mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
Auto-Update: 2024-10-20T02:00:17.718936+00:00
This commit is contained in:
cad-safe-bot
parent
004ba8096e
commit
9498dc352f
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-07-16T23:15:10.407",
|
||||
"lastModified": "2024-07-17T13:34:20.520",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento ShopWP para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una verificaci\u00f3n de capacidad faltante en varias rutas de API REST en versiones hasta la 2.0.4 incluida. Esto hace posible que atacantes no autenticados llamen a los puntos finales y realicen acciones no autorizadas, como actualizar la configuraci\u00f3n del complemento e inyectar scripts maliciosos."
|
||||
"value": "El complemento ShopWP para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una verificaci\u00f3n de capacidad faltante en varias rutas de API REST en versiones hasta la 2.0.4 incluida. Esto hace posible que atacantes no autenticados llamen a los endpoints y realicen acciones no autorizadas, como actualizar la configuraci\u00f3n del complemento e inyectar scripts maliciosos."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim\u2019s storefront."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento WooCommerce Smart Coupons para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n woocommerce_coupon_admin_init en versiones hasta la 4.6.0 incluida. Esto permite que atacantes no autenticados se env\u00eden a s\u00ed mismos certificados de regalo de cualquier valor, que podr\u00edan canjearse por productos vendidos en la tienda de la v\u00edctima."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@amd.com",
|
||||
"published": "2024-02-13T20:15:50.060",
|
||||
"lastModified": "2024-06-18T19:15:55.513",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@amd.com",
|
||||
"published": "2024-02-13T20:15:52.577",
|
||||
"lastModified": "2024-02-14T13:59:35.580",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@amd.com",
|
||||
"published": "2024-02-13T20:15:52.677",
|
||||
"lastModified": "2024-02-14T13:59:35.580",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El manejo inseguro de las claves ssh utilizadas para iniciar clientes permite que los atacantes locales obtengan acceso potencial a las claves."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El script %post de mlocate permite al usuario RUN_UPDATEDB_AS hacer que archivos arbitrarios sean legibles para todo el mundo abusando de operaciones de archivos inseguras que se ejecutan con privilegios de root."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Cuando RKE aprovisiona un cl\u00faster, almacena el estado del cl\u00faster en un mapa de configuraci\u00f3n llamado `full-cluster-state` dentro del espacio de nombres `kube-system` del propio cl\u00faster. La informaci\u00f3n disponible all\u00ed permite que los usuarios que no son administradores escalen a administradores."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in which unauthenticated cross-site \nscripting (XSS) in the API Server's public API endpoint can be \nexploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en la que se pueden explotar cross-site scripting (XSS) no autenticadas en el endpoint de la API p\u00fablica del servidor API, lo que permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in which unauthenticated cross-site \nscripting (XSS) in Norman's public API endpoint can be exploited. This \ncan lead to an attacker exploiting the vulnerability to trigger \nJavaScript code and execute commands remotely."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en la que se pueden explotar cross-site scripting (XSS) no autenticadas en el endpoint de la API p\u00fablica de Norman. Esto puede llevar a que un atacante aproveche la vulnerabilidad para activar c\u00f3digo JavaScript y ejecutar comandos de forma remota."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified when granting a create or * global role for a resource type of \"namespaces\"; no matter the API group, the subject will receive *\n permissions for core namespaces. This can lead to someone being capable\n of accessing, creating, updating, or deleting a namespace in the \nproject."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad al otorgar un rol de creaci\u00f3n o * global para un tipo de recurso de \"espacios de nombres\"; sin importar el grupo de API, el sujeto recibir\u00e1 * permisos para espacios de nombres principales. Esto puede llevar a que alguien pueda acceder, crear, actualizar o eliminar un espacio de nombres en el proyecto."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad por la cual las comprobaciones de escalada de privilegios no se aplican correctamente para los objetos RoleTemplate cuando external=true, lo que en escenarios espec\u00edficos puede provocar una escalada de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-13T23:15:08.327",
|
||||
"lastModified": "2024-02-14T13:59:35.580",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-13T01:15:07.913",
|
||||
"lastModified": "2024-08-01T18:35:04.073",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security_alert@emc.com",
|
||||
"published": "2023-11-16T08:15:31.300",
|
||||
"lastModified": "2023-11-20T18:58:50.467",
|
||||
"vulnStatus": "Analyzed",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security-officer@isc.org",
|
||||
"published": "2024-02-13T14:15:45.253",
|
||||
"lastModified": "2024-04-26T09:15:08.727",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve-requests@bitdefender.com",
|
||||
"published": "2024-10-18T08:15:03.143",
|
||||
"lastModified": "2024-10-18T12:52:33.507",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-13T05:15:08.797",
|
||||
"lastModified": "2024-08-01T18:35:05.050",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security-officer@isc.org",
|
||||
"published": "2024-02-13T14:15:45.510",
|
||||
"lastModified": "2024-08-22T14:35:04.137",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security-officer@isc.org",
|
||||
"published": "2024-02-13T14:15:45.677",
|
||||
"lastModified": "2024-04-26T09:15:08.843",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security-officer@isc.org",
|
||||
"published": "2024-02-13T14:15:45.850",
|
||||
"lastModified": "2024-05-03T13:15:21.093",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve-requests@bitdefender.com",
|
||||
"published": "2024-10-18T08:15:03.387",
|
||||
"lastModified": "2024-10-18T12:52:33.507",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve-requests@bitdefender.com",
|
||||
"published": "2024-10-18T08:15:03.500",
|
||||
"lastModified": "2024-10-18T12:52:33.507",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve-requests@bitdefender.com",
|
||||
"published": "2024-10-18T08:15:03.627",
|
||||
"lastModified": "2024-10-18T12:52:33.507",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve-requests@bitdefender.com",
|
||||
"published": "2024-10-18T08:15:03.737",
|
||||
"lastModified": "2024-10-18T12:52:33.507",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@grafana.com",
|
||||
"published": "2024-02-13T22:15:45.430",
|
||||
"lastModified": "2024-02-14T13:59:35.580",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security-officer@isc.org",
|
||||
"published": "2024-02-13T14:15:46.030",
|
||||
"lastModified": "2024-07-03T01:44:22.620",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
|
||||
"published": "2024-02-13T07:15:46.843",
|
||||
"lastModified": "2024-02-14T04:15:08.497",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,12 +3,16 @@
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-10-16T12:15:07.663",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha encontrado una vulnerabilidad en code-projects Pharmacy Management System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. La manipulaci\u00f3n del texto del argumento conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,12 +3,16 @@
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-10-16T12:15:08.163",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Pharmacy Management System 1.0. Afecta a una parte desconocida del archivo /php/manage_supplier.php?action=search. La manipulaci\u00f3n del texto del argumento provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,12 +3,16 @@
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-10-16T13:15:13.350",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Pharmacy Management System 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /php/add_new_medicine.php. La manipulaci\u00f3n del argumento name/packing/generic_name/suppliers_name conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,12 +3,16 @@
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-10-16T13:15:13.650",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Pharmacy Management System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /php/manage_medicine_stock.php. La manipulaci\u00f3n del argumento name/packing/generic_name/suppliers_name conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@huntr.dev",
|
||||
"published": "2024-10-17T19:15:21.337",
|
||||
"lastModified": "2024-10-18T12:52:33.507",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
141
CVE-2024/CVE-2024-101xx/CVE-2024-10159.json
Normal file
141
CVE-2024/CVE-2024-101xx/CVE-2024-10159.json
Normal file
@ -0,0 +1,141 @@
|
||||
{
|
||||
"id": "CVE-2024-10159",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-10-20T00:15:02.137",
|
||||
"lastModified": "2024-10-20T00:15:02.137",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"mobilenumber\" to be affected. But it must be assumed that other parameters are affected as well."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"vulnerableSystemConfidentiality": "LOW",
|
||||
"vulnerableSystemIntegrity": "LOW",
|
||||
"vulnerableSystemAvailability": "LOW",
|
||||
"subsequentSystemConfidentiality": "NONE",
|
||||
"subsequentSystemIntegrity": "NONE",
|
||||
"subsequentSystemAvailability": "NONE",
|
||||
"exploitMaturity": "NOT_DEFINED",
|
||||
"confidentialityRequirements": "NOT_DEFINED",
|
||||
"integrityRequirements": "NOT_DEFINED",
|
||||
"availabilityRequirements": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
||||
"safety": "NOT_DEFINED",
|
||||
"automatable": "NOT_DEFINED",
|
||||
"recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED",
|
||||
"baseScore": 6.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 7.3,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 7.5
|
||||
},
|
||||
"baseSeverity": "HIGH",
|
||||
"exploitabilityScore": 10.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_profile_sqli.md",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://phpgurukul.com/",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.280945",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.280945",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.425434",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
141
CVE-2024/CVE-2024-101xx/CVE-2024-10160.json
Normal file
141
CVE-2024/CVE-2024-101xx/CVE-2024-10160.json
Normal file
@ -0,0 +1,141 @@
|
||||
{
|
||||
"id": "CVE-2024-10160",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-10-20T00:15:02.550",
|
||||
"lastModified": "2024-10-20T00:15:02.550",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"fdate\" to be affected. But it must be assumed \"tdate\" is affected as well."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"vulnerableSystemConfidentiality": "LOW",
|
||||
"vulnerableSystemIntegrity": "LOW",
|
||||
"vulnerableSystemAvailability": "LOW",
|
||||
"subsequentSystemConfidentiality": "NONE",
|
||||
"subsequentSystemIntegrity": "NONE",
|
||||
"subsequentSystemAvailability": "NONE",
|
||||
"exploitMaturity": "NOT_DEFINED",
|
||||
"confidentialityRequirements": "NOT_DEFINED",
|
||||
"integrityRequirements": "NOT_DEFINED",
|
||||
"availabilityRequirements": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
||||
"safety": "NOT_DEFINED",
|
||||
"automatable": "NOT_DEFINED",
|
||||
"recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "SINGLE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 6.5
|
||||
},
|
||||
"baseSeverity": "MEDIUM",
|
||||
"exploitabilityScore": 8.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_bwdates_report_details_sqli.md",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://phpgurukul.com/",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.280946",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.280946",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.425437",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
141
CVE-2024/CVE-2024-101xx/CVE-2024-10161.json
Normal file
141
CVE-2024/CVE-2024-101xx/CVE-2024-10161.json
Normal file
@ -0,0 +1,141 @@
|
||||
{
|
||||
"id": "CVE-2024-10161",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-10-20T01:15:01.940",
|
||||
"lastModified": "2024-10-20T01:15:01.940",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"vulnerableSystemConfidentiality": "LOW",
|
||||
"vulnerableSystemIntegrity": "LOW",
|
||||
"vulnerableSystemAvailability": "LOW",
|
||||
"subsequentSystemConfidentiality": "NONE",
|
||||
"subsequentSystemIntegrity": "NONE",
|
||||
"subsequentSystemAvailability": "NONE",
|
||||
"exploitMaturity": "NOT_DEFINED",
|
||||
"confidentialityRequirements": "NOT_DEFINED",
|
||||
"integrityRequirements": "NOT_DEFINED",
|
||||
"availabilityRequirements": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
||||
"safety": "NOT_DEFINED",
|
||||
"automatable": "NOT_DEFINED",
|
||||
"recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "SINGLE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 6.5
|
||||
},
|
||||
"baseSeverity": "MEDIUM",
|
||||
"exploitabilityScore": 8.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_change_image_file_upload_rce.md",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://phpgurukul.com/",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.280947",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.280947",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.425440",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
141
CVE-2024/CVE-2024-101xx/CVE-2024-10162.json
Normal file
141
CVE-2024/CVE-2024-101xx/CVE-2024-10162.json
Normal file
@ -0,0 +1,141 @@
|
||||
{
|
||||
"id": "CVE-2024-10162",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-10-20T01:15:02.213",
|
||||
"lastModified": "2024-10-20T01:15:02.213",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"mobilenumber\" to be affected. But it must be assumed that other parameters are affected as well."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"vulnerableSystemConfidentiality": "LOW",
|
||||
"vulnerableSystemIntegrity": "LOW",
|
||||
"vulnerableSystemAvailability": "LOW",
|
||||
"subsequentSystemConfidentiality": "NONE",
|
||||
"subsequentSystemIntegrity": "NONE",
|
||||
"subsequentSystemAvailability": "NONE",
|
||||
"exploitMaturity": "NOT_DEFINED",
|
||||
"confidentialityRequirements": "NOT_DEFINED",
|
||||
"integrityRequirements": "NOT_DEFINED",
|
||||
"availabilityRequirements": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
||||
"safety": "NOT_DEFINED",
|
||||
"automatable": "NOT_DEFINED",
|
||||
"recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "SINGLE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 6.5
|
||||
},
|
||||
"baseSeverity": "MEDIUM",
|
||||
"exploitabilityScore": 8.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_edit_subadmin_sqli.md",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://phpgurukul.com/",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.280948",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.280948",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.425449",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-02-14T00:15:46.783",
|
||||
"lastModified": "2024-02-22T01:15:07.980",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2024-10-16T17:15:13.957",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2024-10-16T17:15:14.193",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2024-10-16T17:15:14.423",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2024-10-16T17:15:14.657",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2024-10-16T17:15:14.880",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2024-10-16T17:15:15.127",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2024-10-16T17:15:15.357",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2024-10-16T17:15:15.670",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:05.770",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:09.437",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:10.050",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:12.293",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:13.730",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:14.880",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:15.063",
|
||||
"lastModified": "2024-10-17T14:35:19.303",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:15.257",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:16.220",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:16.410",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:16.960",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:17.157",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:17.533",
|
||||
"lastModified": "2024-10-16T16:38:43.170",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:17.713",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:17.910",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:18.090",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:18.267",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:18.437",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:18.610",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:18.787",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:18.963",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:19.520",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:19.693",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:19.873",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:20.070",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:20.257",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:20.453",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:20.647",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:20.830",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:21.033",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-10-15T20:15:21.633",
|
||||
"lastModified": "2024-10-16T16:38:14.557",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Los permisos inseguros en el empaquetado de Tomcat permiten que los usuarios locales que ganan una carrera durante la instalaci\u00f3n del paquete escalen a la ra\u00edz"
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified within Rancher that can be exploited\n in narrow circumstances through a man-in-the-middle (MITM) attack. An \nattacker would need to have control of an expired domain or execute a \nDNS spoofing/hijacking attack against the domain to exploit this \nvulnerability. The targeted domain is the one used as the Rancher URL."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Rancher que puede explotarse en circunstancias espec\u00edficas mediante un ataque de intermediario (MITM). Un atacante tendr\u00eda que tener el control de un dominio vencido o ejecutar un ataque de suplantaci\u00f3n de DNS o secuestro contra el dominio para explotar esta vulnerabilidad. El dominio objetivo es el que se utiliza como URL de Rancher."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in which an RKE1 cluster keeps \nconstantly reconciling when secrets encryption configuration is enabled.\n When reconciling, the Kube API secret values are written in plaintext \non the AppliedSpec. Cluster owners, Cluster members, and Project members\n (for projects within the cluster), all have RBAC permissions to view \nthe cluster object from the apiserver."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en la que un cl\u00faster RKE1 se reconcilia constantemente cuando se habilita la configuraci\u00f3n de cifrado de secretos. Al realizar la conciliaci\u00f3n, los valores secretos de la API de Kube se escriben en texto plano en AppliedSpec. Los propietarios del cl\u00faster, los miembros del cl\u00faster y los miembros del proyecto (para los proyectos dentro del cl\u00faster) tienen permisos RBAC para ver el objeto del cl\u00faster desde el servidor de API."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El servicio OBS obs-service-download_url era vulnerable a una vulnerabilidad de inyecci\u00f3n de comandos. El atacante podr\u00eda proporcionar una configuraci\u00f3n al servicio que permitiera ejecutar comandos en pasos posteriores."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Los atacantes podr\u00edan colocar los archivos especiales en .osc en las fuentes del paquete real (por ejemplo, _apiurl). Esto permite al atacante cambiar la configuraci\u00f3n de osc para la v\u00edctima."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-02-13T09:15:47.157",
|
||||
"lastModified": "2024-02-13T14:01:07.747",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-02-13T09:15:50.343",
|
||||
"lastModified": "2024-02-13T14:01:00.987",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-02-14T03:15:15.153",
|
||||
"lastModified": "2024-02-14T13:59:35.580",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-11T05:15:08.463",
|
||||
"lastModified": "2024-08-01T20:35:25.977",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is \nreceived, the device becomes incapable of completing the pairing \nprocess. A third party can inject a second PairReqNoInputNoOutput request \njust after a real one, causing the pair request to be blocked."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En los dispositivos Microchip RN4870, cuando se recibe m\u00e1s de una solicitud PairReqNoInputNoOutput consecutiva, el dispositivo no puede completar el proceso de emparejamiento. Un tercero puede inyectar una segunda solicitud PairReqNoInputNoOutput justo despu\u00e9s de una real, lo que hace que la solicitud de emparejamiento se bloquee."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de validaci\u00f3n incorrecta de la coherencia dentro de la entrada en el demonio de protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante no autenticado basado en la red env\u00ede un paquete BGP espec\u00edficamente malformado para provocar que rpd se bloquee y se reinicie, lo que da como resultado una denegaci\u00f3n de servicio (DoS). La recepci\u00f3n y el procesamiento continuos de este paquete crear\u00e1n una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sostenida. En algunos casos, rpd no se reinicia y requiere un reinicio manual a trav\u00e9s del comando CLI 'restart route'. Este problema solo afecta a los sistemas con opciones de rastreo BGP habilitadas y requiere que ya se haya establecido una sesi\u00f3n BGP. Los sistemas sin opciones de rastreo BGP habilitadas no se ven afectados por este problema. Este problema afecta a iBGP y eBGP, y tanto IPv4 como IPv6 se ven afectados por esta vulnerabilidad. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.4R3-S8, * 22.2 anteriores a 22.2R3-S5, * 22.3 anteriores a 22.3R3-S4, * 22.4 anteriores a 22.4R3-S3, * 23.2 anteriores a 23.2R2-S2, * 23.4 anteriores a 23.4R2; Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S8-EVO, * 22.2-EVO anteriores a 22.2R3-S5-EVO, * 22.3-EVO anteriores a 22.3R3-S4-EVO, * 22.4-EVO anteriores a 22.4R3-S3-EVO, * 23.2-EVO anteriores a 23.2R2-S2-EVO, * 23.4-EVO anteriores a 23.4R2-EVO."
|
||||
"value": "Una vulnerabilidad de validaci\u00f3n incorrecta de la coherencia dentro de la entrada en el daemon de protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante no autenticado basado en la red env\u00ede un paquete BGP espec\u00edficamente malformado para provocar que rpd se bloquee y se reinicie, lo que da como resultado una denegaci\u00f3n de servicio (DoS). La recepci\u00f3n y el procesamiento continuos de este paquete crear\u00e1n una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sostenida. En algunos casos, rpd no se reinicia y requiere un reinicio manual a trav\u00e9s del comando CLI 'restart route'. Este problema solo afecta a los sistemas con opciones de rastreo BGP habilitadas y requiere que ya se haya establecido una sesi\u00f3n BGP. Los sistemas sin opciones de rastreo BGP habilitadas no se ven afectados por este problema. Este problema afecta a iBGP y eBGP, y tanto IPv4 como IPv6 se ven afectados por esta vulnerabilidad. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.4R3-S8, * 22.2 anteriores a 22.2R3-S5, * 22.3 anteriores a 22.3R3-S4, * 22.4 anteriores a 22.4R3-S3, * 23.2 anteriores a 23.2R2-S2, * 23.4 anteriores a 23.4R2; Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S8-EVO, * 22.2-EVO anteriores a 22.2R3-S5-EVO, * 22.3-EVO anteriores a 22.3R3-S4-EVO, * 22.4-EVO anteriores a 22.4R3-S3-EVO, * 23.2-EVO anteriores a 23.2R2-S2-EVO, * 23.4-EVO anteriores a 23.4R2-EVO."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el demonio de protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante no autenticado basado en la red env\u00ede un paquete BGP espec\u00edfico para provocar que rpd se bloquee y se reinicie, lo que da como resultado una denegaci\u00f3n de servicio (DoS). La recepci\u00f3n y el procesamiento continuos de este paquete crear\u00e1n una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sostenida. Este problema solo afecta a los sistemas con opciones de rastreo de BGP habilitadas y requiere que ya se haya establecido una sesi\u00f3n de BGP. Los sistemas sin opciones de rastreo de BGP habilitadas no se ven afectados por este problema. Este problema afecta a iBGP y eBGP, y tanto IPv4 como IPv6 se ven afectados por esta vulnerabilidad. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.2R3-S8, * desde 21.4 hasta 21.4R3-S8, * desde 22.2 hasta 22.2R3-S4, * desde 22.3 hasta 22.3R3-S4, * desde 22.4 hasta 22.4R3-S3, * desde 23.2 hasta 23.2R2-S1, * desde 23.4 hasta 23.4R2; Junos OS Evolved: * Todas las versiones anteriores a 21.2R3-S8-EVO, * desde 21.4-EVO hasta 21.4R3-S8-EVO, * desde 22.2-EVO hasta 22.2R3-S4-EVO, * desde 22.3-EVO hasta 22.3R3-S4-EVO, * desde 22.4-EVO hasta 22.4R3-S3-EVO, * desde 23.2-EVO hasta 23.2R2-S1-EVO, * desde 23.4-EVO hasta 23.4R2-EVO."
|
||||
"value": "Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el daemon de protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante no autenticado basado en la red env\u00ede un paquete BGP espec\u00edfico para provocar que rpd se bloquee y se reinicie, lo que da como resultado una denegaci\u00f3n de servicio (DoS). La recepci\u00f3n y el procesamiento continuos de este paquete crear\u00e1n una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sostenida. Este problema solo afecta a los sistemas con opciones de rastreo de BGP habilitadas y requiere que ya se haya establecido una sesi\u00f3n de BGP. Los sistemas sin opciones de rastreo de BGP habilitadas no se ven afectados por este problema. Este problema afecta a iBGP y eBGP, y tanto IPv4 como IPv6 se ven afectados por esta vulnerabilidad. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.2R3-S8, * desde 21.4 hasta 21.4R3-S8, * desde 22.2 hasta 22.2R3-S4, * desde 22.3 hasta 22.3R3-S4, * desde 22.4 hasta 22.4R3-S3, * desde 23.2 hasta 23.2R2-S1, * desde 23.4 hasta 23.4R2; Junos OS Evolved: * Todas las versiones anteriores a 21.2R3-S8-EVO, * desde 21.4-EVO hasta 21.4R3-S8-EVO, * desde 22.2-EVO hasta 22.2R3-S4-EVO, * desde 22.3-EVO hasta 22.3R3-S4-EVO, * desde 22.4-EVO hasta 22.4R3-S3-EVO, * desde 23.2-EVO hasta 23.2R2-S1-EVO, * desde 23.4-EVO hasta 23.4R2-EVO."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@opentext.com",
|
||||
"published": "2024-10-16T17:15:17.370",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@opentext.com",
|
||||
"published": "2024-10-16T17:15:17.493",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-09-10T03:15:02.240",
|
||||
"lastModified": "2024-09-10T12:09:50.377",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-09-10T03:15:02.653",
|
||||
"lastModified": "2024-09-10T12:09:50.377",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@opentext.com",
|
||||
"published": "2024-10-16T17:15:17.617",
|
||||
"lastModified": "2024-10-18T12:53:04.627",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secure@microsoft.com",
|
||||
"published": "2024-10-08T18:15:09.283",
|
||||
"lastModified": "2024-10-10T12:56:30.817",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secure@microsoft.com",
|
||||
"published": "2024-10-08T18:15:09.537",
|
||||
"lastModified": "2024-10-10T12:56:30.817",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secure@microsoft.com",
|
||||
"published": "2024-10-08T18:15:10.367",
|
||||
"lastModified": "2024-10-10T12:56:30.817",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secure@microsoft.com",
|
||||
"published": "2024-10-08T18:15:10.633",
|
||||
"lastModified": "2024-10-10T12:56:30.817",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secure@microsoft.com",
|
||||
"published": "2024-10-08T18:15:10.840",
|
||||
"lastModified": "2024-10-10T12:56:30.817",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user