manera efectiva la `mitigaci\u00f3n` de CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Los valores de configuraci\u00f3n para la configuraci\u00f3n principal o los perfiles de servidor se establecen a trav\u00e9s de `mainmanage.php` y `confmain.php`. Los valores se escriben en `config.cfg` o `serverprofile.conf` en el formato `settingsName: settingsValue` l\u00ednea por l\u00ednea. Un atacante puede contrabandear valores de configuraci\u00f3n arbitrarios en un archivo de configuraci\u00f3n, insertando una nueva l\u00ednea en ciertos campos de configuraci\u00f3n, seguida del valor. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 9.0. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-527xx/CVE-2024-52794.json b/CVE-2024/CVE-2024-527xx/CVE-2024-52794.json index 9e4b3d4e49a..a2dcf0e522d 100644 --- a/CVE-2024/CVE-2024-527xx/CVE-2024-52794.json +++ b/CVE-2024/CVE-2024-527xx/CVE-2024-52794.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Los usuarios que hagan clic en las miniaturas de la caja de luz podr\u00edan verse afectados. Este problema est\u00e1 corregido en la \u00faltima versi\u00f3n de Discourse. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52896.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52896.json index 2e751b1f863..0433c9c686f 100644 --- a/CVE-2024/CVE-2024-528xx/CVE-2024-52896.json +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52896.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned." + }, + { + "lang": "es", + "value": "La consola web de IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS y 9.4 CD podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52897.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52897.json index 08019182e58..d2aff4e08ca 100644 --- a/CVE-2024/CVE-2024-528xx/CVE-2024-52897.json +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52897.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned." + }, + { + "lang": "es", + "value": "La consola web de IBM MQ Appliance 9.3 LTS, 9.3 CD y 9.4 LTS podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53089.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53089.json index 5dd0fa18736..f541942f5dc 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53089.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53089.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:11.817", "lastModified": "2024-11-21T19:15:11.817", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53090.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53090.json index 98977dd2067..8753863fef7 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53090.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53090.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:12.010", "lastModified": "2024-11-21T19:15:12.010", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53091.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53091.json index 9301f2538b4..bf97fcb8e70 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53091.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53091.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:12.177", "lastModified": "2024-11-21T19:15:12.177", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53092.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53092.json index 5d6fb5ea50e..612d2f7bffb 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53092.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53092.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:12.380", "lastModified": "2024-11-21T19:15:12.380", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53093.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53093.json index de58fcd4ab2..b0d64715938 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53093.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53093.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:12.530", "lastModified": "2024-11-21T19:15:12.530", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53094.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53094.json index 02faaa02ab0..b0151e20397 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53094.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53094.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:12.680", "lastModified": "2024-11-21T19:15:12.680", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53096.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53096.json index 994801c7153..59179417e5c 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53096.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53096.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-25T22:15:15.287", "lastModified": "2024-12-18T07:15:07.993", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53097.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53097.json index 6bf77aacf07..5f6c4ee9e32 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53097.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53097.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-25T22:15:15.763", "lastModified": "2024-11-25T22:15:15.763", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53098.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53098.json index 0e038f9ee08..f55b78ad567 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53098.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53098.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-25T22:15:16.147", "lastModified": "2024-11-25T22:15:16.147", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53099.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53099.json index b315de8628d..6923384387a 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53099.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53099.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-25T22:15:16.433", "lastModified": "2024-11-25T22:15:16.433", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53100.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53100.json index 541a9f703b3..1dbb648e4d5 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53100.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53100.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-25T22:15:16.763", "lastModified": "2024-11-25T22:15:16.763", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53144.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53144.json index 26d250d4d5e..028f6e4e7dd 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53144.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53144.json @@ -3,12 +3,16 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-17T16:15:25.797", "lastModified": "2024-12-18T08:15:05.687", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE\n\nThis aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4\n(\"Bluetooth: Always request for user confirmation for Just Works\")\nalways request user confirmation with confirm_hint set since the\nlikes of bluetoothd have dedicated policy around JUST_WORKS method\n(e.g. main.conf:JustWorksRepairing).\n\nCVE: CVE-2024-8805" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: hci_event: Alinear el emparejamiento de BR/EDR JUST_WORKS con LE Esto aline\u00f3 el m\u00e9todo BR/EDR JUST_WORKS con LE, que desde 92516cd97fd4 (\"Bluetooth: Siempre solicitar confirmaci\u00f3n del usuario para Just Works\") siempre solicita confirmaci\u00f3n del usuario con confirm_hint configurado, ya que bluetoothd tiene una pol\u00edtica dedicada en torno al m\u00e9todo JUST_WORKS (por ejemplo, main.conf:JustWorksRepairing). CVE: CVE-2024-8805" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53269.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53269.json index d2aee49f680..9e24622ce32 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53269.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53269.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration." + }, + { + "lang": "es", + "value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. Cuando las direcciones adicionales no son direcciones IP, el algoritmo de clasificaci\u00f3n Happy Eyeballs falla en el plano de datos. Este problema se solucion\u00f3 en las versiones 1.32.2, 1.31.4 y 1.30.8. Se recomienda a los usuarios que actualicen la versi\u00f3n. Los usuarios que no puedan actualizar pueden deshabilitar Happy Eyeballs o cambiar la configuraci\u00f3n de IP." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53270.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53270.json index 9a09920272a..4c1c1987cdc 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53270.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53270.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold." + }, + { + "lang": "es", + "value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. En las versiones afectadas, `sendOverloadError` asumir\u00e1 que existe la solicitud activa cuando se configura `envoy.load_shed_points.http1_server_abort_dispatch`. Si `active_request` es nullptr, solo se llama a onMessageBeginImpl(). Sin embargo, `onMessageBeginImpl` devolver\u00e1 directamente el estado ok si la secuencia ya se restableci\u00f3 y conduce a la referencia nullptr. El restablecimiento descendente puede ocurrir durante el restablecimiento ascendente de H/2. Como resultado, Envoy puede bloquearse. Este problema se ha solucionado en las versiones 1.32.3, 1.31.5, 1.30.9 y 1.29.12. Se recomienda a los usuarios que actualicen la versi\u00f3n. Los usuarios que no puedan actualizar pueden deshabilitar el punto de desconexi\u00f3n de carga `http1_server_abort_dispatch` o usar un umbral alto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53271.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53271.json index 93a64ed7787..c8578300504 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53271.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53271.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue." + }, + { + "lang": "es", + "value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. En las versiones afectadas, Envoy no gestiona correctamente las respuestas 1xx no 101 de http 1.1. Esto puede provocar fallas en los dispositivos conectados en red. Este problema se ha solucionado en las versiones 1.31.5 y 1.32.3. Se recomienda a los usuarios que actualicen. No existen workarounds conocidos para este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53580.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53580.json index 2946bd6ef4a..1d926abfab1 100644 --- a/CVE-2024/CVE-2024-535xx/CVE-2024-53580.json +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53580.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que iperf v3.17.1 conten\u00eda una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n iperf_exchange_parameters()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53688.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53688.json index e2eb8a29096..9712eb529e8 100644 --- a/CVE-2024/CVE-2024-536xx/CVE-2024-53688.json +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53688.json @@ -3,12 +3,16 @@ "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-12-18T07:15:08.233", "lastModified": "2024-12-18T07:15:08.233", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request." + }, + { + "lang": "es", + "value": "Existe un problema de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comando del sistema operativo') en las versiones de firmware AE1021 2.0.10 y anteriores y en las versiones de firmware AE1021PE 2.0.10 y anteriores, lo que puede permitir que un usuario conectado ejecute un comando del sistema operativo arbitrario mediante una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-537xx/CVE-2024-53745.json b/CVE-2024/CVE-2024-537xx/CVE-2024-53745.json index bd69739849b..ed86b6126c9 100644 --- a/CVE-2024/CVE-2024-537xx/CVE-2024-53745.json +++ b/CVE-2024/CVE-2024-537xx/CVE-2024-53745.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ????? \u2013 Cosmosfarm ?? ?? ?? By ????? permite almacenar XSS. Este problema afecta a ?? ?? ?? By ?????: desde n/a hasta 1.9." + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ????? \u2013 Cosmosfarm ?? ?? ?? By ????? permite XSS Almacenado. Este problema afecta a ?? ?? ?? By ?????: desde n/a hasta 1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53991.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53991.json index 01e7da95f9b..e40876368bc 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53991.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53991.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick nginx into sending the Discourse backup file with a well crafted request. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade can either 1. Download all local backups on to another storage device, disable the `enable_backups` site setting and delete all backups until the site has been upgraded to pull in the fix. Or 2. Change the `backup_location` site setting to `s3` so that backups are stored and downloaded directly from S3." + }, + { + "lang": "es", + "value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Esta vulnerabilidad solo afecta a las instancias de Discourse configuradas para usar `FileStore::LocalStore`, lo que significa que las cargas y las copias de seguridad se almacenan localmente en el disco. Si un atacante conoce el nombre del archivo de copia de seguridad de Discourse, puede enga\u00f1ar a nginx para que env\u00ede el archivo de copia de seguridad de Discourse con una solicitud bien manipulada. Este problema est\u00e1 parcheado en las \u00faltimas versiones estables, beta y de pruebas aprobadas de Discourse. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden 1. Descargar todas las copias de seguridad locales en otro dispositivo de almacenamiento, deshabilitar la configuraci\u00f3n del sitio `enable_backups` y eliminar todas las copias de seguridad hasta que el sitio se haya actualizado para incorporar la soluci\u00f3n. O 2. Cambiar la configuraci\u00f3n del sitio `backup_location` a `s3` para que las copias de seguridad se almacenen y descarguen directamente desde S3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5333.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5333.json index caa054e6d1e..6b18787679f 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5333.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5333.json @@ -3,12 +3,16 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2024-12-16T06:15:08.100", "lastModified": "2024-12-16T17:15:14.070", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events." + }, + { + "lang": "es", + "value": "El complemento Events Calendar para WordPress anterior a la versi\u00f3n 6.8.2.1 le faltan controles de acceso en la API REST, lo que permite que usuarios no autenticados accedan a informaci\u00f3n sobre eventos protegidos con contrase\u00f1a." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-540xx/CVE-2024-54083.json b/CVE-2024/CVE-2024-540xx/CVE-2024-54083.json index 2eb5ea93565..7fb99125eb4 100644 --- a/CVE-2024/CVE-2024-540xx/CVE-2024-54083.json +++ b/CVE-2024/CVE-2024-540xx/CVE-2024-54083.json @@ -3,12 +3,16 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-12-16T08:15:05.317", "lastModified": "2024-12-16T08:15:05.317", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of\u00a0callProps\u00a0which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 no logran validar correctamente el tipo de callProps que permite a un usuario causar un DoS del lado del cliente (aplicaci\u00f3n web y m\u00f3vil) a los usuarios de canales particulares, mediante el env\u00edo de una publicaci\u00f3n especialmente manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54125.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54125.json index dde142fb262..6a1970aa68e 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54125.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54125.json @@ -3,12 +3,16 @@ "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-12-17T06:15:21.030", "lastModified": "2024-12-17T06:15:21.030", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper authorization in handler for custom URL scheme issue in \"Shonen Jump+\" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack." + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n incorrecta en el controlador para el esquema de URL personalizado en la aplicaci\u00f3n \"Shonen Jump+\" para versiones de Android anteriores a la 4.0.0 permite que un atacante haga que un usuario acceda a un sitio web arbitrario a trav\u00e9s de la aplicaci\u00f3n vulnerable. Como resultado, el usuario puede convertirse en v\u00edctima de un ataque de phishing." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54139.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54139.json index 5cfcbfb1128..0a9d5cf8072 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54139.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54139.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue." + }, + { + "lang": "es", + "value": "Combodo iTop es una plataforma de gesti\u00f3n de servicios de TI basada en la web y de c\u00f3digo abierto. En versiones anteriores a las 2.7.11, 3.1.2 y 3.2.0, iTop presenta una vulnerabilidad de cross-site scripting que puede provocar cross-site request forgery en el par\u00e1metro `_table_id`. Las versiones 2.7.11, 3.1.2 y 3.2.0 contienen un parche para solucionar el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54229.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54229.json index 3681e8b10f4..5481533cc7a 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54229.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54229.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:07.290", "lastModified": "2024-12-16T16:15:07.290", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02." + }, + { + "lang": "es", + "value": "La vulnerabilidad de asignaci\u00f3n incorrecta de privilegios en Straightvisions GmbH SV100 Companion permite la escalada de privilegios. Este problema afecta a SV100 Companion: desde n/a hasta 2.0.02." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54231.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54231.json index 18fb2fbfcbb..938fcce5d4c 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54231.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54231.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Order Export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through 3.1.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en anzia Ni WooCommerce Order Export permite XSS reflejado. Este problema afecta a Ni WooCommerce Order Export: desde n/a hasta 3.1.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54233.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54233.json index 5d7a5025fde..ad0be622592 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54233.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54233.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap permite XSS reflejado. Este problema afecta a Advanced Control Manager para WordPress de ItalyStrap: desde n/a hasta 2.16.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54234.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54234.json index 22ac9821b13..fe2c12e1618 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54234.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54234.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en wp-buy Limit Login Attempts permite la inyecci\u00f3n SQL. Este problema afecta a Limit Login Attempts: desde n/a hasta 5.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54235.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54235.json index 5de943415fe..1177af439fe 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54235.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54235.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from n/a through 3.1.86." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Shiptimize Shiptimize para WooCommerce permite XSS reflejado. Este problema afecta a Shiptimize para WooCommerce: desde n/a hasta 3.1.86." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54236.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54236.json index 5e00e5f6928..ccbd757b1f3 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54236.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54236.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Bulk Product Editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through 1.4.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en anzia Ni WooCommerce Bulk Product Editor permite XSS reflejado. Este problema afecta a Ni WooCommerce Bulk Product Editor: desde n/a hasta 1.4.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54237.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54237.json index 3e627baf73e..b2cebb81af6 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54237.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54237.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en anzia Ni CRM Lead permite XSS reflejado. Este problema afecta a Ni CRM Lead: desde n/a hasta 1.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54238.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54238.json index 963d3d9d03e..be455044032 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54238.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54238.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Colin Tomele Board Document Manager from CHUHPL allows Reflected XSS.This issue affects Board Document Manager from CHUHPL: from n/a through 1.9.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Colin Tomele Board Document Manager de CHUHPL permite XSS reflejado. Este problema afecta a Board Document Manager de CHUHPL: desde n/a hasta 1.9.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54239.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54239.json index e60e313922d..b4927c661fc 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54239.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54239.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en dugudlabs Eyewear prescription form permite la escalada de privilegios. Este problema afecta al formulario de prescripci\u00f3n de gafas: desde n/a hasta 4.0.18." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54240.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54240.json index ce7c466fb1c..637861260f0 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54240.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54240.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blaze Online Blaze Online eParcel for WooCommerce allows Reflected XSS.This issue affects Blaze Online eParcel for WooCommerce: from n/a through 1.3.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Blaze Online Blaze Online eParcel para WooCommerce permite XSS reflejado. Este problema afecta a Blaze Online eParcel para WooCommerce: desde n/a hasta 1.3.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54241.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54241.json index ce913f2602a..8d0ce88c1d6 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54241.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54241.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Appsbd Elite Notification \u2013 Sales Popup, Social Proof, FOMO & WooCommerce Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elite Notification \u2013 Sales Popup, Social Proof, FOMO & WooCommerce Notification: from 1.5 through n/a." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Appsbd Elite Notification \u2013 Sales Popup, Social Proof, FOMO y WooCommerce Notification permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Elite Notification \u2013 Sales Popup, Social Proof, FOMO & WooCommerce Notification: desde 1.5 hasta n/d." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54242.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54242.json index 5fca628f4cc..ea57dbb9e94 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54242.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54242.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Appsbd Simple Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Notification: from n/a through 1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Appsbd Simple Notification permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Simple Notification: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54243.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54243.json index 0dae1eb8017..58799dbb158 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54243.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54243.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Echoza allows Stored XSS.This issue affects Echoza: from n/a through 0.1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Think201 Echoza permite XSS almacenado. Este problema afecta a Echoza: desde n/a hasta 0.1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54244.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54244.json index b7d090ae90a..ef0fee25ea4 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54244.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54244.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Easy Replace allows Stored XSS.This issue affects Easy Replace: from n/a through 1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Think201 Easy Replace permite XSS almacenado. Este problema afecta a Easy Replace: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54245.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54245.json index 6f7afce89d0..388d3a36d57 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54245.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54245.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Think201 Clients permite XSS almacenado. Este problema afecta a los clientes: desde n/a hasta 1.1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54246.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54246.json index 64aa4de48b7..f2a229a7a80 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54246.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54246.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs allows Stored XSS.This issue affects FAQs: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Think201 FAQs permite XSS almacenado. Este problema afecta a las preguntas frecuentes: desde n/a hasta 1.0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54248.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54248.json index 9c88d0da7f5..50c9688f19c 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54248.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54248.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Michael DUMONTET eewee admin custom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through 1.8.2.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el eewee admin custom de Michael DUMONTET permite la escalada de privilegios. Este problema afecta al eewee admin custom: desde n/a hasta 1.8.2.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54249.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54249.json index 34247491eaf..7c22ccb5446 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54249.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54249.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:07.430", "lastModified": "2024-12-16T16:15:07.430", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Editor: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Jules Colle Advanced Options Editor permite XSS reflejado. Este problema afecta al Editor de opciones avanzadas: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54250.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54250.json index 3b41abc654d..e53ea7d19ba 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54250.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54250.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prodigy Commerce Prodigy Commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through 3.0.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Prodigy Commerce Prodigy Commerce permite XSS basado en DOM. Este problema afecta a Prodigy Commerce: desde n/a hasta 3.0.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54252.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54252.json index dba2a0a09d7..cd506359f0e 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54252.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54252.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en PINPOINT.WORLD Pinpoint Booking System permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al sistema de reservas Pinpoint: desde n/a hasta 2.9.9.5.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54256.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54256.json index d2c9c59fd4e..4e23bf207d6 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54256.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54256.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Seerox Easy Blocks pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through 1.0.21." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Seerox Easy Blocks pro permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a Easy Blocks pro: desde n/a hasta 1.0.21." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54257.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54257.json index 73be0369e8d..619d8552fad 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54257.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54257.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:07.577", "lastModified": "2024-12-16T16:15:07.577", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Molefed permite XSS reflejado. Este problema afecta a tydskrif: desde n/a hasta 1.1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54258.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54258.json index 094bd157264..b19d94c0ee3 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54258.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54258.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anzia Ni CRM Lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through 1.3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en anzia Ni CRM Lead permite la inyecci\u00f3n SQL. Este problema afecta a Ni CRM Lead: desde n/a hasta 1.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54259.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54259.json index 6f1b114fa2e..2adc1a23b09 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54259.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54259.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS GmbH DELUCKS SEO allows Path Traversal.This issue affects DELUCKS SEO: from n/a through 2.5.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en DELUCKS GmbH DELUCKS SEO permite Path Traversal. Este problema afecta a DELUCKS SEO: desde n/a hasta 2.5.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54261.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54261.json index 089b67b6ec1..f61b9aeb155 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54261.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54261.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through 1.1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en HK Digital Agency LLC TAX SERVICE Electronic HDM permite la inyecci\u00f3n SQL. Este problema afecta a TAX SERVICE Electronic HDM: desde n/a hasta 1.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54262.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54262.json index fa57c5308bc..ded36e7d71c 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54262.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54262.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Siddharth Nagar Import Export para WooCommerce permite cargar un shell web a un servidor web. Este problema afecta a Import Export For WooCommerce: desde n/a hasta 1.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54264.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54264.json index b4d61e3e800..81e25be28ad 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54264.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54264.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in C\u00e9sar Morillas Shortcodes Blocks Creator Ultimate allows Reflected XSS.This issue affects Shortcodes Blocks Creator Ultimate: from n/a through 2.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en C\u00e9sar Morillas Shortcodes Blocks Creator Ultimate permite XSS reflejado. Este problema afecta a Shortcodes Blocks Creator Ultimate: desde n/a hasta 2.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54265.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54265.json index dce31bf0f44..caf0d4371fe 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54265.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54265.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en UkrSolution Barcode Scanner with Inventory & Order Manager permite XSS reflejado. Este problema afecta al esc\u00e1ner de c\u00f3digo de barras con Inventory & Order Manager: desde n/a hasta 1.6.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54266.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54266.json index 3a474877d3c..8808b783202 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54266.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54266.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImageRecycle ImageRecycle pdf & image compression allows Reflected XSS.This issue affects ImageRecycle pdf & image compression: from n/a through 3.1.16." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ImageRecycle ImageRecycle pdf & image compression permite XSS reflejado. Este problema afecta a la compresi\u00f3n de PDF e im\u00e1genes de ImageRecycle: desde n/a hasta 3.1.16." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54267.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54267.json index 2fd456afc4c..0bad3aac2a2 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54267.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54267.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in CreativeMindsSolutions CM Answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through 3.2.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en CreativeMindsSolutions CM Answers permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a CM Answers: desde n/a hasta 3.2.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54268.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54268.json index 085a8948f36..8e01eef9c66 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54268.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54268.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en SiteOrigin SiteOrigin Widgets Bundle permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a SiteOrigin Widgets Bundle: desde n/a hasta 1.64.0." } ], "metrics": { @@ -38,7 +42,7 @@ "weaknesses": [ { "source": "audit@patchstack.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54270.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54270.json index 3f76a35ff8d..c3c65b5ecee 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54270.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54270.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-18T12:15:10.570", "lastModified": "2024-12-18T12:15:10.570", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axeptio Axeptio allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through 2.5.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en un programa PHP ('Inclusi\u00f3n de archivos remotos PHP') en axeptio Axeptio permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a Axeptio: desde n/a hasta 2.5.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54271.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54271.json index 55c7180d552..274f8d3ff1f 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54271.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54271.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WPTaskForce WPCargo Track & Trace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through 7.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en WPTaskForce WPCargo Track & Trace permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WPCargo Track & Trace: desde n/a hasta 7.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54272.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54272.json index b51b025c257..a0a6238fe17 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54272.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54272.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks \u2013 WordPress Gutenberg Blocks allows Stored XSS.This issue affects Radius Blocks \u2013 WordPress Gutenberg Blocks: from n/a through 2.1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en RadiusTheme Radius Blocks \u2013 WordPress Gutenberg Blocks permite XSS almacenado. Este problema afecta a Radius Blocks \u2013 WordPress Gutenberg Blocks: desde n/a hasta 2.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54273.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54273.json index 8963a15077b..00b6acc8025 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54273.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54273.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object Injection.This issue affects Mail Picker: from n/a through 1.0.14." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en PickPlugins Mail Picker permite la inyecci\u00f3n de objetos. Este problema afecta a Mail Picker: desde n/a hasta 1.0.14." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54274.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54274.json index cde691c8557..2c799edc7a7 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54274.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54274.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin \u2013 Octrace Support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin \u2013 Octrace Support: from n/a through 1.2.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Octrace Studio WordPress HelpDesk & Support Ticket System Plugin \u2013 Octrace Support permite XSS reflejado. Este problema afecta a WordPress HelpDesk & Support Ticket System Plugin \u2013 Octrace Support: desde n/a hasta 1.2.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54275.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54275.json index 5f5061b6d9d..e2aa1951f0b 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54275.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54275.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wibergs Web CSV to html allows Reflected XSS.This issue affects CSV to html: from n/a through 3.04." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Wibergs Web CSV a HTML permite XSS reflejado. Este problema afecta a CSV a HTML: desde n/a hasta 3.04." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54276.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54276.json index 0b0f749c506..320e777cf09 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54276.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54276.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felix Moira Poll Builder allows Stored XSS.This issue affects Poll Builder: from n/a through 1.3.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Felix Moira Poll Builder permite XSS almacenado. Este problema afecta a Poll Builder: desde n/a hasta 1.3.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54277.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54277.json index 984f687eebb..068ce4dae05 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54277.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54277.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza aliniya Nias course allows DOM-Based XSS.This issue affects Nias course: from n/a through 1.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Alireza aliniya Nias course permite XSS basado en DOM. Este problema afecta al curso Nias: desde n/a hasta 1.2.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54278.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54278.json index ea48fa8879a..ae1958232f9 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54278.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54278.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through 2.1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Plugin Devs News Ticker for Elementor permite acceder a funciones que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a News Ticker para Elementor: desde n/a hasta 2.1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54279.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54279.json index e4304c454b4..61731f48356 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54279.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54279.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:07.717", "lastModified": "2024-12-16T16:15:07.717", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial del sistema a una esfera de control no autorizada en WPNERD WP-NERD Toolkit. Este problema afecta a WP-NERD Toolkit: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json index 3e5746fd2ce..298e2aa59a1 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54280.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:07.880", "lastModified": "2024-12-16T16:15:07.880", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Iqonic Design WPBookit permite la inyecci\u00f3n SQL. Este problema afecta a WPBookit: desde n/a hasta 1.6.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54282.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54282.json index 34b6e1842ec..a0ea7a2eb72 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54282.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54282.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection.This issue affects WP Mega Menu: from n/a through 1.4.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en Themeum WP Mega Menu permite la inyecci\u00f3n de objetos. Este problema afecta a WP Mega Menu: desde n/a hasta 1.4.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54283.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54283.json index de0f8e9ac0c..29c15eac51d 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54283.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54283.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:08.023", "lastModified": "2024-12-16T16:15:08.023", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en SeedProd LLC SeedProd Pro permite la inyecci\u00f3n SQL. Este problema afecta a SeedProd Pro: desde n/a hasta 6.18.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54284.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54284.json index 370b456f6cc..57b6f775bac 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54284.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54284.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:08.153", "lastModified": "2024-12-16T16:15:08.153", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en SeedProd LLC SeedProd Pro permite la inyecci\u00f3n SQL. Este problema afecta a SeedProd Pro: desde n/a hasta 6.18.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54285.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54285.json index ef34ababde4..7ce4f92dfd9 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54285.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54285.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:08.320", "lastModified": "2024-12-16T16:15:08.320", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10." + }, + { + "lang": "es", + "value": "Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en SeedProd LLC SeedProd Pro permite cargar un shell web a un servidor web. Este problema afecta a SeedProd Pro: desde n/a hasta 6.18.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54286.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54286.json index f55e411fd8d..d3a30a82164 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54286.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54286.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sendsmaily LLC Smaily for WP allows Stored XSS.This issue affects Smaily for WP: from n/a through 3.1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Sendsmaily LLC Smaily for WP permite XSS almacenado. Este problema afecta a Smaily for WP: desde n/a hasta 3.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54287.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54287.json index 3bc45c4a620..ddf5b9d8c6a 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54287.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54287.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best Wp Developer Advanced Blog Post Block allows Stored XSS.This issue affects Advanced Blog Post Block: from n/a through 1.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Best Wp Developer Advanced Blog Post Block permite XSS almacenado. Este problema afecta a Advanced Blog Post Block: desde n/a hasta 1.0.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54288.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54288.json index af8ab4b9f70..0ede37eab68 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54288.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54288.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LDD Web Design LDD Directory Lite allows Reflected XSS.This issue affects LDD Directory Lite: from n/a through 3.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en LDD Web Design LDD Directory Lite permite XSS reflejado. Este problema afecta a LDD Directory Lite: desde n/a hasta 3.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54289.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54289.json index 9940ebf6875..311278ea44e 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54289.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54289.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.3.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Awesome Support Team Awesome Support permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Awesome Support: desde n/a hasta 6.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54290.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54290.json index 5b59ab1f218..5743eedaf77 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54290.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54290.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Fletcher Role Includer allows Reflected XSS.This issue affects Role Includer: from n/a through 1.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Justin Fletcher Role Includer permite XSS reflejado. Este problema afecta a Role Includer: desde n/a hasta 1.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54292.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54292.json index 01b8ba9adf3..e6455266622 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54292.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54292.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appsplate Appsplate allows SQL Injection.This issue affects Appsplate: from n/a through 2.1.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Appsplate Appsplate permite la inyecci\u00f3n SQL. Este problema afecta a Appsplate: desde n/a hasta 2.1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54293.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54293.json index b2549fb05a4..2f2611341e3 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54293.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54293.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through 2.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de asignaci\u00f3n incorrecta de privilegios en CE21 CE21 Suite permite la escalada de privilegios. Este problema afecta a CE21 Suite: desde n/a hasta 2.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54294.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54294.json index 6d32caf6571..de584bf528f 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54294.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54294.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante una ruta o canal alternativo en appgenixinfotech Firebase OTP Authentication permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a la autenticaci\u00f3n OTP de Firebase: desde n/a hasta 1.0.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54295.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54295.json index 5adc9ce1a56..08ac1cb412a 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54295.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54295.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp Mobile Manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through 1.7.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante una ruta o canal alternativo en InspireUI ListApp Mobile Manager permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a ListApp Mobile Manager: desde n/a hasta 1.7.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54296.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54296.json index 7e7f1a5782e..e05bf7d4c27 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54296.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54296.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through 1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante una ruta o canal alternativo en Codexpert, Inc CoSchool LMS que permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a CoSchool LMS: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54297.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54297.json index 5028e68bab0..96eb4a54a08 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54297.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54297.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in www.vbsso.com vBSSO-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through 1.4.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante una ruta o canal alternativo en www.vbsso.com vBSSO-lite permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a vBSSO-lite: desde n/a hasta 1.4.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54298.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54298.json index f10431e911b..56cb5d5dc76 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54298.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54298.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Bill Minozzi Car Dealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through 4.46." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Bill Minozzi Car Dealer permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al concesionario de autom\u00f3viles: desde n/a hasta 4.46." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54299.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54299.json index 26d515c66ca..037899e270a 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54299.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54299.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revi Revi.io allows Reflected XSS.This issue affects Revi.io: from n/a through 5.7.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Revi Revi.io permite XSS reflejado. Este problema afecta a Revi.io: desde n/a hasta 5.7.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54300.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54300.json index cec0959484e..2e4a28bd022 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54300.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54300.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Neuralabz LTD. AutoWP allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through 2.0.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Neuralabz LTD. AutoWP permite Cross-Site Request Forgery. Este problema afecta a AutoWP: desde n/a hasta 2.0.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54301.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54301.json index c8cd07e15d4..dcaf0e099d0 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54301.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54301.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en FormFacade FormFacade permite XSS reflejado. Este problema afecta a FormFacade: desde n/a hasta 1.3.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54302.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54302.json index 05706470fff..29bf856a8cc 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54302.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54302.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Reflected XSS.This issue affects VForm: from n/a through 3.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Vikas Ratudi VForm permite XSS reflejado. Este problema afecta a VForm: desde n/a hasta 3.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54303.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54303.json index 25c1de8f444..78499e75e52 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54303.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54303.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky / yalla ya! Simple Payment allows Reflected XSS.This issue affects Simple Payment: from n/a through 2.3.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Ido Kobelkowsky / yalla ya! Simple Payment permite XSS reflejado. Este problema afecta a Simple Payment: desde n/a hasta 2.3.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54304.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54304.json index 1a60f5120cf..6d1434f7195 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54304.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54304.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support \u2013 WordPress Help Desk allows SQL Injection.This issue affects Hive Support \u2013 WordPress Help Desk: from n/a through 1.1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Hive Support Hive Support \u2013 WordPress Help Desk permite la inyecci\u00f3n SQL. Este problema afecta a Hive Support \u2013 WordPress Help Desk: desde n/a hasta 1.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54305.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54305.json index e6bd468a6c2..49d4dee3d00 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54305.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54305.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woocs J&T Express Malaysia allows Reflected XSS.This issue affects J&T Express Malaysia: from n/a through 2.0.13." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en woocs J&T Express Malaysia permite XSS reflejado. Este problema afecta a J&T Express Malaysia: desde n/a hasta 2.0.13." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54306.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54306.json index 1750e91d870..41756cb47b1 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54306.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54306.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through 1.6.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot permite Cross-Site Request Forgery. Este problema afecta a AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: desde n/a hasta 1.6.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54307.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54307.json index 55e5a38ded8..3066ad1d8c7 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54307.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54307.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in AIpost AIcomments allows Cross Site Request Forgery.This issue affects AIcomments: from n/a through 1.4.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AIpost AIcomments permite Cross-Site Request Forgery. Este problema afecta a AIcomments: desde n/a hasta 1.4.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54308.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54308.json index 7afa116bed5..0c5936c53e8 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54308.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54308.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.today Cryptocurrency Price Widget allows Stored XSS.This issue affects Cryptocurrency Price Widget: from n/a through 1.2.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CurrencyRate.today Cryptocurrency Price Widget permite XSS almacenado. Este problema afecta al widget de precio de criptomonedas: desde n/a hasta 1.2.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54309.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54309.json index 26c0390e253..7dfbac6713d 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54309.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54309.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through 1.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en datos enviados en wpdebuglog PostBox permite recuperar datos confidenciales incrustados. Este problema afecta a PostBox: desde n/a hasta 1.0.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54310.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54310.json index 9a0410b8f5f..586cb846741 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54310.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54310.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through 1.0.1.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Aslam Khan Gouran Gou Manage My Account Menu permite acceder a funciones que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta al men\u00fa Administrar mi cuenta de Gou: desde n/a hasta 1.0.1.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54311.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54311.json index 570c583173f..ec5314b40e9 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54311.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54311.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in i.lychkov Mark New Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through 7.5.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en i.lychkov Mark New Posts permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Mark New Posts: desde n/a hasta 7.5.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54312.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54312.json index 3891f2ce8f4..0ea7e279d47 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54312.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54312.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 \u0641\u0627\u0631\u0633\u06cc Persian Woocommerce SMS allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through 7.0.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ??????? ????? Persian Woocommerce SMS permite XSS reflejado. Este problema afecta a Persian Woocommerce SMS: desde n/a hasta 7.0.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54313.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54313.json index fb598cbd7a1..cf849cf5f59 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54313.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54313.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Path Traversal en FULL. FULL Customer permite Path Traversal. Este problema afecta al cliente de FULL: desde n/a hasta 3.1.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54314.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54314.json index 427021b03b6..60a216c721c 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54314.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54314.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.6.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NicheAddons Primary Addon for Elementor permite XSS almacenado. Este problema afecta al complemento principal de Elementor: desde n/a hasta 1.6.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54315.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54315.json index 0ec94316322..5e8b0db87d5 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54315.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54315.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NicheAddons Events Addon for Elementor permite XSS basado en DOM. Este problema afecta al complemento NicheAddons Events para Elementor: desde n/a hasta 2.2.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54316.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54316.json index 649af49fdd5..9f703593d44 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54316.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54316.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows DOM-Based XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NicheAddons Restaurant & Cafe Addon for Elementor permite XSS basado en DOM. Este problema afecta al complemento Restaurant & Cafe para Elementor: desde n/a hasta 1.5.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54317.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54317.json index 811c5c008ac..b7c8f2f7c7f 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54317.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54317.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories allows Stored XSS.This issue affects Web Stories: from n/a through 1.37.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Google Web Stories permite XSS almacenado. Este problema afecta a Web Stories: desde n/a hasta 1.37.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54318.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54318.json index 327ea93bc28..81f42f8958d 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54318.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54318.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a through 3.6.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NiceJob NiceJob permite XSS almacenado. Este problema afecta a NiceJob: desde n/a hasta 3.6.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54319.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54319.json index a1a13cb2c7a..8523ad257e4 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54319.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54319.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiNet Interactive AB Kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through 1.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en MultiNet Interactive AB Kundgenerator permite XSS reflejado. Este problema afecta a Kundgenerator: desde n/a hasta 1.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54320.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54320.json index 6e38ac6e42b..e3e1320584f 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54320.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54320.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ICDSoft Hosting ICDSoft Reseller Store allows Reflected XSS.This issue affects ICDSoft Reseller Store: from n/a through 2.4.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ICDSoft Hosting ICDSoft Reseller Store permite XSS reflejado. Este problema afecta a ICDSoft Reseller Store: desde n/a hasta 2.4.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54321.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54321.json index daf801f90ed..8919bdc809d 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54321.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54321.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support \u2013 WordPress Help Desk allows Cross Site Request Forgery.This issue affects Hive Support \u2013 WordPress Help Desk: from n/a through 1.1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Hive Support Hive Support \u2013 WordPress Help Desk permite Cross-Site Request Forgery. Este problema afecta a Hive Support \u2013 WordPress Help Desk: desde n/a hasta 1.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54322.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54322.json index 8cebd2d471a..57b8663329e 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54322.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54322.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through 0.4.7.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Ederson Peka Media Downloader permite XSS reflejado. Este problema afecta a Media Downloader: desde n/a hasta 0.4.7.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54323.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54323.json index 7c08e70d3ed..4e60a00d25a 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54323.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54323.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in WPExpertsio New User Approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through 2.6.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en WPExpertsio New User Approve permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a New User Approve: desde n/a hasta 2.6.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54324.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54324.json index 60a8e2d4c36..748a599e07a 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54324.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54324.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloud Inn SMSify allows Reflected XSS.This issue affects SMSify: from n/a through 6.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Cloud Inn SMSify permite XSS reflejado. Este problema afecta a SMSify: desde n/a hasta 6.0.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54325.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54325.json index cf2482db772..01edda7a229 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54325.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54325.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DealerTrend CarDealerPress allows Reflected XSS.This issue affects CarDealerPress: from n/a through 6.6.2410.02." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en DealerTrend CarDealerPress permite XSS reflejado. Este problema afecta a CarDealerPress: desde n/a hasta 6.6.2410.02." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54326.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54326.json index 7fe8365c9f9..cffe86c2770 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54326.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54326.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through 4.5.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Eyal Fitoussi GEO my WordPress permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a GEO my WordPress: desde n/a hasta 4.5.0.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54327.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54327.json index 27f8264fbfe..9906bd348ca 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54327.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54327.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in universam UNIVERSAM allows Reflected XSS.This issue affects UNIVERSAM: from n/a through n/a." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en universam UNIVERSAM permite XSS reflejado. Este problema afecta a UNIVERSAM: desde n/a hasta n/a." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54328.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54328.json index a857f3bf610..e7e8a13687a 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54328.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54328.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Nacional Invoice Payment for WooCommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through 1.7.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Link Nacional Invoice Payment para WooCommerce permite XSS reflejado. Este problema afecta a Invoice Payment para WooCommerce: desde n/a hasta 1.7.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54329.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54329.json index 26105052954..de40aadf839 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54329.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54329.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metup s.r.l. CleverNode Related Content allows Reflected XSS.This issue affects CleverNode Related Content: from n/a through 1.1.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Metup s.r.l. CleverNode Related Content permite XSS reflejado. Este problema afecta a CleverNode Related Content: desde n/a hasta 1.1.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54330.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54330.json index 19d57388fca..40f50d6ccb5 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54330.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54330.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH) Hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through 2.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Hep Hep Hurra (HHH) Hurrakify permite Server Side Request Forgery. Este problema afecta a Hurrakify: desde n/a hasta 2.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54331.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54331.json index 81dc437ce79..8fb40225c0f 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54331.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54331.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:07.377", "lastModified": "2024-12-16T15:15:07.377", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Micha I Plant A Tree permite XSS almacenado. Este problema afecta a I Plant A Tree: desde n/a hasta 1.7.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54332.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54332.json index f61df7d71df..e9a2dc18c6e 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54332.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54332.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:07.547", "lastModified": "2024-12-16T15:15:07.547", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WPFactory WP Currency Exchange Rates permite XSS almacenado. Este problema afecta a WP Currency Exchange Rates: desde n/a hasta 1.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54333.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54333.json index ca821c4bb2e..50c0a9c7f14 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54333.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54333.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce allows Reflected XSS.This issue affects Check Pincode For Woocommerce: from n/a through 1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en silverplugins217 Check Pincode para Woocommerce permite XSS reflejado. Este problema afecta a Check Pincode For Woocommerce: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54334.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54334.json index f1861469c2d..2a0807e87a3 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54334.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54334.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zeshan B Quran Phrases About Most People Shortcodes allows DOM-Based XSS.This issue affects Quran Phrases About Most People Shortcodes: from n/a through 1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Zeshan B Quran Phrases About Most People Shortcodes permite XSS basado en DOM. Este problema afecta a los c\u00f3digos cortos de frases del Cor\u00e1n sobre la mayor\u00eda de las personas: desde n/a hasta 1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54335.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54335.json index 9b42180b419..b5dab94e7b7 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54335.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54335.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZebraSoft Monaco ImmoToolBox Connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through 1.3.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ZebraSoft Monaco ImmoToolBox Connect permite XSS reflejado. Este problema afecta a ImmoToolBox Connect: desde n/a hasta 1.3.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54336.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54336.json index fa4cac64fe2..de2d6c712a2 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54336.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54336.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia allows Authentication Bypass.This issue affects Projectopia: from n/a through 5.1.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante una ruta o canal alternativo en Projectopia Projectopia permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a Projectopia: desde n/a hasta 5.1.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54337.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54337.json index 0e92387762f..dd0333abdfd 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54337.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54337.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site allows Stored XSS.This issue affects DX Dark Site: from n/a through 1.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en DevriX DX Dark Site permite XSS almacenado. Este problema afecta a DX Dark Site: desde n/a hasta 1.0.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54338.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54338.json index b6cb8150b84..98f97fd0ccb 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54338.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54338.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christer Fernstrom Hello Event Widgets For Elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Christer Fernstrom Hello Event Widgets para Elementor permite XSS basado en DOM. Este problema afecta a Hello Event Widgets For Elementor: desde n/a hasta 1.0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54339.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54339.json index 61302d25527..b64edf06c26 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54339.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54339.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jbd7 geoFlickr allows Reflected XSS.This issue affects geoFlickr: from n/a through 1.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en jbd7 geoFlickr permite XSS reflejado. Este problema afecta a geoFlickr: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54340.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54340.json index 60e3a603fc2..78038892807 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54340.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54340.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sylvia van Os Simple Presenter allows Reflected XSS.This issue affects Simple Presenter: from n/a through 1.5.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Sylvia van Os Simple Presenter permite XSS reflejado. Este problema afecta a Simple Presenter: desde n/a hasta 1.5.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54341.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54341.json index ee18ddf72d7..22ce88c55e2 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54341.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54341.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through 1.3.58." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en LabelGrid LabelGrid Tools permite XSS reflejado. Este problema afecta a LabelGrid Tools: desde n/a hasta 1.3.58." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54342.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54342.json index 74431d60830..ca94c2644e0 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54342.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54342.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS Staggs Product Configurator for WooCommerce allows Reflected XSS.This issue affects Staggs Product Configurator for WooCommerce: from n/a through 2.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en STAGGS Staggs Product Configurator para WooCommerce permite XSS reflejado. Este problema afecta a Staggs Product Configurator for WooCommerce: desde n/a hasta 2.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54343.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54343.json index cb631f30719..0ff38f121ac 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54343.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54343.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Connect Contact Form 7 to Constant Contact allows Reflected XSS.This issue affects Connect Contact Form 7 to Constant Contact: from n/a through 1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Howard Ehrenberg Connect Contact Form 7 to Constant Contact permite XSS reflejado. Este problema afecta a Connect Contact Form 7 to Constant Contact: desde n/a hasta 1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54344.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54344.json index 458a7ebf19d..edda2b54255 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54344.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54344.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through 1.3.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Fahad Mahmood WP Quick Shop permite XSS reflejado. Este problema afecta a WP Quick Shop: desde n/a hasta 1.3.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54345.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54345.json index 1a4448e3675..9f53196c381 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54345.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54345.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes Bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through 1.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en SKT Themes Bicycleshop permite XSS basado en DOM. Este problema afecta a Bicycleshop: desde n/a hasta 1.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54346.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54346.json index 291b41afdeb..667443bda16 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54346.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54346.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes Barter allows DOM-Based XSS.This issue affects Barter: from n/a through 1.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en SKT Themes Barter permite XSS basado en DOM. Este problema afecta a Barter: desde n/a hasta 1.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54347.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54347.json index f85eca4b240..3669bf9cc62 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54347.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54347.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BAKKBONE Australia FloristPress allows Reflected XSS.This issue affects FloristPress: from n/a through 7.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en BAKKBONE Australia FloristPress permite XSS reflejado. Este problema afecta a FloristPress: desde n/a hasta 7.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54348.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54348.json index 0bed4fd53d2..364cc1dc565 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54348.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54348.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:08.477", "lastModified": "2024-12-16T16:15:08.477", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en YayCommerce Brand permite XSS almacenado. Este problema afecta a Brand: desde n/a hasta 1.1.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54349.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54349.json index 1206546f8ca..38cdcec1d3c 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54349.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54349.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mashiurz.com Plain Post allows Stored XSS.This issue affects Plain Post: from n/a through 1.0.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en mashiurz.com Plain Post permite XSS almacenado. Este problema afecta a Plain Post: desde n/a hasta 1.0.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54350.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54350.json index 5392b8575dd..c44d344a098 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54350.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54350.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-18T12:15:10.713", "lastModified": "2024-12-18T12:15:10.713", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HJYL hmd allows Stored XSS.This issue affects hmd: from n/a through 2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en HJYL hmd permite XSS almacenado. Este problema afecta a hmd: desde n/a hasta 2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54351.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54351.json index 35be2e93f82..c8b4d19ea63 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54351.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54351.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis Fancy Roller Scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through 1.4.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tom Landis Fancy Roller Scroller permite XSS almacenado. Este problema afecta a Fancy Roller Scroller: desde n/a hasta 1.4.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54352.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54352.json index 52761ea8672..bacbbe730b3 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54352.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54352.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:07.707", "lastModified": "2024-12-16T15:15:07.707", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sabri Taieb Sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through 1.5.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Sabri Taieb Sogrid permite la escalada de privilegios. Este problema afecta a Sogrid: desde n/a hasta 1.5.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54353.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54353.json index 2c6f44645af..a5cd84c41c7 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54353.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54353.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:07.867", "lastModified": "2024-12-16T15:15:07.867", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPGear Hack-Info allows Stored XSS.This issue affects Hack-Info: from n/a through 3.17." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en WPGear Hack-Info permite XSS almacenado. Este problema afecta a Hack-Info: desde n/a hasta 3.17." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54354.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54354.json index e3e52b6c16d..ee96efb4db6 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54354.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54354.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:08.023", "lastModified": "2024-12-16T15:15:08.023", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Beat Kueffer Termin-Kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through 0.99.47." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Beat Kueffer Termin-Kalender permite XSS almacenado. Este problema afecta a Termin-Kalender: desde n/a hasta 0.99.47." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54355.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54355.json index 58782242975..3cf7ae9459a 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54355.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54355.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:08.180", "lastModified": "2024-12-16T15:15:08.180", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en brandtoss WP Mailster permite Cross Site Request Forgery. Este problema afecta a WP Mailster: desde n/a hasta 1.8.17.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54356.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54356.json index b4a8b31d3a0..2d3eba2c4bb 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54356.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54356.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:08.327", "lastModified": "2024-12-16T15:15:08.327", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en vCita.com Online Booking & Scheduling Calendar for WordPress by vcita permite Cross Site Request Forgery. Este problema afecta al calendario de reservas y programaci\u00f3n en l\u00ednea vCita.com para WordPress de vcita: desde n/a hasta 4.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54357.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54357.json index 2acc8fd2ef7..277f51baf47 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54357.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54357.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:08.617", "lastModified": "2024-12-16T16:15:08.617", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ThemeFusion Avada. Este problema afecta a Avada: desde n/a hasta 7.11.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54358.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54358.json index c370e19e266..3c5cbe9ee58 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54358.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54358.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:08.477", "lastModified": "2024-12-16T15:15:08.477", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Avatar 3D Creator 3D Avatar User Profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Avatar 3D Creator 3D Avatar User Profile permite XSS reflejado. Este problema afecta a 3D Avatar User Profile: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54359.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54359.json index ffa2c4ea720..c18cac1d0bf 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54359.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54359.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:08.630", "lastModified": "2024-12-16T15:15:08.630", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Saul Morales Pacheco Banner System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Saul Morales Pacheco Banner System permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Banner System: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54360.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54360.json index a38f517f49e..ae52e2742fe 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54360.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54360.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:08.793", "lastModified": "2024-12-16T15:15:08.793", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in premila Gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through 1.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Premila Gutensee permite XSS basado en DOM. Este problema afecta a Gutensee: desde n/a hasta 1.0.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54361.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54361.json index 8ab85fe531d..f6e055b8ffb 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54361.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54361.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:08.970", "lastModified": "2024-12-16T15:15:08.970", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Outstrip Instant Appointment permite la inyecci\u00f3n SQL. Este problema afecta a Instant Appointment: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54363.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54363.json index 6c9561dd9ee..d59e99c1234 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54363.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54363.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:09.130", "lastModified": "2024-12-16T15:15:09.130", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de asignaci\u00f3n incorrecta de privilegios en nssTheme Wp NssUser Register permite la escalada de privilegios. Este problema afecta a Wp NssUser Register: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54364.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54364.json index db01bfe37db..c065f5ceaa0 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54364.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54364.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:09.283", "lastModified": "2024-12-16T15:15:09.283", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Spartac Feedpress Generator permite XSS reflejado. Este problema afecta a Feedpress Generator: desde n/a hasta 1.2.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54365.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54365.json index c7c94b96d93..7450ef34d9f 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54365.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54365.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:09.437", "lastModified": "2024-12-16T15:15:09.437", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de asignaci\u00f3n incorrecta de privilegios en Halim KH Easy User Settings permite la escalada de privilegios. Este problema afecta a KH Easy User Settings: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54366.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54366.json index e90866876ad..9eaa03e5873 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54366.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54366.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:09.610", "lastModified": "2024-12-16T15:15:09.610", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de generaci\u00f3n de mensajes de error que contienen informaci\u00f3n confidencial en Dave Kiss Vimeography permite recuperar datos confidenciales integrados. Este problema afecta a Vimeography: desde n/a hasta 2.4.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54367.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54367.json index 2f6c8955b87..2da7c858285 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54367.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54367.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:10.027", "lastModified": "2024-12-16T15:15:10.027", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en ForumWP ForumWP permite la inyecci\u00f3n de objetos. Este problema afecta a ForumWP: desde n/a hasta 2.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54368.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54368.json index 4127bc69811..6d3725e625e 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54368.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54368.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:10.223", "lastModified": "2024-12-16T15:15:10.223", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Ruben Garza, Jr. GitSync permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a GitSync: desde n/a hasta 1.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54369.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54369.json index ea36f70dedb..c37f9f47970 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54369.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54369.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:10.410", "lastModified": "2024-12-16T15:15:10.410", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en ThemeHunk Zita Site Builder permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a Zita Site Builder: desde n/a hasta 1.0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54370.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54370.json index 9f2ed8a695c..b151ac76600 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54370.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54370.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:10.593", "lastModified": "2024-12-16T15:15:10.593", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en SSuitePlugins Video & Photo Gallery for Ultimate Member permite cargar un Web Shell a un servidor web. Este problema afecta a Video & Photo Gallery para Ultimate Member: desde n/a hasta 1.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54372.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54372.json index 596cceafb6c..804df684102 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54372.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54372.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:10.810", "lastModified": "2024-12-16T15:15:10.810", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Sourov Amin Insertify permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Insertify: desde n/a hasta 1.1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54373.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54373.json index 087d08d9735..8f11ca27cd9 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54373.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54373.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:11.013", "lastModified": "2024-12-16T15:15:11.013", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris G\u00e5rdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Chris G\u00e5rdenberg, MultiNet Interactive AB EduAdmin Booking permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a EduAdmin Booking: desde n/a hasta 5.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54374.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54374.json index 6c9fff2dc2e..f1d90ce27ac 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54374.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54374.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:11.200", "lastModified": "2024-12-16T15:15:11.200", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Sabri Taieb Sogrid permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Sogrid: desde n/a hasta 1.5.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54375.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54375.json index b0f27acae0a..114d50cf4ba 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54375.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54375.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:11.553", "lastModified": "2024-12-16T15:15:11.553", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Sabri Taieb Woolook permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Woolook: desde n/a hasta 1.7.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54376.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54376.json index 1ec14c8cf82..96ac8e509c6 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54376.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54376.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T16:15:08.763", "lastModified": "2024-12-16T16:15:08.763", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider-themes EazyDocs.This issue affects EazyDocs: from n/a through 2.5.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n de archivo remoto PHP') en Spider-themes EazyDocs. Este problema afecta a EazyDocs: desde n/a hasta 2.5.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54378.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54378.json index 8dc84188af0..2369c89820a 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54378.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54378.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:11.740", "lastModified": "2024-12-16T15:15:11.740", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Quietly Insights permite la escalada de privilegios. Este problema afecta a Quietly Insights: desde n/a hasta 1.2.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54379.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54379.json index de0faf38e1e..add202c5533 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54379.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54379.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:11.930", "lastModified": "2024-12-16T15:15:11.930", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Blokhaus Minterpress permite la escalada de privilegios. Este problema afecta a Minterpress: desde n/a hasta 1.0.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54380.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54380.json index a4009887b7b..29f2712bc51 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54380.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54380.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:12.123", "lastModified": "2024-12-16T15:15:12.123", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Filippo Bodei WP Cookies Enabler permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a WP Cookies Enabler: desde n/a hasta 1.0.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54381.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54381.json index f570bd0371e..f904b623aaf 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54381.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54381.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-18T19:15:11.320", "lastModified": "2024-12-18T19:15:11.320", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Dotstore Advance Menu Manager. Este problema afecta a Advance Menu Manager: desde n/a hasta 3.1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54382.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54382.json index 416e83e6286..6dd08d05085 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54382.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54382.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:12.313", "lastModified": "2024-12-16T15:15:12.313", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en BoldThemes Bold Page Builder permite Path Traversal. Este problema afecta a Bold Page Builder: desde n/a hasta 5.1.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54383.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54383.json index 7903edc91ef..9b96efa1123 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54383.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54383.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-18T19:15:11.467", "lastModified": "2024-12-18T19:15:11.467", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de asignaci\u00f3n incorrecta de privilegios en wpweb WooCommerce PDF Vouchers permite la escalada de privilegios. Este problema afecta a los vales PDF de WooCommerce: desde n/a hasta 4.9.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54384.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54384.json index 0f14a7854db..037bd688fbb 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54384.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54384.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:12.497", "lastModified": "2024-12-16T15:15:12.497", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in eLightUp Falcon \u2013 WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon \u2013 WordPress Optimizations & Tweaks: from n/a through 2.8.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en eLightUp Falcon \u2013 WordPress Optimizations & Tweaks permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Falcon \u2013 Optimizaciones y ajustes de WordPress: desde n/a hasta 2.8.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54385.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54385.json index ad93376eabb..995fcf1378f 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54385.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54385.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:12.653", "lastModified": "2024-12-16T15:15:12.653", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Server-Side Request Forgery (SSRF) en SoftLab Radio Player permite Server Side Request Forgery. Este problema afecta a Radio Player: desde n/a hasta 2.0.82." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54386.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54386.json index e9b1548dd9b..c4ff3e0ceda 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54386.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54386.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:12.837", "lastModified": "2024-12-16T15:15:12.837", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart permite Cross Site Request Forgery. Este problema afecta a Push Monkey Pro \u2013 Web Push Notifications y WooCommerce Abandoned Cart: desde n/a hasta 3.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54387.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54387.json index c641552b39a..ee29a3cf539 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54387.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54387.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:12.987", "lastModified": "2024-12-16T15:15:12.987", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaytesh Barange Posts Date Ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through 2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Jaytesh Barange Posts Date Ranges permite XSS reflejado. Este problema afecta a los rangos de fechas de publicaciones: desde n/a hasta 2.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54388.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54388.json index 3b282682071..7459da64304 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54388.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54388.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:13.163", "lastModified": "2024-12-16T15:15:13.163", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Phuc Pham Multiple Admin Emails permite Cross Site Request Forgery. Este problema afecta a los correos electr\u00f3nicos de m\u00faltiples administradores: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54389.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54389.json index 91ca62bf6b5..cf3c34db186 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54389.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54389.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:13.303", "lastModified": "2024-12-16T15:15:13.303", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Eduardo Chiaro addWeather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through 2.5.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Eduardo Chiaro addWeather permite Cross Site Request Forgery. Este problema afecta a addWeather: desde n/a hasta 2.5.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54390.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54390.json index 1822fd8e3bd..75911b62eae 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54390.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54390.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:13.467", "lastModified": "2024-12-16T15:15:13.467", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bouzid Nazim Zitouni TagGator allows Reflected XSS.This issue affects TagGator: from n/a through 1.54." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Bouzid Nazim Zitouni TagGator permite XSS reflejado. Este problema afecta a TagGator: desde n/a hasta 1.54." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54391.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54391.json index cc11de5a3be..8750223b45f 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54391.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54391.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:13.700", "lastModified": "2024-12-16T15:15:13.700", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Matt Walters WordPress Filter permite XSS almacenado. Este problema afecta al filtro de WordPress: desde n/a hasta 1.4.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54392.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54392.json index 344e661b690..1176705aafb 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54392.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54392.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:13.873", "lastModified": "2024-12-16T15:15:13.873", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP\u5fae\u4fe1\u673a\u5668\u4eba allows Stored XSS.This issue affects WP\u5fae\u4fe1\u673a\u5668\u4eba: from n/a through 5.3.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Midoks WP????? permite XSS Almacenado. Este problema afecta a WP?????: desde n/a hasta 5.3.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54393.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54393.json index aba1b1f58a3..e85d321a119 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54393.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54393.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:14.030", "lastModified": "2024-12-16T15:15:14.030", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Sheikh Heera WP Fiddle permite XSS almacenado. Este problema afecta a WP Fiddle: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54394.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54394.json index b359d96a63a..31f9e000f30 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54394.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54394.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:14.220", "lastModified": "2024-12-16T15:15:14.220", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft Mandrill WP allows Stored XSS.This issue affects Mandrill WP: from n/a through 1.0.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Web solution soft Mandrill WP permite XSS almacenado. Este problema afecta a Mandrill WP: desde n/a hasta 1.0.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54395.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54395.json index b870ff0f8d2..249be5153d0 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54395.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54395.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:14.377", "lastModified": "2024-12-16T15:15:14.377", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Becky Sanders Increase Sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through 1.3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Becky Sanders Increase Sociability permite XSS reflejado. Este problema afecta a Increase Sociability: desde n/a hasta 1.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54396.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54396.json index 9dee5ecec54..e5207550fa2 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54396.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54396.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:14.610", "lastModified": "2024-12-16T15:15:14.610", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ryan Bet sport Free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Ryan Bet sport Free permite Cross Site Request Forgery. Este problema afecta a Bet sport Free: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54397.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54397.json index f73209534ce..2e3cdd75c44 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54397.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54397.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:14.983", "lastModified": "2024-12-16T15:15:14.983", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Antonio Gocaj Go Animate allows Stored XSS.This issue affects Go Animate: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Antonio Gocaj Go Animate permite XSS almacenado. Este problema afecta a Go Animate: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54398.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54398.json index 743f1799c46..8ff40c493d1 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54398.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54398.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:15.153", "lastModified": "2024-12-16T15:15:15.153", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Project Caruso Flaming Forms permite XSS almacenado. Este problema afecta a Flaming Forms: desde n/a hasta 1.0.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-543xx/CVE-2024-54399.json b/CVE-2024/CVE-2024-543xx/CVE-2024-54399.json index 6f9873c7440..0fd6e4ad82d 100644 --- a/CVE-2024/CVE-2024-543xx/CVE-2024-54399.json +++ b/CVE-2024/CVE-2024-543xx/CVE-2024-54399.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:15.317", "lastModified": "2024-12-16T15:15:15.317", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CRUDLab CRUDLab Google Plus Button permite XSS almacenado. Este problema afecta al bot\u00f3n Google Plus de CRUDLab: desde n/a hasta 1.0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54400.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54400.json index 978ae516b40..b98122fdabd 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54400.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54400.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:15.587", "lastModified": "2024-12-16T15:15:15.587", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in MELONIQ.NET AppMaps allows Stored XSS.This issue affects AppMaps: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en MELONIQ.NET AppMaps permite XSS almacenado. Este problema afecta a AppMaps: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54401.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54401.json index b3c1433114c..8e4d8851bf2 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54401.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54401.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:15.970", "lastModified": "2024-12-16T15:15:15.970", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advanced Fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through 1.1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Turcu Ciprian Advanced Fancybox permite XSS almacenado. Este problema afecta a Advanced Fancybox: desde n/a hasta 1.1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54402.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54402.json index f379c02bdfd..da5c2c677a0 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54402.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54402.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:16.153", "lastModified": "2024-12-16T15:15:16.153", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Jozoor Arabic Webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through 1.4.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Jozoor Arabic Webfonts permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a las fuentes web \u00e1rabes: desde n/a hasta 1.4.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54403.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54403.json index 9b410c26520..62be0872cfb 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54403.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54403.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:16.327", "lastModified": "2024-12-16T15:15:16.327", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Scott Visual Recent Posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through 1.2.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Ryan Scott Visual Recent Posts permite XSS reflejado. Este problema afecta a Visual Recent Posts: desde n/a hasta 1.2.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54404.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54404.json index cee1fe8e5d2..3025fa44099 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54404.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54404.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:16.500", "lastModified": "2024-12-16T15:15:16.500", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Nazmul Ahsan MDC Comment Toolbar permite XSS almacenado. Este problema afecta a la barra de herramientas de comentarios de MDC: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54405.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54405.json index 8bdaa9f813e..2c543892e8c 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54405.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54405.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:16.673", "lastModified": "2024-12-16T15:15:16.673", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Social Share allows Stored XSS.This issue affects ECT Social Share: from n/a through 1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Andy Chapman ECT Social Share permite XSS almacenado. Este problema afecta a ECT Social Share: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54406.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54406.json index 560e8aca7bd..2469ac39a76 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54406.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54406.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:17.197", "lastModified": "2024-12-16T15:15:17.197", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reza Moallemi Comments On Feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through 1.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Reza Moallemi Comments On Feed permite XSS reflejado. Este problema afecta a Comentarios en el feed: desde n/a hasta 1.2.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54407.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54407.json index b851d1c5924..80afd2f7eec 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54407.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54407.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:17.493", "lastModified": "2024-12-16T15:15:17.493", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u968f\u610f\u7684\u98ce CK and SyntaxHighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through 3.4.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en ???? CK and SyntaxHighlighter permite XSS almacenado. Este problema afecta a CK y SyntaxHighlighter: desde n/a hasta 3.4.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54408.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54408.json index cfdabdf7de9..f6ca8fa4d80 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54408.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54408.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:17.693", "lastModified": "2024-12-16T15:15:17.693", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jake H. Youtube Video Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through 1.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jake H. Youtube Video Grid permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Youtube Video Grid: desde n/a hasta 1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54409.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54409.json index 36ed8dc22bf..e7e833bc216 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54409.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54409.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:17.980", "lastModified": "2024-12-16T15:15:17.980", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in fzmaster @ XPD XPD Reduce Image Filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en fzmaster @ XPD XPD Reduce Image Filesize permite XSS almacenado. Este problema afecta a XPD Reduce Image Filesize: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54410.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54410.json index 59d583be2e2..38a962f51fa 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54410.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54410.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:18.173", "lastModified": "2024-12-16T15:15:18.173", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Toby Cox SOPA Blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through 1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Toby Cox SOPA Blackout permite XSS almacenado. Este problema afecta a SOPA Blackout: desde n/a hasta 1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54411.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54411.json index b2c26e0a9c9..5b726416a1f 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54411.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54411.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:18.370", "lastModified": "2024-12-16T15:15:18.370", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaigns.io WP Controller allows Stored XSS.This issue affects WP Controller: from n/a through 3.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en hosting.io, campaigns.io WP Controller permite XSS almacenado. Este problema afecta a WP Controller: desde n/a hasta 3.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54412.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54412.json index c0fff108b9f..39c577ddd5a 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54412.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54412.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:18.547", "lastModified": "2024-12-16T15:15:18.547", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ecommerce Templates ECT Product Carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through 1.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Ecommerce Templates ECT Product Carousel permite XSS almacenado. Este problema afecta a ECT Product Carousel: desde n/a hasta 1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54413.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54413.json index fd1e3a6296c..04ac780941d 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54413.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54413.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:18.770", "lastModified": "2024-12-16T15:15:18.770", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Stefan Brandt Display Future Posts permite XSS almacenado. Este problema afecta a Display Future Posts: desde n/a hasta 0.2.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54414.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54414.json index 5e7c2ad2b46..04bdd4bd88b 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54414.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54414.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:18.923", "lastModified": "2024-12-16T15:15:18.923", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through 2.4.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en geoWP Geoportail Shortcode permite XSS almacenado. Este problema afecta al c\u00f3digo corto Geoportail: desde n/a hasta 2.4.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54415.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54415.json index bdee0cb2065..64d6e408760 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54415.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54415.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:19.100", "lastModified": "2024-12-16T15:15:19.100", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-HideThat allows Stored XSS.This issue affects WP-HideThat: from n/a through 1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Cycle Conoly WP-HideThat permite XSS almacenado. Este problema afecta a WP-HideThat: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54416.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54416.json index 927eef549c1..f30a4bc283f 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54416.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54416.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:19.263", "lastModified": "2024-12-16T15:15:19.263", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Kumar Wp Login with Ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through 0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Navdeep Kumar Wp Login con Ajax permite XSS almacenado. Este problema afecta a Wp Login con Ajax: desde n/a hasta 0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54417.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54417.json index b619e865a66..560c2b7a07d 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54417.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54417.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:19.437", "lastModified": "2024-12-16T15:15:19.437", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Pixelgrade PixProof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through 2.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Pixelgrade PixProof permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a PixProof: desde n/a hasta 2.0.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54418.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54418.json index acfc67a7512..21953b8f815 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54418.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54418.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:19.703", "lastModified": "2024-12-16T15:15:19.703", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp., WPYog, and Gagan Deep Singh DTC Documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through 1.1.05." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Diversified Technology Corp., WPYog, and Gagan Deep Singh DTC Documents permite Cross Site Request Forgery. Este problema afecta a los documentos DTC: desde n/a hasta 1.1.05." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54419.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54419.json index 7654364304a..e70b979471a 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54419.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54419.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:19.897", "lastModified": "2024-12-16T15:15:19.897", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mansur Ahamed Ui Slider Filter By Price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Mansur Ahamed Ui Slider Filter By Price permite Cross Site Request Forgery. Este problema afecta a Ui Slider Filter By Price: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54420.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54420.json index 956237455ac..21896236000 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54420.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54420.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:20.100", "lastModified": "2024-12-16T15:15:20.100", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Aleksander Novikov Metrika permite Cross Site Request Forgery. Este problema afecta a Metrika: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54421.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54421.json index 19f03af10eb..18c21aeb546 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54421.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54421.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:20.257", "lastModified": "2024-12-16T15:15:20.257", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sanjay Singh Negi Floating Video Player allows Stored XSS.This issue affects Floating Video Player: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Sanjay Singh Negi Floating Video Player permite XSS almacenado. Este problema afecta al reproductor de video flotante: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54422.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54422.json index 9a919b7580b..76e28031cf3 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54422.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54422.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:20.410", "lastModified": "2024-12-16T15:15:20.410", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gaowei Tang Evernote Sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through 3.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Gaowei Tang Evernote Sync permite XSS reflejado. Este problema afecta a Evernote Sync: desde n/a hasta 3.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54423.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54423.json index 782a1b1d638..c9077e71942 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54423.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54423.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:20.550", "lastModified": "2024-12-16T15:15:20.550", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jesse Overright Social Media Sharing permite XSS almacenado. Este problema afecta a Social Media Sharing: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54424.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54424.json index 1f5c97d8110..a0767ffa784 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54424.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54424.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:20.697", "lastModified": "2024-12-16T15:15:20.697", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilya Chekalskiy Like in Vk.com allows Stored XSS.This issue affects Like in Vk.com: from n/a through 0.5.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Ilya Chekalskiy Like in Vk.com permite XSS almacenado. Este problema afecta a Like in Vk.com: desde n/a hasta 0.5.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54425.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54425.json index 1042ab6caff..35c69354e4f 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54425.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54425.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:20.853", "lastModified": "2024-12-16T15:15:20.853", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin allows Stored XSS.This issue affects LionScripts: Site Maintenance & Noindex Nofollow Plugin: from n/a through 2.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin permite XSS almacenado. Este problema afecta a LionScripts: Site Maintenance & Noindex Nofollow Plugin: desde n/a hasta 2.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54426.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54426.json index 770610d8c26..e61f0a28460 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54426.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54426.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:21.000", "lastModified": "2024-12-16T15:15:21.000", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andy Fradelakis LeaderBoard Plugin allows Stored XSS.This issue affects LeaderBoard Plugin: from n/a through 1.2.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Andy Fradelakis LeaderBoard Plugin permite XSS almacenado. Este problema afecta al complemento LeaderBoard: desde n/a hasta 1.2.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54427.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54427.json index f4c468c2c71..89180aeec0a 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54427.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54427.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:21.140", "lastModified": "2024-12-16T15:15:21.140", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Linda MacPhee-Cobb Category of Posts allows Stored XSS.This issue affects Category of Posts: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Linda MacPhee-Cobb Category of Posts permite XSS almacenado. Este problema afecta a la categor\u00eda de publicaciones: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54428.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54428.json index e79f84d9e46..f27e4219ee8 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54428.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54428.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:21.280", "lastModified": "2024-12-16T15:15:21.280", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post allows Stored XSS.This issue affects Add image to Post: from n/a through 0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en onigetoc Add image to Post permite XSS almacenado. Este problema afecta a Agregar imagen a la publicaci\u00f3n: desde n/a hasta 0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54429.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54429.json index 914806c764d..3420ee83bb5 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54429.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54429.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:21.417", "lastModified": "2024-12-16T15:15:21.417", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ivan Ovsyannikov Aphorismus allows Stored XSS.This issue affects Aphorismus: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Ivan Ovsyannikov Aphorismus permite XSS almacenado. Este problema afecta a Aphorismus: desde n/a hasta 1.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54430.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54430.json index 1c4d66d1177..15cb46587e8 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54430.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54430.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:21.567", "lastModified": "2024-12-16T15:15:21.567", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bastien Ho EELV Newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through 4.8.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Bastien Ho EELV Newsletter permite Cross Site Request Forgery. Este problema afecta al bolet\u00edn EELV: desde n/a hasta 4.8.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54431.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54431.json index ced7242a558..c53b11486bc 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54431.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54431.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:21.727", "lastModified": "2024-12-16T15:15:21.727", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mohamed Riyaz Admin Customization allows Stored XSS.This issue affects Admin Customization: from n/a through 2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Mohamed Riyaz Admin Customization permite XSS almacenado. Este problema afecta a Admin Customization: desde n/a hasta 2.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54432.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54432.json index 7b8e6c6a155..0ed600239ce 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54432.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54432.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:21.883", "lastModified": "2024-12-16T15:15:21.883", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Prasad Patnaik WP Flipkart Importer allows Stored XSS.This issue affects WP Flipkart Importer: from n/a through 1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Shambhu Prasad Patnaik WP Flipkart Importer permite XSS almacenado. Este problema afecta a WP Flipkart Importer: desde n/a hasta 1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54433.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54433.json index f3fc159ee3b..5bb05e352ba 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54433.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54433.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:22.023", "lastModified": "2024-12-16T15:15:22.023", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Simple Booking Simple Booking Widget allows Stored XSS.This issue affects Simple Booking Widget: from n/a through 1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Simple Booking Simple Booking Widget permite XSS almacenado. Este problema afecta a Simple Booking Widget: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54434.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54434.json index 938e72bd6ff..4ae08b2b8d7 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54434.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54434.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:22.160", "lastModified": "2024-12-16T15:15:22.160", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue affects phZoom: from n/a through 1.2.92." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Phoetry phZoom permite XSS almacenado. Este problema afecta a phZoom: desde n/a hasta 1.2.92." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54435.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54435.json index 1bf7fef2762..203a4f98ae9 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54435.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54435.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:22.293", "lastModified": "2024-12-16T15:15:22.293", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Onlywire Multi Autosubmitter allows Stored XSS.This issue affects Onlywire Multi Autosubmitter: from n/a through 1.2.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Thomas Hoefter Onlywire Multi Autosubmitter permite XSS almacenado. Este problema afecta a Onlywire Multi Autosubmitter: desde n/a hasta 1.2.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54436.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54436.json index 48a5b641f73..2e45209e19c 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54436.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54436.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:22.437", "lastModified": "2024-12-16T15:15:22.437", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Footer Code allows Stored XSS.This issue affects Jet Footer Code: from n/a through 1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jettochkin Jet Footer Code permite XSS almacenado. Este problema afecta a Jet Footer Code: desde n/a hasta 1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54437.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54437.json index 1ce4b1d4455..47a2f65ec99 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54437.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54437.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:22.570", "lastModified": "2024-12-16T15:15:22.570", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Merrill M. Mayer jCarousel allows Stored XSS.This issue affects jCarousel: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Merrill M. Mayer jCarousel que permite XSS almacenado. Este problema afecta a jCarousel: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54438.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54438.json index 219e00c0055..2689b30417f 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54438.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54438.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:22.713", "lastModified": "2024-12-16T15:15:22.713", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in GAxx Gaxx Keywords allows Stored XSS.This issue affects Gaxx Keywords: from n/a through 0.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en GAxx Gaxx Keywords permite XSS almacenado. Este problema afecta a Gaxx Palabras clave: desde n/a hasta 0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54439.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54439.json index f9905213d9f..e138e9c3348 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54439.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54439.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:22.843", "lastModified": "2024-12-16T15:15:22.843", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price allows Stored XSS.This issue affects Amazon Product Price: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Alok Tiwari Amazon Product Price permite XSS almacenado. Este problema afecta a Amazon Product Price: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54440.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54440.json index 3877b277b5d..f99e014d399 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54440.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54440.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:22.987", "lastModified": "2024-12-16T15:15:22.987", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-User allows Stored XSS.This issue affects WP-Ban-User: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en blueskyy WP-Ban-User permite XSS almacenado. Este problema afecta a WP-Ban-User: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54441.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54441.json index 9d65cacfe84..de9fdb5c10c 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54441.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54441.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:23.130", "lastModified": "2024-12-16T15:15:23.130", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meini Utech World Time allows Stored XSS.This issue affects Utech World Time: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Meini Utech World Time permite XSS almacenado. Este problema afecta a Utech World Time: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54442.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54442.json index 2e5da46a30c..06c6efe4e42 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54442.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54442.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:23.273", "lastModified": "2024-12-16T15:15:23.273", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Llu\u00eds Cort\u00e8s Better WP Login Page allows Stored XSS.This issue affects Better WP Login Page: from n/a through 1.1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Llu\u00eds Cort\u00e8s Better WP Login Page permite XSS almacenado. Este problema afecta a Better WP Login Page: desde n/a hasta 1.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54443.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54443.json index dd8b2af5c1e..7a9a6888757 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54443.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54443.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-16T15:15:23.420", "lastModified": "2024-12-16T15:15:23.420", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginscafe Advanced Data Table For Elementor allows Stored XSS.This issue affects Advanced Data Table For Elementor: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pluginscafe Advanced Data Table For Elementor permite XSS almacenado. Este problema afecta a Advanced Data Table For Elementor: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54457.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54457.json index 4fed3b9fe73..d72f294c8d9 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54457.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54457.json @@ -3,12 +3,16 @@ "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-12-18T07:15:08.377", "lastModified": "2024-12-18T07:15:08.377", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service." + }, + { + "lang": "es", + "value": "Existe un problema de inclusi\u00f3n de caracter\u00edsticas no documentadas o de chicken bits en las versiones de firmware 2.0.10 y anteriores de AE1021 y en las versiones de firmware 2.0.10 y anteriores de AE1021PE, lo que puede permitir que un usuario conectado habilite el servicio telnet." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-546xx/CVE-2024-54662.json b/CVE-2024/CVE-2024-546xx/CVE-2024-54662.json index ec569dd8656..f1cff411e39 100644 --- a/CVE-2024/CVE-2024-546xx/CVE-2024-54662.json +++ b/CVE-2024/CVE-2024-546xx/CVE-2024-54662.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T18:15:24.963", "lastModified": "2024-12-18T16:15:14.220", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-546xx/CVE-2024-54682.json b/CVE-2024/CVE-2024-546xx/CVE-2024-54682.json index 1107a46d557..6dde4de22ec 100644 --- a/CVE-2024/CVE-2024-546xx/CVE-2024-54682.json +++ b/CVE-2024/CVE-2024-546xx/CVE-2024-54682.json @@ -3,12 +3,16 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-12-16T08:15:05.513", "lastModified": "2024-12-16T08:15:05.513", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to\u00a0cause a DoS via zip bomb by importing data in a team they are a team admin." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 no limitan el tama\u00f1o del archivo para las cargas de archivos de importaci\u00f3n de Slack, lo que permite que un usuario provoque un DoS a trav\u00e9s de una bomba zip al importar datos en un equipo del que es administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-547xx/CVE-2024-54790.json b/CVE-2024/CVE-2024-547xx/CVE-2024-54790.json index a36e54d2693..3194b9a8da8 100644 --- a/CVE-2024/CVE-2024-547xx/CVE-2024-54790.json +++ b/CVE-2024/CVE-2024-547xx/CVE-2024-54790.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en /index.php en PHPGurukul Pre-School Enrollment System v1.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro visittime." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54982.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54982.json index d5755af827c..af34bbabb05 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54982.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54982.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message." + }, + { + "lang": "es", + "value": "Un problema en Quectel BC25 con la versi\u00f3n de firmware BC25PAR01A06 permite a los atacantes eludir la autenticaci\u00f3n a trav\u00e9s de un mensaje NAS manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54983.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54983.json index 0e6579dd730..793a7dea5cb 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54983.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54983.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message." + }, + { + "lang": "es", + "value": "Un problema en Quectel BC95-CNV V100R001C00SPC051 permite a los atacantes eludir la autenticaci\u00f3n a trav\u00e9s de un mensaje NAS manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54984.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54984.json index 3d1b755c0fc..23000f98718 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54984.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54984.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message." + }, + { + "lang": "es", + "value": "Un problema en Quectel BG96 BG96MAR02A08M1G permite a los atacantes eludir la autenticaci\u00f3n a trav\u00e9s de un mensaje NAS manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5493.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5493.json index 7b2ac6a5cba..86342af2660 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5493.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5493.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-05-30T23:15:48.283", "lastModified": "2024-11-21T09:47:47.260", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5494.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5494.json index 355f2e958da..6b2872c8eb7 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5494.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5494.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-05-30T23:15:48.367", "lastModified": "2024-11-21T09:47:47.450", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5495.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5495.json index 4c6579e8bec..dbe262d5687 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5495.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5495.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-05-30T23:15:48.433", "lastModified": "2024-11-21T09:47:48.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5496.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5496.json index 9d7771f4f4c..65f4789ad82 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5496.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5496.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-05-30T23:15:48.497", "lastModified": "2024-11-21T09:47:48.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5497.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5497.json index ed80f44fac8..f84a4ead966 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5497.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5497.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-05-30T23:15:48.560", "lastModified": "2024-11-21T09:47:48.847", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5498.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5498.json index a24ee3b5ae9..db04a376c48 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5498.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5498.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-05-30T23:15:48.630", "lastModified": "2024-11-21T09:47:49.010", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5499.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5499.json index 2116d46219a..75daa9eb168 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5499.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5499.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-05-30T23:15:48.697", "lastModified": "2024-11-21T09:47:49.183", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-550xx/CVE-2024-55056.json b/CVE-2024/CVE-2024-550xx/CVE-2024-55056.json index 28c1bfa0406..d21bbd884cf 100644 --- a/CVE-2024/CVE-2024-550xx/CVE-2024-55056.json +++ b/CVE-2024/CVE-2024-550xx/CVE-2024-55056.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T21:15:08.253", "lastModified": "2024-12-17T22:15:07.217", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de cross-site scripting (XSS) almacenado en Phpgurukul Online Birth Certificate System 1.0 en /user/certificate-form.php a trav\u00e9s del campo de nombre completo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-550xx/CVE-2024-55057.json b/CVE-2024/CVE-2024-550xx/CVE-2024-55057.json index ca7a1996e1a..abd799dde19 100644 --- a/CVE-2024/CVE-2024-550xx/CVE-2024-55057.json +++ b/CVE-2024/CVE-2024-550xx/CVE-2024-55057.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T21:15:08.373", "lastModified": "2024-12-17T22:15:07.383", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts." + }, + { + "lang": "es", + "value": "Phpgurukul Online Birth Certificate System 1.0 tiene requisitos de contrase\u00f1a insuficientes, lo que puede generar acceso no autorizado a las cuentas de usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-550xx/CVE-2024-55058.json b/CVE-2024/CVE-2024-550xx/CVE-2024-55058.json index 929d710c4a1..b74749fb2b5 100644 --- a/CVE-2024/CVE-2024-550xx/CVE-2024-55058.json +++ b/CVE-2024/CVE-2024-550xx/CVE-2024-55058.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T21:15:08.510", "lastModified": "2024-12-18T16:15:14.400", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de referencia directa a objeto (IDOR) insegura en PHPGurukul Online Birth Certificate System v1.0. Esta vulnerabilidad reside en el par\u00e1metro viewid de /user/view-application-detail.php. Los usuarios autenticados pueden explotar esta falla manipulando el par\u00e1metro viewid en la URL para acceder a detalles confidenciales del certificado de nacimiento de otros usuarios sin las verificaciones de autorizaci\u00f3n adecuadas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-550xx/CVE-2024-55059.json b/CVE-2024/CVE-2024-550xx/CVE-2024-55059.json index 44a44f425b3..4667d328fdc 100644 --- a/CVE-2024/CVE-2024-550xx/CVE-2024-55059.json +++ b/CVE-2024/CVE-2024-550xx/CVE-2024-55059.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T21:15:08.643", "lastModified": "2024-12-18T16:15:14.560", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de HTML almacenado en PHPGurukul Online Birth Certificate System v1.0 en /user/certificate-form.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-550xx/CVE-2024-55081.json b/CVE-2024/CVE-2024-550xx/CVE-2024-55081.json index 0c36897dd18..1a60c2bae58 100644 --- a/CVE-2024/CVE-2024-550xx/CVE-2024-55081.json +++ b/CVE-2024/CVE-2024-550xx/CVE-2024-55081.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de entidad externa XML (XXE) en el componente /datagrip/upload de Chat2DB v0.3.5 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante el suministro de una entrada XML manipulada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-550xx/CVE-2024-55082.json b/CVE-2024/CVE-2024-550xx/CVE-2024-55082.json index 590f4843af0..68bdfd13ced 100644 --- a/CVE-2024/CVE-2024-550xx/CVE-2024-55082.json +++ b/CVE-2024/CVE-2024-550xx/CVE-2024-55082.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request." + }, + { + "lang": "es", + "value": "Server-Side Request Forgery (SSRF) en el endpoint http://{your-server}/url-to-pdf de Stirling-PDF 0.35.1 permite a los atacantes acceder a informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada espec\u00edficamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-550xx/CVE-2024-55085.json b/CVE-2024/CVE-2024-550xx/CVE-2024-55085.json index 5b0aa29d234..2379ecba48d 100644 --- a/CVE-2024/CVE-2024-550xx/CVE-2024-55085.json +++ b/CVE-2024/CVE-2024-550xx/CVE-2024-55085.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE." + }, + { + "lang": "es", + "value": "GetSimple CMS CE 3.3.19 sufre ejecuci\u00f3n de c\u00f3digo arbitrario en la funci\u00f3n de edici\u00f3n de plantillas en el sistema de administraci\u00f3n en segundo plano, que puede ser utilizado por un atacante para implementar RCE." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-550xx/CVE-2024-55086.json b/CVE-2024/CVE-2024-550xx/CVE-2024-55086.json index ef643e3daa9..14310450e64 100644 --- a/CVE-2024/CVE-2024-550xx/CVE-2024-55086.json +++ b/CVE-2024/CVE-2024-550xx/CVE-2024-55086.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-18T17:15:14.280", "lastModified": "2024-12-18T19:15:11.613", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system." + }, + { + "lang": "es", + "value": "En la p\u00e1gina de administraci\u00f3n de GetSimple CMS CE 3.3.19, se puede lograr Server-Side Request Forgery (SSRF) en la direcci\u00f3n de descarga del complemento en el sistema de administraci\u00f3n de backend." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-551xx/CVE-2024-55196.json b/CVE-2024/CVE-2024-551xx/CVE-2024-55196.json index 4da9ba32147..2629d68640f 100644 --- a/CVE-2024/CVE-2024-551xx/CVE-2024-55196.json +++ b/CVE-2024/CVE-2024-551xx/CVE-2024-55196.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers." + }, + { + "lang": "es", + "value": "Las credenciales insuficientemente protegidas en Mail Server Configuration en GoPhish v0.12.1 permiten a un atacante acceder a las contrase\u00f1as de texto plano de los servidores IMAP y SMTP configurados." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-552xx/CVE-2024-55231.json b/CVE-2024/CVE-2024-552xx/CVE-2024-55231.json index a7cc182264e..9bb15155aa5 100644 --- a/CVE-2024/CVE-2024-552xx/CVE-2024-55231.json +++ b/CVE-2024/CVE-2024-552xx/CVE-2024-55231.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de IDOR en edit-notes.php module de PHPGurukul Online Notes Sharing Management System v1.0 permite que usuarios no autorizados modifiquen notas pertenecientes a otras cuentas debido a la falta de comprobaciones de autorizaci\u00f3n. Esta falla expone datos confidenciales y permite a los atacantes alterar la informaci\u00f3n de otro usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-552xx/CVE-2024-55232.json b/CVE-2024/CVE-2024-552xx/CVE-2024-55232.json index 976169f9348..198d98e5b04 100644 --- a/CVE-2024/CVE-2024-552xx/CVE-2024-55232.json +++ b/CVE-2024/CVE-2024-552xx/CVE-2024-55232.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de IDOR en manage-notes.php module en PHPGurukul Online Notes Sharing Management System v1.0 permite que usuarios no autorizados eliminen notas pertenecientes a otras cuentas debido a la falta de comprobaciones de autorizaci\u00f3n. Esta falla permite a los atacantes eliminar la informaci\u00f3n de otro usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-552xx/CVE-2024-55239.json b/CVE-2024/CVE-2024-552xx/CVE-2024-55239.json index f11583e593b..65df414e9eb 100644 --- a/CVE-2024/CVE-2024-552xx/CVE-2024-55239.json +++ b/CVE-2024/CVE-2024-552xx/CVE-2024-55239.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting reflejado en la funcionalidad de carga de documentaci\u00f3n est\u00e1ndar en Portabilis i-Educar 2.9 permite a un atacante manipular URL maliciosas con javascript arbitrario en el par\u00e1metro 'titulo_documento'." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-554xx/CVE-2024-55451.json b/CVE-2024/CVE-2024-554xx/CVE-2024-55451.json index 2c97322ce05..8dfe7e57f68 100644 --- a/CVE-2024/CVE-2024-554xx/CVE-2024-55451.json +++ b/CVE-2024/CVE-2024-554xx/CVE-2024-55451.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la funcionalidad de carga y visualizaci\u00f3n de archivos SVG autenticados en UJCMS 9.6.3. La vulnerabilidad surge de una desinfecci\u00f3n insuficiente de los atributos integrados en los archivos SVG cargados. Cuando otros usuarios del backend ven un archivo SVG manipulado con fines malintencionados, los atacantes autenticados pueden ejecutar c\u00f3digo JavaScript arbitrario en el contexto de los navegadores de otros usuarios del backend, lo que puede llevar al robo de tokens confidenciales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-554xx/CVE-2024-55452.json b/CVE-2024/CVE-2024-554xx/CVE-2024-55452.json index 27b80a5e8e9..b9c702d120c 100644 --- a/CVE-2024/CVE-2024-554xx/CVE-2024-55452.json +++ b/CVE-2024/CVE-2024-554xx/CVE-2024-55452.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de redirecci\u00f3n de URL en UJCMS 9.6.3 debido a una validaci\u00f3n incorrecta de las URL en la carga y representaci\u00f3n de nuevos elementos de bloque/carrusel. Esta vulnerabilidad permite a los atacantes autenticados redirigir a usuarios sin privilegios a una p\u00e1gina web arbitraria controlada por el atacante. Cuando un usuario autenticado hace clic en el elemento de bloque malicioso, se lo redirige a dominios arbitrarios que no son de confianza, donde se pueden robar tokens confidenciales, como tokens web JSON, a trav\u00e9s de una p\u00e1gina web manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-554xx/CVE-2024-55461.json b/CVE-2024/CVE-2024-554xx/CVE-2024-55461.json index f0e2fc571cb..9a53ea66ce9 100644 --- a/CVE-2024/CVE-2024-554xx/CVE-2024-55461.json +++ b/CVE-2024/CVE-2024-554xx/CVE-2024-55461.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext()." + }, + { + "lang": "es", + "value": "SeaCMS <=13.0 es vulnerable a la ejecuci\u00f3n de comandos en phome.php a trav\u00e9s de la funci\u00f3n Ebak_RepPathFiletext()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-554xx/CVE-2024-55492.json b/CVE-2024/CVE-2024-554xx/CVE-2024-55492.json index 18a8a6cf7f6..58d2145c9fe 100644 --- a/CVE-2024/CVE-2024-554xx/CVE-2024-55492.json +++ b/CVE-2024/CVE-2024-554xx/CVE-2024-55492.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-18T17:15:14.400", "lastModified": "2024-12-18T19:15:11.777", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS)." + }, + { + "lang": "es", + "value": "Winmail Server 4.4 es vulnerable a f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55505.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55505.json index b72cdb231a4..6da500ef4df 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55505.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55505.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component." + }, + { + "lang": "es", + "value": "Un problema en CodeAstro Complaint Management System v.1.0 permite que un atacante remoto escale privilegios a trav\u00e9s del componente mess-view.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55506.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55506.json index 9ffaf562960..fde43376000 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55506.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55506.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter." + }, + { + "lang": "es", + "value": "Una vulnerabilidad IDOR en CodeAstro's Complaint Management System v1.0 (versi\u00f3n con 0 actualizaciones) de CodeAstro permite a un atacante ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del archivo delete.php y modificando el par\u00e1metro id." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55513.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55513.json index 84509ec7e87..095b81d1967 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55513.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55513.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T20:15:22.623", "lastModified": "2024-12-18T16:15:14.720", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Raisecom MSG1200, MSG2100E, MSG2200 y MSG2300 3.90. El componente afectado por este problema es /upload_netaction.php en la interfaz web. Al manipular un nombre de formulario adecuado, se pueden cargar archivos arbitrarios, lo que puede provocar un acceso no autorizado a los permisos del servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55514.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55514.json index 27372f168db..fb3314b4dcc 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55514.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55514.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T20:15:22.757", "lastModified": "2024-12-18T16:15:14.900", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Raisecom MSG1200, MSG2100E, MSG2200 y MSG2300 3.90. El componente afectado por este problema es /upload_sfmig.php en la interfaz web. Al manipular un nombre de formulario adecuado, se pueden cargar archivos arbitrarios, lo que puede provocar un acceso no autorizado a los permisos del servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55515.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55515.json index ccdd524bb10..539457c3254 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55515.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55515.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T20:15:22.887", "lastModified": "2024-12-18T16:15:15.090", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Raisecom MSG1200, MSG2100E, MSG2200 y MSG2300 3.90. El componente afectado por este problema es /upload_ipslib.php en la interfaz web. Al manipular un nombre de formulario adecuado, se pueden cargar archivos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55516.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55516.json index a2696d5d0f7..1df3eebb1e7 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55516.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55516.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-12-17T20:15:23.020", "lastModified": "2024-12-18T16:15:15.263", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Raisecom MSG1200, MSG2100E, MSG2200 y MSG2300 v3.90. El componente afectado por este problema es /upload_sysconfig.php en la interfaz web. Al manipular un nombre de formulario adecuado, se pueden cargar archivos arbitrarios, lo que puede provocar un acceso no autorizado a los permisos del servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-556xx/CVE-2024-55603.json b/CVE-2024/CVE-2024-556xx/CVE-2024-55603.json index fc558334de5..4a43785a8eb 100644 --- a/CVE-2024/CVE-2024-556xx/CVE-2024-55603.json +++ b/CVE-2024/CVE-2024-556xx/CVE-2024-55603.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`), to store the session data in a database. Therefore, when a `session_id` is given, kanboard queries the data from the `sessions` sql table. At this point, it does not correctly verify, if a given `session_id` has already exceeded its lifetime (`expires_at`).\nThus, a session which's lifetime is already `> time()`, is still queried from the database and hence a valid login. The implemented **SessionHandlerInterface::gc** function, that does remove invalid sessions, is called only **with a certain probability** (_Cleans up expired sessions. Called by `session_start()`, based on `session.gc_divisor`, `session.gc_probability` and `session.gc_maxlifetime` settings_) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gc_probability=1, session.gc_divisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. En las versiones afectadas, las sesiones a\u00fan se pueden utilizar aunque su vida \u00fatil haya excedido. Kanboard implementa un gestionador de sesi\u00f3n personalizado (`app/Core/Session/SessionHandler.php`), para almacenar los datos de la sesi\u00f3n en una base de datos. Por lo tanto, cuando se proporciona un `session_id`, Kanboard consulta los datos de la tabla SQL `sessions`. En este punto, no verifica correctamente si un `session_id` dado ya ha excedido su vida \u00fatil (`expires_at`). Por lo tanto, una sesi\u00f3n cuya vida \u00fatil ya es `> time()`, a\u00fan se consulta desde la base de datos y, por lo tanto, es un inicio de sesi\u00f3n v\u00e1lido. La funci\u00f3n **SessionHandlerInterface::gc** implementada, que elimina sesiones no v\u00e1lidas, se llama solo **con cierta probabilidad** (_Limpia sesiones caducadas. Llamada por `session_start()`, basada en las configuraciones `session.gc_divisor`, `session.gc_probability` y `session.gc_maxlifetime`_) de acuerdo con la documentaci\u00f3n de php. En la imagen oficial de Docker de Kanboard, estos valores predeterminados son: session.gc_probability=1, session.gc_divisor=1000. Por lo tanto, una sesi\u00f3n caducada solo se termina con una probabilidad de 1/1000. Este problema se ha solucionado en la versi\u00f3n 1.2.43 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-556xx/CVE-2024-55661.json b/CVE-2024/CVE-2024-556xx/CVE-2024-55661.json index 766ebbe6edd..3ce7a8c2ccd 100644 --- a/CVE-2024/CVE-2024-556xx/CVE-2024-55661.json +++ b/CVE-2024/CVE-2024-556xx/CVE-2024-55661.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public `remember()` method in the `Laravel\\Pulse\\Livewire\\Concerns\\RemembersQueries` trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application. An authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method in which the callable is a function or static method and the callable has no parameters or no strict parameter types. The vulnerable to component is `remember(callable $query, string $key = '')` method in `Laravel\\Pulse\\Livewire\\Concerns\\RemembersQueries`, and the vulnerability affects all Pulse card components that use this trait. Version 1.3.1 contains a patch." + }, + { + "lang": "es", + "value": "Laravel Pulse es una herramienta de monitoreo de rendimiento de aplicaciones en tiempo real y un panel de control para aplicaciones Laravel. Se ha descubierto una vulnerabilidad en Laravel Pulse anterior a la versi\u00f3n 1.3.1 que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s del m\u00e9todo p\u00fablico `remember()` en el rasgo `Laravel\\Pulse\\Livewire\\Concerns\\RemembersQueries`. Este m\u00e9todo es accesible a trav\u00e9s de los componentes Livewire y se puede explotar para llamar a elementos invocables arbitrarios dentro de la aplicaci\u00f3n. Un usuario autenticado con acceso al panel de control de Laravel Pulse puede ejecutar c\u00f3digo arbitrario llamando a cualquier funci\u00f3n o m\u00e9todo est\u00e1tico en el que el invocable sea una funci\u00f3n o un m\u00e9todo est\u00e1tico y el invocable no tenga par\u00e1metros o ning\u00fan tipo de par\u00e1metro estricto. El componente vulnerable es el m\u00e9todo `remember(callable $query, string $key = '')` en `Laravel\\Pulse\\Livewire\\Concerns\\RemembersQueries`, y la vulnerabilidad afecta a todos los componentes de la tarjeta Pulse que usan este rasgo. La versi\u00f3n 1.3.1 contiene un parche." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-558xx/CVE-2024-55864.json b/CVE-2024/CVE-2024-558xx/CVE-2024-55864.json index 26be511f613..9fc723d47f2 100644 --- a/CVE-2024/CVE-2024-558xx/CVE-2024-55864.json +++ b/CVE-2024/CVE-2024-558xx/CVE-2024-55864.json @@ -3,12 +3,16 @@ "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-12-17T05:15:09.937", "lastModified": "2024-12-17T05:15:09.937", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-Site Scripting en las versiones de My WP Customize Admin/Frontend anteriores a la 1.24.1. Si un usuario administrativo malintencionado personaliza la p\u00e1gina administrativa con alg\u00fan contenido malintencionado, se puede ejecutar una secuencia de comandos arbitraria en el navegador web de los dem\u00e1s usuarios que acceden a la p\u00e1gina." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-558xx/CVE-2024-55887.json b/CVE-2024/CVE-2024-558xx/CVE-2024-55887.json index 4d00ba33cd2..246cbaf7859 100644 --- a/CVE-2024/CVE-2024-558xx/CVE-2024-55887.json +++ b/CVE-2024/CVE-2024-558xx/CVE-2024-55887.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can submit XML. Release 1.0.9 of Ucum-java fixes this vulnerability. As a workaround, ensure that the source xml for instantiating UcumEssenceService is trusted." + }, + { + "lang": "es", + "value": "Ucum-java es una librer\u00eda Java FHIR que proporciona servicios UCUM. En versiones anteriores a la 1.0.9, el an\u00e1lisis de XML realizado por UcumEssenceService es vulnerable a inyecciones de entidades externas de XML. Un archivo XML procesado con una etiqueta DTD maliciosa podr\u00eda generar XML que contenga datos del sistema host. Esto afecta los casos de uso en los que se utiliza ucum dentro de un host donde los clientes externos pueden enviar XML. La versi\u00f3n 1.0.9 de Ucum-java corrige esta vulnerabilidad. Como workaround, aseg\u00farese de que el XML de origen para crear una instancia de UcumEssenceService sea confiable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-558xx/CVE-2024-55889.json b/CVE-2024/CVE-2024-558xx/CVE-2024-55889.json index 011ff815cc4..0f6e46ff20e 100644 --- a/CVE-2024/CVE-2024-558xx/CVE-2024-55889.json +++ b/CVE-2024/CVE-2024-558xx/CVE-2024-55889.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an