admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 10:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-16T18:00:22.349552+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-16 18:03:24 +00:00
parent 83665e568d
commit 90585cad4f
359 changed files with 7355 additions and 1194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2012/CVE-2012-100xx/CVE-2012-10018.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2012-10018",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:03.920",
"lastModified": "2024-10-16T07:15:03.920",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file."
},
{
"lang": "es",
"value": "Los complementos Mapplic y Mapplic Lite para WordPress son vulnerables a Server-Side Request Forgery en las versiones 6.1 y 1.0, respectivamente. Esto permite a los atacantes falsificar solicitudes provenientes del servidor de un sitio vulnerable y, en \u00faltima instancia, realizar un ataque XSS si se solicita un archivo SVG."
}
],
"metrics": {

8
CVE-2016/CVE-2016-150xx/CVE-2016-15040.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2016-15040",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:04.447",
"lastModified": "2024-10-16T07:15:04.447",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento Kento Post View Counter para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'kento_pvc_geo' en versiones hasta la 2.8 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

8
CVE-2016/CVE-2016-150xx/CVE-2016-15041.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2016-15041",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:04.747",
"lastModified": "2024-10-16T07:15:04.747",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MainWP Dashboard \u2013 The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mwp_setup_purchase_username\u2019 parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento MainWP Dashboard \u2013 The Private WordPress Manager for Multiple Website Maintenance para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del par\u00e1metro 'mwp_setup_purchase_username' en versiones hasta la 3.1.2 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2016/CVE-2016-150xx/CVE-2016-15042.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2016-15042",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T08:15:02.990",
"lastModified": "2024-10-16T08:15:02.990",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
},
{
"lang": "es",
"value": "Los complementos Frontend File Manager (versiones &lt; 4.0) y N-Media Post Front-end Form (versiones &lt; 1.1) para WordPress son vulnerables a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo a trav\u00e9s de las acciones AJAX `nm_filemanager_upload_file` y `nm_postfront_upload_file`. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor de los sitios afectados, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2017/CVE-2017-201xx/CVE-2017-20192.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2017-20192",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:05.147",
"lastModified": "2024-10-16T07:15:05.147",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser."
},
{
"lang": "es",
"value": "El complemento Formidable Form Builder para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de m\u00faltiples par\u00e1metros enviados durante las entradas de formularios, como 'after_html' en versiones anteriores a la 2.05.03, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias que se ejecutan en el navegador de la v\u00edctima."
}
],
"metrics": {

8
CVE-2017/CVE-2017-201xx/CVE-2017-20193.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2017-20193",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T08:15:03.223",
"lastModified": "2024-10-16T08:15:03.223",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "Product Vendors son vulnerables a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'vendor_description' en versiones hasta la 2.0.35 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2017/CVE-2017-201xx/CVE-2017-20194.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2017-20194",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T08:15:03.453",
"lastModified": "2024-10-16T08:15:03.453",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form."
},
{
"lang": "es",
"value": "El complemento Formidable Form Builder para WordPress es vulnerable a la exposici\u00f3n de datos confidenciales en versiones hasta la 2.05.03 incluida a trav\u00e9s de la acci\u00f3n AJAX frm_forms_preview. Esto permite que atacantes no autenticados exporten todas las entradas de formulario de un formulario determinado."
}
],
"metrics": {

8
CVE-2018/CVE-2018-251xx/CVE-2018-25105.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2018-25105",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:05.467",
"lastModified": "2024-10-16T07:15:05.467",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution."
},
{
"lang": "es",
"value": "El complemento File Manager para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una verificaci\u00f3n de capacidad faltante en el archivo /inc/root.php en versiones hasta la 3.0 incluida. Esto permite que atacantes no autenticados descarguen archivos arbitrarios del servidor y carguen archivos arbitrarios que se pueden usar para la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2019/CVE-2019-252xx/CVE-2019-25213.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2019-25213",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:05.790",
"lastModified": "2024-10-16T07:15:05.790",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php"
},
{
"lang": "es",
"value": "El complemento Advanced Access Manager para WordPress es vulnerable a la lectura arbitraria de archivos sin autenticaci\u00f3n en versiones hasta la 5.9.8.1 incluida debido a una validaci\u00f3n insuficiente en el par\u00e1metro aam-media. Esto permite a atacantes sin autenticaci\u00f3n leer cualquier archivo en el servidor, incluidos archivos confidenciales como wp-config.php"
}
],
"metrics": {

8
CVE-2019/CVE-2019-252xx/CVE-2019-25214.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2019-25214",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:06.153",
"lastModified": "2024-10-16T07:15:06.153",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating the plugin's settings and injecting malicious scripts."
},
{
"lang": "es",
"value": "El complemento ShopWP para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una verificaci\u00f3n de capacidad faltante en varias rutas de API REST en versiones hasta la 2.0.4 incluida. Esto hace posible que atacantes no autenticados llamen a los puntos finales y realicen acciones no autorizadas, como actualizar la configuraci\u00f3n del complemento e inyectar scripts maliciosos."
}
],
"metrics": {

8
CVE-2019/CVE-2019-252xx/CVE-2019-25215.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2019-25215",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:06.467",
"lastModified": "2024-10-16T07:15:06.467",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes."
},
{
"lang": "es",
"value": "El complemento ARI-Adminer para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a la falta de controles de acceso a archivos en casi todos los archivos del complemento en las versiones hasta la 1.1.14 incluida. Esto permite que atacantes no autenticados accedan a los archivos directamente y realicen una amplia variedad de acciones no autorizadas, como acceder a la base de datos de un sitio y realizar cambios."
}
],
"metrics": {

8
CVE-2019/CVE-2019-252xx/CVE-2019-25216.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2019-25216",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:06.727",
"lastModified": "2024-10-16T07:15:06.727",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Rich Review para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del par\u00e1metro 'update' del cuerpo de POST en versiones hasta la 1.7.4 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2019/CVE-2019-252xx/CVE-2019-25217.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2019-25217",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:07.030",
"lastModified": "2024-10-16T07:15:07.030",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
},
{
"lang": "es",
"value": "El complemento SiteGround Optimizer para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n que conduce a la ejecuci\u00f3n remota de c\u00f3digo y la inclusi\u00f3n local de archivos en versiones hasta la 5.0.12 incluida debido al uso incorrecto de un atributo de control de acceso en la funci\u00f3n switch_php llamada a trav\u00e9s de la ruta de API REST /switch-php. Esto permite a los atacantes incluir y ejecutar archivos arbitrarios en el servidor, lo que permite la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en casos en los que se pueden cargar e incluir im\u00e1genes y otros tipos de archivos \"seguros\"."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36831.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36831",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:07.280",
"lastModified": "2024-10-16T07:15:07.280",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user."
},
{
"lang": "es",
"value": "El complemento NextScripts: Social Networks Auto-Poster para WordPress es vulnerable a la omisi\u00f3n de la autorizaci\u00f3n debido a la falta de comprobaciones de capacidad en m\u00faltiples funciones de seguridad y privilegios de usuario proporcionadas en versiones hasta la 4.3.17 incluida. Esto permite que atacantes con pocos privilegios, como los suscriptores, realicen acciones restringidas que de otro modo estar\u00edan bloqueadas a un usuario de nivel administrativo."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36832.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36832",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:07.637",
"lastModified": "2024-10-16T07:15:07.637",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID."
},
{
"lang": "es",
"value": "El complemento Ultimate Membership Pro para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en las versiones 7.3 a 8.6, incluidas. Esto permite que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario, incluido el administrador del sitio con un ID de usuario predeterminado de 1, a trav\u00e9s del nombre de usuario o el ID de usuario."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36833.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36833",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:07.893",
"lastModified": "2024-10-16T07:15:07.893",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data."
},
{
"lang": "es",
"value": "El complemento Indeed Membership Pro para WordPress es vulnerable a la omisi\u00f3n de la autorizaci\u00f3n debido a la falta de comprobaciones de capacidad en varias acciones AJAX en las versiones 7.3 a 8.6. Esto hace posible que un atacante autenticado, con un permiso m\u00ednimo, como un suscriptor, realice una variedad de acciones, como modificar configuraciones y ver datos confidenciales."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36834.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36834",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:08.127",
"lastModified": "2024-10-16T07:15:08.127",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations."
},
{
"lang": "es",
"value": "El complemento Discount Rules for WooCommerce para WordPress es vulnerable a la falta de autorizaci\u00f3n a trav\u00e9s de varias acciones AJAX en versiones hasta la 2.0.2 incluida debido a la falta de comprobaciones de capacidad en varias funciones. Esto permite que los atacantes a nivel de suscriptor ejecuten varias acciones y realicen una amplia variedad de acciones, como modificar reglas y guardar configuraciones."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36835.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36835",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:08.387",
"lastModified": "2024-10-16T07:15:08.387",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35."
},
{
"lang": "es",
"value": "El complemento Migration, Backup, Staging \u2013 WPvivid para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n confidencial de la base de datos de un sitio de WordPress debido a la falta de comprobaciones de capacidad en la acci\u00f3n AJAX wp_ajax_wpvivid_add_remote que permite a los atacantes autenticados de bajo nivel enviar copias de seguridad a una ubicaci\u00f3n remota de su elecci\u00f3n para su revisi\u00f3n. Esto afecta a las versiones hasta la 0.9.35 incluida."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36836.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36836",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:08.630",
"lastModified": "2024-10-16T07:15:08.630",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server."
},
{
"lang": "es",
"value": "El complemento WP Fastest Cache para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos no autorizados en versiones hasta la 0.9.0.2 incluida debido a la falta de comprobaci\u00f3n de capacidad y a una validaci\u00f3n de ruta insuficiente. Esto hace posible que los usuarios autenticados con permisos m\u00ednimos eliminen archivos arbitrarios del servidor."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36837.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36837",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:08.927",
"lastModified": "2024-10-16T07:15:08.927",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator."
},
{
"lang": "es",
"value": "El complemento ThemeGrill Demo Importer para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n reset_wizard_actions en las versiones 1.3.4 a 1.6.1. Esto hace posible que los atacantes autenticados restablezcan la base de datos de WordPress. Despu\u00e9s de eso, si hay un usuario llamado 'admin', el atacante iniciar\u00e1 sesi\u00f3n autom\u00e1ticamente como administrador."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36838.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36838",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:09.200",
"lastModified": "2024-10-16T07:15:09.200",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites."
},
{
"lang": "es",
"value": "El complemento Facebook Chat para WordPress es vulnerable a la omisi\u00f3n de la autorizaci\u00f3n debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n wp_ajax_update_options en versiones hasta la 1.5 incluida. Esta falla permite que atacantes autenticados de bajo nivel conecten su propia cuenta de Facebook Messenger a cualquier sitio que ejecute el complemento vulnerable y participen en chats con los visitantes del sitio en los sitios afectados."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36839.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36839",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:09.433",
"lastModified": "2024-10-16T07:15:09.433",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento WP Lead Plus X para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 0.99 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en varias funciones. Esto hace posible que atacantes no autenticados realicen acciones administrativas, como agregar p\u00e1ginas al sitio o reemplazar el contenido del sitio con JavaScript malicioso a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2020/CVE-2020-368xx/CVE-2020-36840.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36840",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T08:15:03.710",
"lastModified": "2024-10-16T08:15:03.710",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more."
},
{
"lang": "es",
"value": "El complemento Timetable and Event Schedule de MotoPress para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n wp_ajax_route_url() llamada a trav\u00e9s de una acci\u00f3n AJAX nopriv en versiones hasta la 2.3.8 incluida. Esto hace posible que atacantes no autenticados llamen a esa funci\u00f3n y realicen una amplia variedad de acciones, como incluir una plantilla aleatoria, inyectar scripts web maliciosos y m\u00e1s."
}
],
"metrics": {

4
CVE-2020/CVE-2020-368xx/CVE-2020-36841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36841",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T13:15:11.733",
"lastModified": "2024-10-16T13:15:11.733",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2020/CVE-2020-368xx/CVE-2020-36842.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-36842",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T08:15:03.923",
"lastModified": "2024-10-16T08:15:03.923",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35."
},
{
"lang": "es",
"value": "El complemento Migration, Backup, Staging \u2013 WPvivid para WordPress es vulnerable a la carga de archivos arbitrarios debido a una verificaci\u00f3n de capacidad faltante en las acciones AJAX wpvivid_upload_import_files y wpvivid_upload_files que permite a atacantes autenticados de bajo nivel cargar archivos zip que pueden extraerse posteriormente. Esto afecta a las versiones hasta la 0.9.35 incluida."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4443.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4443",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:09.713",
"lastModified": "2024-10-16T07:15:09.713",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code."
},
{
"lang": "es",
"value": "El complemento Mega Menu de WordPress es vulnerable a la creaci\u00f3n arbitraria de archivos en versiones hasta la 2.0.6 incluida a trav\u00e9s de la acci\u00f3n AJAX compiler_save. Esto permite que atacantes no autenticados creen archivos PHP arbitrarios que se pueden usar para ejecutar c\u00f3digo malicioso."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4444.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4444",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:09.960",
"lastModified": "2024-10-16T07:15:09.960",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery."
},
{
"lang": "es",
"value": "El complemento Product Filter de WooBeWoo para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n en versiones hasta la 1.4.9 incluida, debido a la falta de comprobaciones de autorizaci\u00f3n en varias funciones. Esto hace posible que atacantes no autenticados realicen acciones no autorizadas, como crear nuevos filtros e inyectar JavaScript malicioso en un sitio vulnerable. Esto se explot\u00f3 activamente en el momento del descubrimiento."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4445.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4445",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:10.193",
"lastModified": "2024-10-16T07:15:10.193",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites."
},
{
"lang": "es",
"value": "El complemento Premium Addons for Elementor para WordPress es vulnerable a actualizaciones de opciones arbitrarias en versiones hasta la 4.5.1 incluida. Esto se debe a la falta de comprobaciones de capacidad y de nonce en la acci\u00f3n AJAX pa_dismiss_admin_notice. Esto hace posible que los atacantes autenticados con suscriptor+ cambien opciones arbitrarias con un valor restringido de 1 en sitios vulnerables de WordPress."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4446.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4446",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:10.447",
"lastModified": "2024-10-16T07:15:10.447",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins."
},
{
"lang": "es",
"value": "El complemento Essential Addons for Elementor para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n en versiones hasta la 4.6.4 incluida debido a la falta de comprobaciones de capacidad y la divulgaci\u00f3n de nonce. Esto hace posible que atacantes autenticados, con permisos m\u00ednimos como un suscriptor, realicen muchas acciones no autorizadas, como cambiar configuraciones e instalar complementos arbitrarios."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4447.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4447",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:10.687",
"lastModified": "2024-10-16T07:15:10.687",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user."
},
{
"lang": "es",
"value": "El complemento Essential Addons for Elementor para WordPress es vulnerable a la escalada de privilegios en versiones hasta la 4.6.4 incluida debido a la falta de restricciones sobre qui\u00e9n puede agregar un formulario de registro y un rol de registro personalizado a una p\u00e1gina creada con Elementor. Esto hace posible que los atacantes con acceso al generador de p\u00e1ginas de Elementor creen un nuevo formulario de registro que tenga como rol de usuario predeterminado el de administrador y, posteriormente, se registren como usuarios administrativos."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4448.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4448",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:10.980",
"lastModified": "2024-10-16T07:15:10.980",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more."
},
{
"lang": "es",
"value": "El complemento Kaswara Modern VC Addons para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n en versiones hasta la 3.0.1 incluida debido a una comprobaci\u00f3n insuficiente de la capacidad en varias acciones AJAX. Esto permite que atacantes no autenticados realicen una amplia variedad de acciones no autorizadas, como importar datos, cargar archivos arbitrarios, eliminar archivos arbitrarios y m\u00e1s."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4449.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4449",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:11.243",
"lastModified": "2024-10-16T07:15:11.243",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
},
{
"lang": "es",
"value": "El complemento ZoomSounds para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en el archivo 'savepng.php' en versiones hasta la 5.96 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4450.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4450",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:11.527",
"lastModified": "2024-10-16T07:15:11.527",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento Post Grid para WordPress es vulnerable a la inyecci\u00f3n SQL ciega a trav\u00e9s de metadatos de publicaci\u00f3n en versiones hasta la 2.1.12 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que atacantes autenticados con permisos de nivel de colaborador y superiores agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4451.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4451",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:11.770",
"lastModified": "2024-10-16T07:15:11.770",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall)."
},
{
"lang": "es",
"value": "El complemento NinjaFirewall para WordPress es vulnerable a la deserializaci\u00f3n de PHAR autenticada en versiones hasta la 4.3.3 incluida. Esto permite que atacantes autenticados realicen la deserializaci\u00f3n de phar en el servidor. Esta deserializaci\u00f3n puede permitir que otros complementos o temas exploten su seguridad si existe software vulnerable (WordPress y NinjaFirewall)."
}
],
"metrics": {

8
CVE-2021/CVE-2021-44xx/CVE-2021-4452.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4452",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T08:15:04.160",
"lastModified": "2024-10-16T08:15:04.160",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support."
},
{
"lang": "es",
"value": "El complemento Google Language Translator para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s de m\u00faltiples par\u00e1metros en versiones hasta la 6.0.9 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace. Afecta espec\u00edficamente a los usuarios con navegadores antiguos que carecen de compatibilidad adecuada con la codificaci\u00f3n de URL."
}
],
"metrics": {

10
CVE-2022/CVE-2022-403xx/CVE-2022-40306.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-40306",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-09-15T15:15:10.450",
"lastModified": "2023-08-08T14:22:24.967",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-16T17:15:12.893",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) through 2022-06-27 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly."
"value": "The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) before 5.5.2 (July 2023) performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly."
},
{
"lang": "es",
@ -70,6 +70,10 @@
}
],
"references": [
{
"url": "https://releasenotes.printanista.net/PrintanistaHub",
"source": "cve@mitre.org"
},
{
"url": "https://www.ecisolutions.com/products/printanista-hub/",
"source": "cve@mitre.org",

8
CVE-2022/CVE-2022-49xx/CVE-2022-4971.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-4971",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:12.040",
"lastModified": "2024-10-16T07:15:12.040",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Sassy Social Share para WordPress es vulnerable a ataques de cross-site scripting reflejado a trav\u00e9s del par\u00e1metro 'urls' llamado mediante la acci\u00f3n AJAX 'heateor_sss_sharing_count' en versiones hasta la 3.3.3 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2022/CVE-2022-49xx/CVE-2022-4972.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-4972",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:12.257",
"lastModified": "2024-10-16T07:15:12.257",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators."
},
{
"lang": "es",
"value": "El complemento Download Monitor para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una verificaci\u00f3n de capacidad faltante en varias rutas de API REST relacionadas con los informes en versiones hasta la 4.7.51 incluida. Esto permite que atacantes no autenticados vean datos de usuarios y otra informaci\u00f3n confidencial destinada a los administradores."
}
],
"metrics": {

8
CVE-2022/CVE-2022-49xx/CVE-2022-4973.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-4973",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:12.497",
"lastModified": "2024-10-16T07:15:12.497",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page."
},
{
"lang": "es",
"value": "WordPress Core, en versiones hasta la 6.0.2, es vulnerable a cross-site scripting almacenado autenticados que pueden ser explotadas por usuarios con acceso al editor de publicaciones y p\u00e1ginas de WordPress, que generalmente consisten en autores, colaboradores y editores, lo que hace posible inyectar secuencias de comandos web arbitrarias en publicaciones y p\u00e1ginas que se ejecutan si se llama a la funci\u00f3n the_meta(); en esa p\u00e1gina."
}
],
"metrics": {

8
CVE-2022/CVE-2022-49xx/CVE-2022-4974.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-4974",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:12.760",
"lastModified": "2024-10-16T07:15:12.760",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable."
},
{
"lang": "es",
"value": "El SDK de Freemius, tal como lo utilizan cientos de desarrolladores de complementos y temas de WordPress, era vulnerable a Cross-Site Request Forgery y divulgaci\u00f3n de informaci\u00f3n debido a la falta de comprobaciones de capacidad y protecci\u00f3n de nonce en las funciones _get_debug_log, _get_db_option y _set_db_option en versiones hasta la 2.4.2 incluida. Cualquier complemento o tema de WordPress que ejecute una versi\u00f3n de Freemius anterior a la 2.4.3 es vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-226xx/CVE-2023-22649.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-22649",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T08:15:04.390",
"lastModified": "2024-10-16T08:15:04.390",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad que puede provocar la filtraci\u00f3n de datos confidenciales en los registros de auditor\u00eda de Rancher. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) es una funci\u00f3n opcional. Solo las implementaciones que la tienen habilitada y tienen [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) configurado en \"1 o superior\" se ven afectadas por este problema."
}
],
"metrics": {

4
CVE-2023/CVE-2023-226xx/CVE-2023-22650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22650",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T09:15:02.957",
"lastModified": "2024-10-16T15:35:02.523",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-314xx/CVE-2023-31493.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-31493",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-15T15:15:12.393",
"lastModified": "2024-10-15T15:15:12.393",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system."
},
{
"lang": "es",
"value": "RCE (Remote Code Execution) existe en ZoneMinder hasta la versi\u00f3n 1.36.33, ya que un atacante puede crear un nuevo archivo de registro .php en la carpeta de idioma, mientras ejecuta un payload manipulado y escalar privilegios que permitan la ejecuci\u00f3n de cualquier comando en el sistema remoto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-321xx/CVE-2023-32188.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-32188",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T09:15:03.260",
"lastModified": "2024-10-16T09:15:03.260",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE."
},
{
"lang": "es",
"value": "Un usuario puede aplicar ingenier\u00eda inversa al token JWT (JSON Web Token) utilizado en la autenticaci\u00f3n para el acceso a la API y al administrador, falsificando un token NeuVector v\u00e1lido para realizar una actividad maliciosa en NeuVector. Esto puede dar lugar a una RCE."
}
],
"metrics": {

4
CVE-2023/CVE-2023-321xx/CVE-2023-32189.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32189",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T14:15:04.140",
"lastModified": "2024-10-16T14:15:04.140",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

26
CVE-2023/CVE-2023-321xx/CVE-2023-32190.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32190",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T12:15:07.460",
"lastModified": "2024-10-16T12:15:07.460",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -55,6 +55,28 @@
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [

4
CVE-2023/CVE-2023-321xx/CVE-2023-32191.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32191",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T13:15:12.067",
"lastModified": "2024-10-16T13:15:12.067",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-321xx/CVE-2023-32192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32192",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T13:15:12.297",
"lastModified": "2024-10-16T13:15:12.297",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-321xx/CVE-2023-32193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32193",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T13:15:12.540",
"lastModified": "2024-10-16T13:15:12.540",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-321xx/CVE-2023-32194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32194",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T13:15:12.787",
"lastModified": "2024-10-16T13:15:12.787",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-321xx/CVE-2023-32196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32196",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T13:15:13.060",
"lastModified": "2024-10-16T13:15:13.060",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

78
CVE-2023/CVE-2023-322xx/CVE-2023-32266.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2023-32266",
"sourceIdentifier": "security@opentext.com",
"published": "2024-10-16T17:15:13.097",
"lastModified": "2024-10-16T17:15:13.097",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Search Path vulnerability in OpenText\u2122 Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. \u00a0\n\nThis issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:D/RE:L/U:Clear",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "HIGH",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NEGLIGIBLE",
"automatable": "NO",
"recovery": "NOT_DEFINED",
"valueDensity": "DIFFUSE",
"vulnerabilityResponseEffort": "LOW",
"providerUrgency": "CLEAR",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "security@opentext.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000024386?language=en_US",
"source": "security@opentext.com"
}
]
}

8
CVE-2023/CVE-2023-72xx/CVE-2023-7286.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7286",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:13.223",
"lastModified": "2024-10-16T07:15:13.223",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above."
},
{
"lang": "es",
"value": "El complemento ACF Quick Edit Fields para WordPress es vulnerable a la referencia directa a objetos inseguros en versiones hasta la 3.2.2 incluida. Esto permite que los atacantes sin la capacidad edit_users accedan a los metadatos de otros usuarios, incluidos los usuarios de nivel colaborador y superiores."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7287.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7287",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:13.507",
"lastModified": "2024-10-16T07:15:13.507",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin."
},
{
"lang": "es",
"value": "El complemento Paytium: Mollie payment forms &amp; donations para WordPress es vulnerable a la cancelaci\u00f3n no autorizada de suscripciones debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n pt_cancel_subscription en versiones hasta la 4.3.7 incluida. Esto permite que atacantes autenticados con acceso a nivel de suscriptor cancelen una suscripci\u00f3n al complemento."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7288.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7288",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:13.743",
"lastModified": "2024-10-16T07:15:13.743",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings."
},
{
"lang": "es",
"value": "El complemento Paytium: Mollie payment forms &amp; donations para WordPress es vulnerable a modificaciones de datos no autorizadas debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n update_profile_preference en versiones hasta la 4.3.7 incluida. Esto permite que atacantes autenticados con acceso a nivel de suscriptor cambien la configuraci\u00f3n del complemento."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7289.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7289",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.000",
"lastModified": "2024-10-16T07:15:14.000",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys."
},
{
"lang": "es",
"value": "El complemento Paytium: Mollie payment forms &amp; donations para WordPress es vulnerable a actualizaciones de claves API no autorizadas debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n paytium_sw_save_api_keys en versiones hasta la 4.3.7 incluida. Esto permite que atacantes autenticados con acceso a nivel de suscriptor cambien las claves API del complemento."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7290.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7290",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.243",
"lastModified": "2024-10-16T07:15:14.243",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses."
},
{
"lang": "es",
"value": "El complemento Paytium: Mollie payment forms &amp; donations para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n check_for_verified_profiles en versiones hasta la 4.3.7 incluida. Esto permite que atacantes autenticados con acceso a nivel de suscriptor verifiquen los estados de los perfiles."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7291.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7291",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.503",
"lastModified": "2024-10-16T07:15:14.503",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account."
},
{
"lang": "es",
"value": "El complemento Paytium: Mollie payment forms &amp; donations para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n create_mollie_account en versiones hasta la 4.3.7 incluida. Esto permite que atacantes autenticados con acceso a nivel de suscriptor creen una cuenta de Mollie."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7292.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7292",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.737",
"lastModified": "2024-10-16T07:15:14.737",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices."
},
{
"lang": "es",
"value": "El complemento Paytium: Mollie payment forms &amp; donations para WordPress es vulnerable a la desestimaci\u00f3n de notificaciones no autorizadas debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n paytium_notice_dismiss en versiones hasta la 4.3.7 incluida. Esto permite que atacantes autenticados con acceso a nivel de suscriptor desestimen las notificaciones de administrador."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7293.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7293",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.970",
"lastModified": "2024-10-16T07:15:14.970",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account."
},
{
"lang": "es",
"value": "El complemento Paytium: Mollie payment forms &amp; donations para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n check_mollie_account_details en versiones hasta la 4.3.7 incluida. Esto permite que atacantes autenticados con acceso a nivel de suscriptor verifiquen la existencia de una cuenta de Mollie."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7294.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7294",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:15.277",
"lastModified": "2024-10-16T07:15:15.277",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile."
},
{
"lang": "es",
"value": "El complemento Paytium: Mollie payment forms &amp; donations para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n create_mollie_profile en versiones hasta la 4.3.7 incluida. Esto permite que atacantes autenticados con acceso a nivel de suscriptor creen un perfil de pago de Mollie."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7295.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7295",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T08:15:04.767",
"lastModified": "2024-10-16T08:15:04.767",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Video Grid para WordPress es vulnerable a ataques de cross-site scripting reflejado a trav\u00e9s del par\u00e1metro search_term en versiones hasta la 1.21 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7296.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7296",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T08:15:04.977",
"lastModified": "2024-10-16T08:15:04.977",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento BigBlueButton para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de los campos de c\u00f3digo de moderador y c\u00f3digo de visor en versiones hasta la 3.0.0-beta.4 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados con privilegios de autor o superiores inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10004.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10004",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-15T22:15:03.197",
"lastModified": "2024-10-15T22:15:03.197",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2."
},
{
"lang": "es",
"value": "Abrir un enlace externo a un sitio web HTTP cuando Firefox iOS estaba previamente cerrado y ten\u00eda una pesta\u00f1a HTTPS abierta podr\u00eda, en algunos casos, provocar que el \u00edcono del candado muestre incorrectamente un indicador HTTPS. Esta vulnerabilidad afecta a Firefox para iOS &lt; 131.2."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-100xx/CVE-2024-10018.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10018",
"sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"published": "2024-10-16T03:15:02.620",
"lastModified": "2024-10-16T03:15:02.620",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component."
},
{
"lang": "es",
"value": "Un control de permisos inadecuado en la aplicaci\u00f3n m\u00f3vil (com.transsion.aivoiceassistant) puede provocar el lanzamiento de cualquier componente no exportado."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-100xx/CVE-2024-10021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10021",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-16T12:15:07.663",
"lastModified": "2024-10-16T12:15:07.663",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-100xx/CVE-2024-10022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10022",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-16T12:15:08.163",
"lastModified": "2024-10-16T12:15:08.163",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-100xx/CVE-2024-10023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10023",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-16T13:15:13.350",
"lastModified": "2024-10-16T13:15:13.350",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-100xx/CVE-2024-10024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10024",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-16T13:15:13.650",
"lastModified": "2024-10-16T13:15:13.650",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

60
CVE-2024/CVE-2024-100xx/CVE-2024-10033.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10033",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-16T17:15:13.267",
"lastModified": "2024-10-16T17:15:13.267",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-10033",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319162",
"source": "secalert@redhat.com"
}
]
}

56
CVE-2024/CVE-2024-202xx/CVE-2024-20280.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20280",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:13.697",
"lastModified": "2024-10-16T17:15:13.697",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files.\r\n\r\nThis vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsc-bkpsky-TgJ5f73J",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-204xx/CVE-2024-20420.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20420",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:13.957",
"lastModified": "2024-10-16T17:15:13.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. \r\n\r\nThis vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-204xx/CVE-2024-20421.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20421",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:14.193",
"lastModified": "2024-10-16T17:15:14.193",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-204xx/CVE-2024-20458.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20458",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:14.423",
"lastModified": "2024-10-16T17:15:14.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device.\r\n\r\nThis vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the firmware."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-204xx/CVE-2024-20459.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20459",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:14.657",
"lastModified": "2024-10-16T17:15:14.657",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system.\r\n\r\nThis vulnerability is due to a lack of input sanitization in the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-204xx/CVE-2024-20460.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20460",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:14.880",
"lastModified": "2024-10-16T17:15:14.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user&nbsp;to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-204xx/CVE-2024-20461.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20461",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:15.127",
"lastModified": "2024-10-16T17:15:15.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI&nbsp;of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user.\r\n\r\nThis vulnerability exists because CLI input is not properly sanitized. An attacker could exploit this vulnerability by sending malicious characters to the CLI. A successful exploit could allow the attacker to read and write to the underlying operating system as the root user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-204xx/CVE-2024-20462.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20462",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:15.357",
"lastModified": "2024-10-16T17:15:15.357",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device.\r\n\r\nThis vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-257"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-204xx/CVE-2024-20463.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20463",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:15.670",
"lastModified": "2024-10-16T17:15:15.670",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device.\r\n\r\nThis vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition.&nbsp;"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-305"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-205xx/CVE-2024-20512.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20512",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-16T17:15:15.913",
"lastModified": "2024-10-16T17:15:15.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmpdm-rxss-tAX76U3k",
"source": "ykramarz@cisco.com"
}
]
}

8
CVE-2024/CVE-2024-211xx/CVE-2024-21172.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21172",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:05.770",
"lastModified": "2024-10-15T20:15:05.770",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. While the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Hospitality OPERA 5 de Oracle Hospitality Applications (componente: Opera Servlet). Las versiones compatibles afectadas son 5.6.19.19, 5.6.25.8 y 5.6.26.4. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP ponga en peligro Oracle Hospitality OPERA 5. Si bien la vulnerabilidad se encuentra en Oracle Hospitality OPERA 5, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la toma de control de Oracle Hospitality OPERA 5. Puntuaci\u00f3n base CVSS 3.1 9.0 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21190.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21190",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:05.973",
"lastModified": "2024-10-15T20:15:05.973",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Global Lifecycle Management FMW Installer de Oracle Fusion Middleware (componente: Cloning). La versi\u00f3n compatible afectada es la 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de SFTP ponga en peligro Oracle Global Lifecycle Management FMW Installer. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de Oracle Global Lifecycle Management FMW Installer. Puntuaci\u00f3n base de CVSS 3.1: 7,5 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21191.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21191",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:06.150",
"lastModified": "2024-10-15T20:15:06.150",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Enterprise Manager Fusion Middleware Control de Oracle Fusion Middleware (componente: complemento FMW Control). La versi\u00f3n compatible afectada es la 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Enterprise Manager Fusion Middleware Control. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad se encuentra en Oracle Enterprise Manager Fusion Middleware Control, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado el acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de Oracle Enterprise Manager Fusion Middleware Control, as\u00ed como el acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos de los datos accesibles de Oracle Enterprise Manager Fusion Middleware Control. Puntuaci\u00f3n base CVSS 3.1 7.6 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21192.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21192",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:06.340",
"lastModified": "2024-10-15T20:15:06.340",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Enterprise Manager for Fusion Middleware de Oracle Fusion Middleware (componente: WebLogic Mgmt). La versi\u00f3n compatible afectada es la 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados que inicie sesi\u00f3n en la infraestructura donde se ejecuta Oracle Enterprise Manager for Fusion Middleware ponga en peligro Oracle Enterprise Manager for Fusion Middleware. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Enterprise Manager for Fusion Middleware. Puntuaci\u00f3n base de CVSS 3.1: 4,4 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21193.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21193",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:06.533",
"lastModified": "2024-10-15T20:15:06.533",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: PS). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21194.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21194",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:06.733",
"lastModified": "2024-10-15T20:15:06.733",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21195.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21195",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:06.930",
"lastModified": "2024-10-15T20:15:06.930",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle BI Publisher de Oracle Analytics (componente: Plantillas de dise\u00f1o). Las versiones compatibles afectadas son 7.0.0.0.0, 7.6.0.0.0 y 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP ponga en peligro Oracle BI Publisher. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle BI Publisher, as\u00ed como una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada de algunos de los datos accesibles de Oracle BI Publisher y la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle BI Publisher. Puntuaci\u00f3n base CVSS 3.1 7.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21196.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21196",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:07.113",
"lastModified": "2024-10-15T20:15:07.113",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: X Plugin). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 6,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21197.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21197",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:07.307",
"lastModified": "2024-10-15T20:15:07.307",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Information Schema). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21198.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21198",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:07.503",
"lastModified": "2024-10-15T20:15:07.503",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: DDL). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-211xx/CVE-2024-21199.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21199",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:07.707",
"lastModified": "2024-10-15T20:15:07.707",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-212xx/CVE-2024-21200.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21200",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:07.910",
"lastModified": "2024-10-15T20:15:07.910",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.35 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-212xx/CVE-2024-21201.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21201",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:08.130",
"lastModified": "2024-10-15T20:15:08.130",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-212xx/CVE-2024-21202.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21202",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:08.310",
"lastModified": "2024-10-15T20:15:08.310",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft (componente: PIA Core Technology). Las versiones compatibles afectadas son 8.59, 8.60 y 8.61. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP ponga en peligro PeopleSoft Enterprise PeopleTools. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad se encuentra en PeopleSoft Enterprise PeopleTools, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada de algunos datos accesibles de PeopleSoft Enterprise PeopleTools, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise PeopleTools. Puntuaci\u00f3n base de CVSS 3.1: 6,1 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-212xx/CVE-2024-21203.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21203",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:08.490",
"lastModified": "2024-10-15T20:15:08.490",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: FTS). Las versiones compatibles afectadas son 8.0.39 y anteriores, 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-212xx/CVE-2024-21204.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21204",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:08.673",
"lastModified": "2024-10-15T20:15:08.673",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: PS). Las versiones compatibles afectadas son 8.4.0 y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-212xx/CVE-2024-21205.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21205",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:08.857",
"lastModified": "2024-10-15T20:15:08.857",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Service Bus de Oracle Fusion Middleware (componente: OSB Core Functionality). La versi\u00f3n compatible afectada es la 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Service Bus. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Service Bus. Puntuaci\u00f3n base de CVSS 3.1: 6,5 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-212xx/CVE-2024-21206.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21206",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:09.050",
"lastModified": "2024-10-15T20:15:09.050",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Enterprise Command Center Framework de Oracle E-Business Suite (componente: Diagn\u00f3stico). Las versiones compatibles afectadas son ECC:11-13. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP ponga en peligro Oracle Enterprise Command Center Framework. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Enterprise Command Center Framework. Puntuaci\u00f3n base de CVSS 3.1: 4,3 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-212xx/CVE-2024-21207.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21207",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:09.243",
"lastModified": "2024-10-15T20:15:09.243",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles afectadas son 8.0.38 y anteriores, 8.4.1 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetible (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4,9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-212xx/CVE-2024-21208.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21208",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:09.437",
"lastModified": "2024-10-15T20:15:09.437",
"vulnStatus": "Received",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Networking). Las versiones compatibles afectadas son Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 y 21.3.11. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start o subprogramas Java en entornos aislados, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno aislado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). Puntuaci\u00f3n base de CVSS 3.1: 3,7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More