diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32646.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32646.json index 712ff1e3ee1..c3c13fd18c9 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32646.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32646.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32646", "sourceIdentifier": "secure@intel.com", "published": "2024-02-14T14:15:53.703", - "lastModified": "2024-02-14T15:01:51.137", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-25T13:54:38.737", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:virtual_raid_on_cpu:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.0.8.1001", + "matchCriteriaId": "EA2BC3F6-D484-4297-933F-C63A72D84CAC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00953.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33870.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33870.json index 63ded9ff33c..3e7d6a36bb1 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33870.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33870.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33870", "sourceIdentifier": "secure@intel.com", "published": "2024-02-14T14:15:55.450", - "lastModified": "2024-02-14T15:01:51.137", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-25T13:51:32.943", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -51,10 +81,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:administrative_tools_for_intel_network_adapters:*:*:*:*:*:*:*:*", + "versionEndExcluding": "28.2", + "matchCriteriaId": "4BE6A5BE-15C0-4D4E-B2BC-474D9B246D93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:ethernet_connections_boot_utility\\,_preboot_images\\,_and_efi_drivers:*:*:*:*:*:*:*:*", + "versionEndExcluding": "28.2", + "matchCriteriaId": "D0548F47-3524-41AD-86E2-98E1FF4A6921" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00993.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50355.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50355.json index 8664cd73b08..8aa8a0e527f 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50355.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50355.json @@ -2,13 +2,17 @@ "id": "CVE-2023-50355", "sourceIdentifier": "psirt@hcl.com", "published": "2024-10-23T23:15:12.170", - "lastModified": "2024-10-23T23:15:12.170", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack." + }, + { + "lang": "es", + "value": "HCL Sametime se ve afectado por los mensajes de error que contienen informaci\u00f3n confidencial. Un atacante puede usar esta informaci\u00f3n para lanzar otro ataque m\u00e1s espec\u00edfico." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10011.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10011.json index 74c60f36616..2db5c51d78f 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10011.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10011.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10011", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-25T07:15:02.637", - "lastModified": "2024-10-25T07:15:02.637", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windows." + }, + { + "lang": "es", + "value": "El complemento BuddyPress para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 14.1.0 incluida a trav\u00e9s del par\u00e1metro id. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, realicen acciones en archivos fuera del directorio originalmente previsto y permite cargar archivos en directorios fuera de la ra\u00edz web. Seg\u00fan la configuraci\u00f3n del servidor, es posible cargar archivos con doble extensi\u00f3n. Esta vulnerabilidad solo afecta a Windows." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10016.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10016.json index fb8acfa140b..29257850a4c 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10016.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10016.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10016", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-25T09:15:03.153", - "lastModified": "2024-10-25T09:15:03.153", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento File Upload Types de WPForms para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de cargas de archivos SVG en todas las versiones hasta la 1.4.0 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor o superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10050.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10050.json index 96cdf94971c..97e72dd0a30 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10050.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10050.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10050", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-24T09:15:02.747", - "lastModified": "2024-10-24T09:15:02.747", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft, Private and Password-protected posts they do not own." + }, + { + "lang": "es", + "value": "El complemento Elementor Header & Footer Builder para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n en todas las versiones hasta la 1.6.43 incluida a trav\u00e9s del c\u00f3digo corto hfe_template. Esto permite que atacantes autenticados, con acceso de nivel de colaborador o superior, vean el contenido de publicaciones en borrador, privadas y protegidas con contrase\u00f1a que no son de su propiedad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10112.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10112.json index 00a3db384d0..40920384ed9 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10112.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10112.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10112", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-25T09:15:04.023", - "lastModified": "2024-10-25T09:15:04.023", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Simple News para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado \"news\" del complemento en todas las versiones hasta la 2.8 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10148.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10148.json index 126af09ea43..3453a14d953 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10148.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10148.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10148", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-25T07:15:03.000", - "lastModified": "2024-10-25T07:15:03.000", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Awesome Buttons para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo corto btn2 del complemento en todas las versiones hasta la 1.0 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10150.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10150.json index 5b38c139fa5..d81c4b9919d 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10150.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10150.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10150", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-25T08:15:02.243", - "lastModified": "2024-10-25T08:15:02.243", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Bamazoo \u2013 Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Bamazoo \u2013 Button Generator para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo corto dgs del complemento en todas las versiones hasta la 1.0 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10176.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10176.json index 48fa868ed17..8fc424769d5 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10176.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10176.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10176", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-24T11:15:14.057", - "lastModified": "2024-10-24T11:15:14.057", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's \r\nsc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Compact WP Audio Player para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo corto sc_embed_player del complemento en todas las versiones hasta la 1.9.13 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10180.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10180.json index 5207538376b..e6daf6acc37 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10180.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10180.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10180", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-24T13:15:11.537", - "lastModified": "2024-10-24T13:15:11.537", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form 7 \u2013 Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's field_group shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Contact Form 7 \u2013 Repeatable Fields para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del shortcode field_group del complemento en todas las versiones hasta la 2.0.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10282.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10282.json index 4ffd2487fac..f47a55dce8e 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10282.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10282.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10282", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T15:15:29.590", - "lastModified": "2024-10-23T15:15:29.590", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Tenda RX9 y RX9 Pro 22.03.02.10/22.03.02.20. La funci\u00f3n sub_42EA38 del archivo /goform/SetVirtualServerCfg se ve afectada por esta vulnerabilidad. La manipulaci\u00f3n de la lista de argumentos provoca un desbordamiento del b\u00fafer basado en la pila. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10283.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10283.json index 0f71c04dbff..4da6b034676 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10283.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10283.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10283", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T15:15:29.850", - "lastModified": "2024-10-23T15:15:29.850", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Tenda RX9 y RX9 Pro 22.03.02.20. La funci\u00f3n sub_4337EC del archivo /goform/SetNetControlList se ve afectada por este problema. La manipulaci\u00f3n de la lista de argumentos provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10290.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10290.json index 2375c90ea77..5d81d72e3b0 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10290.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10290.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10290", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T15:15:30.110", - "lastModified": "2024-10-23T15:15:30.110", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "En ZZCMS 2023 se ha detectado una vulnerabilidad clasificada como problem\u00e1tica que afecta a una parte desconocida del archivo 3/qq-connect2.0/API/com/inc.php. La manipulaci\u00f3n da lugar a la divulgaci\u00f3n de informaci\u00f3n. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10291.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10291.json index 7bd01c3912c..ad99ee8207f 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10291.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10291.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10291", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T16:15:04.597", - "lastModified": "2024-10-23T16:15:04.597", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en ZZCMS 2023 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n Ebak_DoExecSQL/Ebak_DotranExecutSQL del archivo 3/Ebak5.1/upload/phome.php. La manipulaci\u00f3n del argumento phome conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10292.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10292.json index 23520361060..f68b6227455 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10292.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10292.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10292", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T16:15:04.943", - "lastModified": "2024-10-23T16:15:04.943", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en ZZCMS 2023 y se ha clasificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo 3/Ebak5.1/upload/ChangeTable.php. La manipulaci\u00f3n del argumento savefilename provoca una carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10293.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10293.json index e3bc1c52bc6..9686bdea592 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10293.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10293.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10293", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T16:15:05.207", - "lastModified": "2024-10-23T16:15:05.207", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en ZZCMS 2023. Se ha clasificado como cr\u00edtica. La funci\u00f3n Ebak_SetGotoPak del archivo 3/Ebbak5.1/upload/class/functions.php est\u00e1 afectada. La manipulaci\u00f3n del archivo de argumentos provoca una carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10295.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10295.json index 17c936f9957..2e60d249c6f 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10295.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10295.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10295", "sourceIdentifier": "secalert@redhat.com", "published": "2024-10-24T18:15:05.597", - "lastModified": "2024-10-24T19:35:03.070", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Gateway. El env\u00edo de una autenticaci\u00f3n \"b\u00e1sica\" que no sea base64 con caracteres especiales puede provocar que APICast autentique incorrectamente una solicitud. Un encabezado de autenticaci\u00f3n b\u00e1sica mal formado que contenga caracteres especiales omite la autenticaci\u00f3n y permite el acceso no autorizado al backend. Este problema puede ocurrir debido a una falla en el proceso de decodificaci\u00f3n base64, que hace que APICast omita el resto de las comprobaciones de autenticaci\u00f3n y proceda a enrutar la solicitud en sentido ascendente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10296.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10296.json index 9737f33e7e6..6a0a8f029fe 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10296.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10296.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10296", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T17:15:13.690", - "lastModified": "2024-10-23T17:15:13.690", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdates-reports-details.php of the component Report of Medical Card Page. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Medical Card Generation System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/card-bwdates-reports-details.php del componente Report of Medical Card Page. La manipulaci\u00f3n del argumento fromdate/todate conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10297.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10297.json index 53823c9f71d..949f5564fcd 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10297.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10297.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10297", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T18:15:05.137", - "lastModified": "2024-10-23T18:15:05.137", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php of the component Managecard Edit Image Page. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Medical Card Generation System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del archivo /admin/changeimage.php del componente Managecard Edit Image Page. La manipulaci\u00f3n del argumento editid provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10298.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10298.json index 0315f207d33..a5501a7cef4 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10298.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10298.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10298", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T19:15:14.920", - "lastModified": "2024-10-23T19:15:14.920", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/edit-card-detail.php of the component Managecard Edit Card Detail Page. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Medical Card Generation System 1.0. Afecta a una parte desconocida del archivo /admin/edit-card-detail.php del componente Managecard Edit Card Detail Page. La manipulaci\u00f3n del argumento editid provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10299.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10299.json index 8e10e72296e..d336098b002 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10299.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10299.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10299", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T19:15:15.183", - "lastModified": "2024-10-23T19:15:15.183", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/view-card-detail.php of the component Managecard View Detail Page. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Medical Card Generation System 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/view-card-detail.php del componente Managecard View Detail Page. La manipulaci\u00f3n del argumento viewid conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10300.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10300.json index 0eb0e5d75a6..526ea2b7bf1 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10300.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10300.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10300", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T20:15:05.060", - "lastModified": "2024-10-23T20:15:05.060", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Medical Card Generation System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /admin/view-enquiry.php del componente View Enquiry Page. La manipulaci\u00f3n del argumento viewid provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10301.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10301.json index 91a4888ed74..3825901b06f 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10301.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10301.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10301", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T20:15:05.310", - "lastModified": "2024-10-23T20:15:05.310", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Medical Card Generation System 1.0. Se trata de una funci\u00f3n desconocida del archivo /admin/search-medicalcard.php del componente Search. La manipulaci\u00f3n del argumento searchdata provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10313.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10313.json index 2fa93fa0835..f39c694c4da 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10313.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10313.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10313", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-10-24T18:15:05.920", - "lastModified": "2024-10-24T18:15:05.920", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal \nvulnerability. When the software loads a malicious \u2018ems' project \ntemplate file constructed by an attacker, it can write files to \narbitrary directories. This can lead to overwriting system files, \ncausing system paralysis, or writing to startup items, resulting in \nremote control." + }, + { + "lang": "es", + "value": "El editor HMI para PC de SCADA SpiderControl de iniNet Solutions tiene una vulnerabilidad de path traversal. Cuando el software carga un archivo de plantilla de proyecto 'ems' malicioso creado por un atacante, puede escribir archivos en directorios arbitrarios. Esto puede provocar la sobrescritura de archivos del sistema, lo que provoca una par\u00e1lisis del sistema o la escritura en elementos de inicio, lo que da como resultado el control remoto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10327.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10327.json index 1e9fe73e780..0657104f3f5 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10327.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10327.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10327", "sourceIdentifier": "psirt@okta.com", "published": "2024-10-24T21:15:11.730", - "lastModified": "2024-10-24T21:15:11.730", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user\u2019s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed. \nThe ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include: \n* When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device; \n* When a user is presented with a notification on the home screen and drags the notification down and selects their reply; \n* When an Apple Watch is used to reply directly to a notification. \n\n A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en Okta Verify para las versiones iOS 9.25.1 (beta) y 9.27.0 (incluida la beta) permite respuestas de notificaciones push a trav\u00e9s de la funci\u00f3n ContextExtension de iOS, lo que permite que la autenticaci\u00f3n contin\u00fae independientemente de la selecci\u00f3n del usuario. Cuando un usuario presiona prolongadamente el banner de notificaci\u00f3n y selecciona una opci\u00f3n, ambas opciones permiten que la autenticaci\u00f3n se realice correctamente. La funci\u00f3n ContextExtension es uno de los varios mecanismos push disponibles al usar Okta Verify Push en dispositivos iOS. Los flujos vulnerables incluyen: * Cuando a un usuario se le presenta una notificaci\u00f3n en una pantalla bloqueada, el usuario presiona la notificaci\u00f3n directamente y selecciona su respuesta sin desbloquear el dispositivo; * Cuando a un usuario se le presenta una notificaci\u00f3n en la pantalla de inicio y arrastra la notificaci\u00f3n hacia abajo y selecciona su respuesta; * Cuando se usa un Apple Watch para responder directamente a una notificaci\u00f3n. Una condici\u00f3n previa para esta vulnerabilidad es que el usuario debe haberse registrado en Okta Verify mientras el cliente de Okta usaba Okta Classic. Esto se aplica independientemente de si la organizaci\u00f3n se ha actualizado desde entonces a Okta Identity Engine." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10331.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10331.json index 03d10636804..a8304908828 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10331.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10331.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10331", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-24T11:15:14.327", - "lastModified": "2024-10-24T11:15:14.327", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en PHPGurukul Vehicle Record System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /admin/search-vehicle.php. La manipulaci\u00f3n del argumento searchinputdata conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10332.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10332.json index f64624cbc8f..c14bddee10f 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10332.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10332.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10332", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-10-24T13:15:11.830", - "lastModified": "2024-10-24T13:15:11.830", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint \u201c/abonados/public/janto/main.php\u201d." + }, + { + "lang": "es", + "value": "Se ha descubierto una vulnerabilidad de tipo Cross-Site Scripting en Janto v4.3r11 de Impronta. Esta vulnerabilidad permite a un atacante ejecutar c\u00f3digo JavaScript en el navegador de la v\u00edctima envi\u00e1ndole una URL maliciosa mediante el endpoint \u201c/abonados/public/janto/main.php\u201d." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10335.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10335.json index 975712915a3..7bd5cbcc426 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10335.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10335.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10335", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-24T17:15:14.823", - "lastModified": "2024-10-24T17:15:14.823", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"username\" to be affected. But it must be assumed that the parameter \"password\" is affected as well." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en SourceCodester Garbage Collection Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo login.php. La manipulaci\u00f3n del argumento nombre de usuario/contrase\u00f1a provoca una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo menciona que el par\u00e1metro \"nombre de usuario\" se ver\u00e1 afectado, pero se debe asumir que el par\u00e1metro \"contrase\u00f1a\" tambi\u00e9n se ver\u00e1 afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10336.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10336.json index bb89e9fd1d4..9459214bb5e 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10336.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10336.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10336", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-24T17:15:15.143", - "lastModified": "2024-10-24T17:15:15.143", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodeHero Clothes Recommendation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php of the component Admin Login Page. The manipulation of the argument t1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en SourceCodeHero Clothes Recommendation System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /admin/index.php del componente Admin Login Page. La manipulaci\u00f3n del argumento t1 conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10337.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10337.json index 169eae6b44c..5c9da21a103 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10337.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10337.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10337", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-24T18:15:06.170", - "lastModified": "2024-10-24T18:15:06.170", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Affected is an unknown function of the file /admin/home.php?con=add. The manipulation of the argument cat/subcat/ t1/t2/text leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodeHero Clothes Recommendation System 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /admin/home.php?con=add. La manipulaci\u00f3n del argumento cat/subcat/t1/t2/text provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10338.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10338.json index 8dd1588329e..9ca71694832 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10338.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10338.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10338", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-24T18:15:06.437", - "lastModified": "2024-10-24T18:15:06.437", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in SourceCodeHero Clothes Recommendation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/home.php. The manipulation of the argument view/view1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodeHero Clothes Recommendation System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/home.php. La manipulaci\u00f3n del argumento view/view1 conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10341.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10341.json index a25343d7540..ed7bd90db75 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10341.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10341.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10341", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-25T08:15:02.467", - "lastModified": "2024-10-25T08:15:02.467", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento League of Legends Shortcodes para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del c\u00f3digo corto del complemento en versiones hasta la 1.0.1 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados con permisos de nivel de colaborador y superiores agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10342.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10342.json index 83dbcc32c89..4bb3618a670 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10342.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10342.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10342", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-25T08:15:02.670", - "lastModified": "2024-10-25T08:15:02.670", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento League of Legends Shortcodes para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de shortcodes en versiones hasta la 1.0.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en atributos proporcionados por el usuario. Esto permite que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10343.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10343.json index 296c1ac8bde..e6ac1875cfa 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10343.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10343.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10343", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-25T09:15:04.637", - "lastModified": "2024-10-25T09:15:04.637", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Beek Widget Extention para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de c\u00f3digos cortos en versiones hasta la 0.9.5 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en atributos proporcionados por el usuario. Esto permite que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10348.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10348.json index 9e1885d403b..057ae89e867 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10348.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10348.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10348", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-24T22:15:03.040", - "lastModified": "2024-10-24T22:15:03.040", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field \"Last Name\" to be affected. Other fields might be affected as well." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en SourceCodester Best House Rental Management System 1.0. Se ha clasificado como problem\u00e1tica. Afecta a una parte desconocida del archivo /index.php?page=tenants del componente Manage Tenant Details. La manipulaci\u00f3n del argumento Last Name/First Name/Middle Name provoca cross-site scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo muestra que el campo \"Last Name\" se ver\u00e1 afectado. Tambi\u00e9n podr\u00edan verse afectados otros campos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10349.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10349.json index 78acad82aa7..2be5014895e 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10349.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10349.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10349", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-24T22:15:03.410", - "lastModified": "2024-10-24T22:15:03.410", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en SourceCodester Best House Rental Management System 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n delete_tenant del archivo /ajax.php?action=delete_tenant. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10350.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10350.json index 59024a514c4..402298ffec0 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10350.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10350.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10350", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-24T23:15:13.250", - "lastModified": "2024-10-24T23:15:13.250", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation of the argument docname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en code-projects Hospital Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/add-doctor.php. La manipulaci\u00f3n del argumento docname conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10351.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10351.json index 86b1dad0d70..6a6c80de375 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10351.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10351.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10351", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T00:15:02.533", - "lastModified": "2024-10-25T00:15:02.533", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Tenda RX9 Pro 22.03.02.20. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n sub_424CE0 del archivo /goform/setMacFilterCfg del componente POST Request Handler. La manipulaci\u00f3n del argumento deviceList provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10353.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10353.json index 24f9119ad1e..01e3f552d2e 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10353.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10353.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10353", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T00:15:02.800", - "lastModified": "2024-10-25T00:15:02.800", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This affects a different product and is a different issue than CVE-2024-40480." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Online Exam System 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /admin-dashboard. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Afecta a un producto diferente y es un problema diferente a CVE-2024-40480." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10354.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10354.json index 36cdf1720bb..a1f7809bfc6 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10354.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10354.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10354", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T01:15:13.213", - "lastModified": "2024-10-25T01:15:13.213", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Petrol Pump Management Software 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/print.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10355.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10355.json index 4ea0eb9dbbb..337e418bcbf 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10355.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10355.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10355", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T01:15:13.497", - "lastModified": "2024-10-25T01:15:13.497", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en SourceCodester Petrol Pump Management Software 1.0. Este problema afecta a algunas funciones desconocidas del archivo /admin/invoice.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10368.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10368.json index b8336f66ef5..57419e66193 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10368.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10368.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10368", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T02:15:02.327", - "lastModified": "2024-10-25T02:15:02.327", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Codezips Sales Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addstock.php. The manipulation of the argument prodtype leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Codezips Sales Management System 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /addstock.php. La manipulaci\u00f3n del argumento prodtype provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10369.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10369.json index b0771ec8a31..d0f95c4a1df 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10369.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10369.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10369", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T02:15:02.613", - "lastModified": "2024-10-25T02:15:02.613", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Codezips Sales Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /addcustcom.php. La manipulaci\u00f3n del argumento refno provoca una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10370.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10370.json index efb598ed8e1..ac962eef6b7 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10370.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10370.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10370", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T02:15:02.910", - "lastModified": "2024-10-25T02:15:02.910", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcustind.php. The manipulation of the argument refno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Codezips Sales Management System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /addcustind.php. La manipulaci\u00f3n del argumento refno provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10371.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10371.json index 4bdbeeebc8e..a1b38e1d0ca 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10371.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10371.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10371", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T02:15:03.280", - "lastModified": "2024-10-25T02:15:03.280", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Payroll Management System 1.0. Afecta a la funci\u00f3n login del archivo main. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10372.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10372.json index 227f3fe9955..b39fb581614 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10372.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10372.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10372", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T02:15:03.597", - "lastModified": "2024-10-25T02:15:03.597", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en chidiwilliams buzz 1.1.0. Esta vulnerabilidad afecta a la funci\u00f3n download_model del archivo buzz/model_loader.py. La manipulaci\u00f3n genera un archivo temporal inseguro. Es posible lanzar el ataque en el host local. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece ser dif\u00edcil. El exploit ha sido revelado al p\u00fablico y puede usarse. El proveedor fue contactado con anticipaci\u00f3n sobre esta revelaci\u00f3n pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10374.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10374.json new file mode 100644 index 00000000000..504bbc5ff00 --- /dev/null +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10374.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-10374", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-25T12:15:02.410", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3172530/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wp-members/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ea93a49-0e1a-4a24-8f6b-03e624f517d4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10376.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10376.json index 3fc77da43b4..ed5f64fbe7f 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10376.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10376.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10376", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T11:15:15.037", - "lastModified": "2024-10-25T11:15:15.037", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10377.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10377.json index d1958cf5968..5b61c7e6dc7 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10377.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10377.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10377", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-25T11:15:15.920", - "lastModified": "2024-10-25T11:15:15.920", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10378.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10378.json new file mode 100644 index 00000000000..089a415f5c8 --- /dev/null +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10378.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-10378", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-25T12:15:02.650", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://flowus.cn/share/5d03f1d5-695a-421b-8445-2273774ea97a?code=G8A6P3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.281808", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.281808", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.426086", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10379.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10379.json new file mode 100644 index 00000000000..6fdfae4f9b8 --- /dev/null +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10379.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-10379", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-25T12:15:02.890", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-24" + } + ] + } + ], + "references": [ + { + "url": "https://flowus.cn/share/0b03c61a-76a5-4f45-9ee7-a88e0f21d539?code=G8A6P3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.281809", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.281809", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.426087", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10380.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10380.json new file mode 100644 index 00000000000..cb3fe0bdb36 --- /dev/null +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10380.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10380", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-25T13:15:17.547", + "lastModified": "2024-10-25T13:15:17.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/K1nako0/tmp_vuln5/blob/main/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.281810", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.281810", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.431174", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10381.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10381.json new file mode 100644 index 00000000000..0ca5991cbdc --- /dev/null +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10381.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-10381", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-10-25T13:15:17.810", + "lastModified": "2024-10-25T13:15:17.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20260.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20260.json index 6d2ae006c34..fcacc76fa0a 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20260.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20260.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20260", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:13.950", - "lastModified": "2024-10-23T17:15:13.950", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together.\r\n\r\nThis vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en los servidores web de administraci\u00f3n y VPN de las plataformas Cisco Adaptive Security Virtual Appliance (ASAv) y Cisco Secure Firewall Threat Defense Virtual (FTDv), anteriormente Cisco Firepower Threat Defense Virtual, podr\u00eda permitir que un atacante remoto no autenticado provoque que los dispositivos virtuales se queden sin memoria del sistema, lo que podr\u00eda hacer que el procesamiento de la conexi\u00f3n SSL VPN se ralentice y, finalmente, cese por completo. Esta vulnerabilidad se debe a la falta de una administraci\u00f3n de memoria adecuada para las nuevas conexiones SSL/TLS entrantes en las plataformas virtuales. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una gran cantidad de nuevas conexiones SSL/TLS entrantes a la plataforma virtual de destino. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante agotar la memoria del sistema, lo que dar\u00eda como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La memoria podr\u00eda recuperarse lentamente si se detiene el tr\u00e1fico del ataque, pero puede ser necesaria una recarga manual para restaurar las operaciones r\u00e1pidamente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20264.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20264.json index 61f369bb44a..b03751b42fa 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20264.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20264.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20264", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:14.180", - "lastModified": "2024-10-23T17:15:14.180", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice un ataque de cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20268.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20268.json index c28e63e81b3..38a82db2252 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20268.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20268.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20268", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:14.387", - "lastModified": "2024-10-23T17:15:14.387", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an unexpected reload of the device.\r\n\r\nThis vulnerability is due to insufficient input validation of SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device using IPv4 or IPv6. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects all versions of SNMP (versions 1, 2c, and 3) and requires a valid SNMP community string or valid SNMPv3 user credentials." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de protocolo simple de administraci\u00f3n de redes (SNMP) del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto autenticado provoque una recarga inesperada del dispositivo. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de los paquetes SNMP. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud SNMP manipulada a un dispositivo afectado mediante IPv4 o IPv6. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo afectado se recargue, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad afecta a todas las versiones de SNMP (versiones 1, 2c y 3) y requiere una cadena de comunidad SNMP v\u00e1lida o credenciales de usuario SNMPv3 v\u00e1lidas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20269.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20269.json index 4fda21c2a7b..0ac30235efb 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20269.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20269.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20269", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:14.610", - "lastModified": "2024-10-23T17:15:14.610", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice un ataque de cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20273.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20273.json index 84b0d6f33fb..ac0a0851419 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20273.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20273.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20273", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:14.813", - "lastModified": "2024-10-23T17:15:14.813", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20274.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20274.json index 900c8f978cf..6a1f351bad8 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20274.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20274.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20274", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:15.027", - "lastModified": "2024-10-23T17:15:15.027", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document.\r\n\r\nThis vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, access arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To successfully exploit this vulnerability, an attacker would need valid credentials for a user account with policy-editing permissions, such as Network Admin, Intrusion Admin, or any custom user role with the same capabilities." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Secure Firewall Management Center (FMC), anteriormente Firepower Management Center Software, podr\u00eda permitir que un atacante remoto autenticado inyecte contenido HTML arbitrario en un documento generado por el dispositivo. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los datos proporcionados por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando contenido malicioso a un dispositivo afectado y utilizando el dispositivo para generar un documento que contenga informaci\u00f3n confidencial. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante alterar el dise\u00f1o est\u00e1ndar de los documentos generados por el dispositivo, acceder a archivos arbitrarios del sistema operativo subyacente y realizar ataques de server-side request forgery (SSRF). Para aprovechar esta vulnerabilidad con \u00e9xito, un atacante necesitar\u00eda credenciales v\u00e1lidas para una cuenta de usuario con permisos de edici\u00f3n de pol\u00edticas, como administrador de red, administrador de intrusiones o cualquier funci\u00f3n de usuario personalizada con las mismas capacidades." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20275.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20275.json index 37bccf90734..086314ae7ae 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20275.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20275.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20275", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:15.237", - "lastModified": "2024-10-23T17:15:15.237", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.\r\n\r\nThis vulnerability is due to insufficient validation of user data that is supplied through the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary operating system commands on the affected device. To exploit this vulnerability, an attacker would need valid credentials for a user account with at least the role of Network Administrator. In addition, the attacker would need to persuade a legitimate user to initiate a cluster backup on the affected device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de copia de seguridad de cl\u00faster del software Cisco Secure Firewall Management Center (FMC), anteriormente Firepower Management Center Software, podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema operativo subyacente. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los datos de usuario que se suministran a trav\u00e9s de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios del sistema operativo en el dispositivo afectado. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda credenciales v\u00e1lidas para una cuenta de usuario con al menos el rol de administrador de red. Adem\u00e1s, el atacante necesitar\u00eda persuadir a un usuario leg\u00edtimo para que inicie una copia de seguridad de cl\u00faster en el dispositivo afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20297.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20297.json index 5740ca1818c..a065f7ee3f9 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20297.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20297.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20297", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:15.437", - "lastModified": "2024-10-23T17:15:15.437", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerability by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el firewall AnyConnect para el software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado omita una lista de control de acceso (ACL) configurada y permita que el tr\u00e1fico que deber\u00eda haber sido denegado fluya a trav\u00e9s de un dispositivo afectado. Esta vulnerabilidad se debe a un error l\u00f3gico en el llenado de las ACL de grupo cuando un cliente AnyConnect establece una nueva sesi\u00f3n hacia un dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad estableciendo una conexi\u00f3n AnyConnect con el dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante omitir las reglas de ACL configuradas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20298.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20298.json index 71e787e6d9d..d93e5492f31 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20298.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20298.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20298", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:15.710", - "lastModified": "2024-10-23T17:15:15.710", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice un ataque de cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20299.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20299.json index 52dd3f221d7..fd59324c778 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20299.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20299.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20299", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:16.900", - "lastModified": "2024-10-23T17:15:16.900", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerability by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el firewall AnyConnect para el software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado omita una lista de control de acceso (ACL) configurada y permita que el tr\u00e1fico que deber\u00eda haber sido denegado fluya a trav\u00e9s de un dispositivo afectado. Esta vulnerabilidad se debe a un error l\u00f3gico en el llenado de las ACL de grupo cuando un cliente AnyConnect establece una nueva sesi\u00f3n hacia un dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad estableciendo una conexi\u00f3n AnyConnect con el dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante omitir las reglas de ACL configuradas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20300.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20300.json index 2b7e3041fe4..02316abe431 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20300.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20300.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20300", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:17.253", - "lastModified": "2024-10-23T17:15:17.253", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice un ataque de cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20329.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20329.json index 25977c500c5..473df33fcc2 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20329.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20329.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20329", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:17.457", - "lastModified": "2024-10-23T17:15:17.457", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el subsistema SSH del software Cisco Adaptive Security Appliance (ASA) podr\u00eda permitir que un atacante remoto autenticado ejecute comandos del sistema operativo como superusuario. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada del usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una entrada manipulada al ejecutar comandos remotos de CLI a trav\u00e9s de SSH. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante ejecute comandos en el sistema operativo subyacente con privilegios de nivel superusuario. Un atacante con privilegios de usuario limitados podr\u00eda usar esta vulnerabilidad para obtener control total sobre el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20330.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20330.json index b907922f74f..4efb1af6a7b 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20330.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20330.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20330", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:17.663", - "lastModified": "2024-10-23T17:15:17.663", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cause the Snort detection engine to restart unexpectedly.\r\n\r\nThis vulnerability is due to improper memory management when the Snort detection engine processes specific TCP or UDP packets. An attacker could exploit this vulnerability by sending crafted TCP or UDP packets through a device that is inspecting traffic using the Snort detection engine. A successful exploit could allow the attacker to restart the Snort detection engine repeatedly, which could cause a denial of service (DoS) condition. The DoS condition impacts only the traffic through the device that is examined by the Snort detection engine. The device can still be managed over the network.\r\nNote: Once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded. This means that the Snort detection engine could crash repeatedly, causing traffic that is processed by the Snort detection engine to be dropped until the device is manually reloaded." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el motor de detecci\u00f3n de TCP y UDP Snort 2 y Snort 3 del software Cisco Firepower Threat Defense (FTD) para los dispositivos Cisco Firepower de la serie 2100 podr\u00eda permitir que un atacante remoto no autenticado provoque da\u00f1os en la memoria, lo que podr\u00eda provocar que el motor de detecci\u00f3n de Snort se reinicie inesperadamente. Esta vulnerabilidad se debe a una administraci\u00f3n de memoria inadecuada cuando el motor de detecci\u00f3n de Snort procesa paquetes TCP o UDP espec\u00edficos. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando paquetes TCP o UDP manipulados a trav\u00e9s de un dispositivo que est\u00e9 inspeccionando el tr\u00e1fico mediante el motor de detecci\u00f3n de Snort. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante reiniciar el motor de detecci\u00f3n de Snort repetidamente, lo que podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La condici\u00f3n de DoS afecta solo al tr\u00e1fico a trav\u00e9s del dispositivo que examina el motor de detecci\u00f3n de Snort. El dispositivo a\u00fan se puede administrar a trav\u00e9s de la red. Nota: Una vez que se da\u00f1a un bloque de memoria, no se puede borrar hasta que se vuelva a cargar manualmente el dispositivo Cisco Firepower de la serie 2100. Esto significa que el motor de detecci\u00f3n de Snort podr\u00eda fallar repetidamente, provocando que el tr\u00e1fico procesado por el motor de detecci\u00f3n de Snort se descarte hasta que el dispositivo se vuelva a cargar manualmente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20331.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20331.json index 71d289d4a7c..16db473f185 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20331.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20331.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20331", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:17.870", - "lastModified": "2024-10-23T17:15:17.870", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating.\r\n\r\nThis vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their authentication session. A successful exploit could allow the attacker to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de autenticaci\u00f3n de sesi\u00f3n de la funci\u00f3n VPN SSL de acceso remoto del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado impida que los usuarios se autentiquen. Esta vulnerabilidad se debe a una entrop\u00eda insuficiente en el proceso de autenticaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad determinando el identificador de un usuario que se autentica y utiliz\u00e1ndolo para finalizar su sesi\u00f3n de autenticaci\u00f3n. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obligar a un usuario a reiniciar el proceso de autenticaci\u00f3n, lo que impedir\u00eda que un usuario leg\u00edtimo estableciera sesiones VPN de acceso remoto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20339.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20339.json index e469a2b61a8..6bf0b361fb6 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20339.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20339.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20339", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:18.097", - "lastModified": "2024-10-23T17:15:18.097", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an issue that occurs when TLS traffic is processed. An attacker could exploit this vulnerability by sending certain TLS traffic over IPv4 through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition and impacting traffic to and through the affected device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de procesamiento de TLS del software Cisco Firepower Threat Defense (FTD) para la serie Cisco Firepower 2100 podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un problema que ocurre cuando se procesa el tr\u00e1fico TLS. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando cierto tr\u00e1fico TLS a trav\u00e9s de IPv4 a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue, lo que genera una condici\u00f3n de DoS y afecta el tr\u00e1fico hacia y a trav\u00e9s del dispositivo afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20340.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20340.json index d6e8e94fc79..90953a237cd 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20340.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20340.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20340", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:18.300", - "lastModified": "2024-10-23T17:15:18.300", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Secure Firewall Management Center (FMC), anteriormente Firepower Management Center Software, podr\u00eda permitir que un atacante remoto autenticado realice un ataque de inyecci\u00f3n SQL contra un dispositivo afectado. Para aprovechar esta vulnerabilidad, un atacante debe tener una cuenta v\u00e1lida en el dispositivo con el rol de aprobador de seguridad, administrador de intrusiones, administrador de acceso o administrador de red. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante leer el contenido de las bases de datos en el dispositivo afectado y tambi\u00e9n obtener acceso de lectura limitado al sistema operativo subyacente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20341.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20341.json index 1d82b157fbd..61e1864d462 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20341.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20341.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20341", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:18.493", - "lastModified": "2024-10-23T17:15:18.493", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this vulnerability by persuading a user to follow a link designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de servicios de cliente web VPN del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) contra un navegador que est\u00e9 accediendo a un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de la entrada proporcionada por el usuario a los endpoints de la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que siga un enlace manipulado para enviar una entrada maliciosa a la aplicaci\u00f3n afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo HTML o script arbitrario en el navegador en el contexto de la p\u00e1gina de servicios web." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20342.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20342.json index c35b9163728..1724af08848 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20342.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20342.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20342", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:18.703", - "lastModified": "2024-10-23T17:15:18.703", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter.\r\n\r\nThis vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device." + }, + { + "lang": "es", + "value": "Varios productos de Cisco se ven afectados por una vulnerabilidad en la funci\u00f3n de filtrado de velocidad del motor de detecci\u00f3n Snort que podr\u00eda permitir que un atacante remoto no autenticado eluda un filtro de limitaci\u00f3n de velocidad configurado. Esta vulnerabilidad se debe a una comparaci\u00f3n incorrecta del recuento de conexiones. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico a trav\u00e9s de un dispositivo afectado a una velocidad que supere un filtro de velocidad configurado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante eluda con \u00e9xito el filtro de velocidad. Esto podr\u00eda permitir que el tr\u00e1fico no deseado ingrese a la red protegida por el dispositivo afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20351.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20351.json index a79120522fa..7a9b871dae0 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20351.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20351.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20351", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T17:15:18.913", - "lastModified": "2024-10-23T17:15:18.913", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic through the affected device. A successful exploit could allow the attacker to cause the Cisco FTD device to drop network traffic, resulting in a DoS condition. The affected device must be rebooted to resolve the DoS condition." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de manejo de tr\u00e1fico TCP/IP del motor de detecci\u00f3n Snort del software Cisco Firepower Threat Defense (FTD) y los servicios Cisco FirePOWER podr\u00eda permitir que un atacante remoto no autenticado provoque la p\u00e9rdida de tr\u00e1fico leg\u00edtimo de la red, lo que dar\u00eda lugar a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un manejo inadecuado del tr\u00e1fico de red TCP/IP. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una gran cantidad de tr\u00e1fico de red TCP/IP a trav\u00e9s del dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante hacer que el dispositivo Cisco FTD pierda tr\u00e1fico de red, lo que dar\u00eda lugar a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). El dispositivo afectado debe reiniciarse para resolver la condici\u00f3n de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20364.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20364.json index 40f62226ba3..7515eebf814 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20364.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20364.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20364", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:05.427", - "lastModified": "2024-10-23T18:15:05.427", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20370.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20370.json index e1fbcfda432..08e3aca0deb 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20370.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20370.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20370", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:05.637", - "lastModified": "2024-10-23T18:15:05.637", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n Cisco FXOS CLI en plataformas de hardware espec\u00edficas para el software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante local autenticado eleve sus privilegios administrativos a superusuario. El atacante necesitar\u00eda credenciales administrativas v\u00e1lidas en el dispositivo para explotar esta vulnerabilidad. Esta vulnerabilidad existe porque ciertas configuraciones del sistema y archivos ejecutables tienen almacenamiento y permisos inseguros. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el dispositivo y luego realizando una serie de pasos que incluyen la descarga de archivos de sistema maliciosos y el acceso a la CLI de Cisco FXOS para configurar el ataque. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener acceso como superusuario en el dispositivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20372.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20372.json index 10dd1970b39..9fca7a0229a 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20372.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20372.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20372", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:05.863", - "lastModified": "2024-10-23T18:15:05.863", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20374.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20374.json index b6de2b693c3..c461147091c 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20374.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20374.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20374", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:06.100", - "lastModified": "2024-10-23T18:15:06.100", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system.\r\n\r This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Secure Firewall Management Center (FMC), anteriormente Firepower Management Center Software, podr\u00eda permitir que un atacante remoto autenticado con privilegios de nivel de administrador ejecute comandos arbitrarios en el sistema operativo subyacente. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de ciertos par\u00e1metros de solicitud HTTP que se env\u00edan a la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad autentic\u00e1ndose en la interfaz de administraci\u00f3n basada en web de Cisco FMC y enviando una solicitud HTTP manipulada a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos como usuario ra\u00edz en el dispositivo afectado. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda credenciales de nivel de administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20377.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20377.json index b0447650435..782ce6ce8bd 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20377.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20377.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20377", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:06.327", - "lastModified": "2024-10-23T18:15:06.327", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker could exploit this vulnerability by by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz. Esta vulnerabilidad se debe a que la interfaz de administraci\u00f3n basada en web no valida correctamente la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que haga clic en un v\u00ednculo manipulado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20379.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20379.json index 3c6935bd738..8b3d5ff740e 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20379.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20379.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20379", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:06.553", - "lastModified": "2024-10-23T18:15:06.553", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Secure Firewall Management Center (FMC), anteriormente Firepower Management Center Software, podr\u00eda permitir que un atacante remoto autenticado lea archivos arbitrarios del sistema operativo subyacente. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida correctamente la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante leer archivos arbitrarios en el sistema operativo subyacente del dispositivo afectado. El atacante necesitar\u00eda credenciales de usuario v\u00e1lidas para aprovechar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20382.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20382.json index d3e98bc0e95..726518d651b 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20382.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20382.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20382", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:06.780", - "lastModified": "2024-10-23T18:15:06.780", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this vulnerability by persuading a user to follow a link designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de servicios de cliente web VPN del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) contra un navegador que est\u00e9 accediendo a un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de la entrada proporcionada por el usuario a los endpoints de la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que siga un enlace dise\u00f1ado para enviar una entrada maliciosa a la aplicaci\u00f3n afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo HTML o script arbitrario en el navegador en el contexto de la p\u00e1gina de servicios web." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20384.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20384.json index 5761d884ab2..6749b72459c 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20384.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20384.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20384", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:07.030", - "lastModified": "2024-10-23T18:15:07.030", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device.\r\n\r This vulnerability is due to a logic error that occurs when NSG ACLs are populated on an affected device. An attacker could exploit this vulnerability by establishing a connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n Network Service Group (NSG) del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado omita una lista de control de acceso (ACL) configurada y permita que el tr\u00e1fico que deber\u00eda estar denegado fluya a trav\u00e9s de un dispositivo afectado. Esta vulnerabilidad se debe a un error l\u00f3gico que ocurre cuando se completan las ACL de NSG en un dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad estableciendo una conexi\u00f3n con el dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante omitir las reglas de ACL configuradas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20386.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20386.json index 0c45aaa52d4..9afaa7060af 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20386.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20386.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20386", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:07.257", - "lastModified": "2024-10-23T18:15:07.257", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20387.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20387.json index de5293fbb81..18152963cd7 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20387.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20387.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20387", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:07.480", - "lastModified": "2024-10-23T18:15:07.480", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en la web de Cisco FMC Software podr\u00eda permitir que un atacante remoto autenticado almacene contenido malicioso para usarlo en ataques XSS. Esta vulnerabilidad se debe a una desinfecci\u00f3n de entrada incorrecta en la interfaz de administraci\u00f3n basada en la web de Cisco FMC Software. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que haga clic en un enlace malicioso. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar un ataque XSS almacenado en un dispositivo afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20388.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20388.json index 33fe5a35f6f..7488f84c7ee 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20388.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20388.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20388", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:07.697", - "lastModified": "2024-10-23T18:15:07.697", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.\r\n\r This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de cambio de contrase\u00f1a del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto no autenticado determine nombres de usuario v\u00e1lidos en un dispositivo afectado. Esta vulnerabilidad se debe a una autenticaci\u00f3n incorrecta de las respuestas de actualizaci\u00f3n de contrase\u00f1a. Un atacante podr\u00eda aprovechar esta vulnerabilidad al forzar el restablecimiento de contrase\u00f1a en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante determinar nombres de usuario v\u00e1lidos en la respuesta no autenticada a un restablecimiento forzado de contrase\u00f1a." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20402.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20402.json index 9a153a9f423..ccb94c9c57c 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20402.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20402.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20402", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:07.930", - "lastModified": "2024-10-23T18:15:07.930", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n SSL VPN del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado haga que un dispositivo afectado se recargue inesperadamente, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un error l\u00f3gico en la administraci\u00f3n de la memoria cuando el dispositivo est\u00e1 manejando conexiones SSL VPN. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando paquetes SSL/TLS manipulados al servidor SSL VPN del dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20403.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20403.json index 4bd88d04532..a2d403f747f 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20403.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20403.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20403", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:08.193", - "lastModified": "2024-10-23T18:15:08.193", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice un ataque de cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20407.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20407.json index 1a3eb16d6d0..5263bbc786e 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20407.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20407.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20407", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:08.413", - "lastModified": "2024-10-23T18:15:08.413", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies on an affected system. Devices that are configured with Snort 2 are not affected by this vulnerability. \r\n\r This vulnerability is due to a logic error when handling embryonic (half-open) TCP connections. An attacker could exploit this vulnerability by sending a crafted traffic pattern through an affected device. A successful exploit could allow unintended traffic to enter the network protected by the affected device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interacci\u00f3n entre la funci\u00f3n TCP Intercept y el motor de detecci\u00f3n Snort 3 en el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado eluda las pol\u00edticas configuradas en un sistema afectado. Los dispositivos que est\u00e1n configurados con Snort 2 no se ven afectados por esta vulnerabilidad. Esta vulnerabilidad se debe a un error l\u00f3gico al manejar conexiones TCP embrionarias (semiabiertas). Un atacante podr\u00eda explotar esta vulnerabilidad enviando un patr\u00f3n de tr\u00e1fico manipulado a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el tr\u00e1fico no deseado ingrese a la red protegida por el dispositivo afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20408.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20408.json index 63b02d9ee1c..0c6e092780c 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20408.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20408.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20408", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:08.697", - "lastModified": "2024-10-23T18:15:08.697", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly. To exploit this vulnerability, an attacker would need valid remote access VPN user credentials on the affected device.\r\n\r This vulnerability is due to improper validation of data in HTTPS POST requests. An attacker could exploit this vulnerability by sending a crafted HTTPS POST request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de pol\u00edticas de acceso din\u00e1mico (DAP) del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto autenticado haga que un dispositivo afectado se recargue inesperadamente. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda credenciales de usuario de VPN de acceso remoto v\u00e1lidas en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los datos en las solicitudes HTTPS POST. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTPS POST manipulada a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20409.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20409.json index 1a493a82e01..cf583ad52ab 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20409.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20409.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20409", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:08.970", - "lastModified": "2024-10-23T18:15:08.970", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada manipulada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20410.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20410.json index a2ee1b8a324..c118f8fb02e 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20410.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20410.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20410", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:09.197", - "lastModified": "2024-10-23T18:15:09.197", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada dise\u00f1ada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20412.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20412.json index 43bef2aacfc..c67c0b78268 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20412.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20412.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20412", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:09.430", - "lastModified": "2024-10-23T18:15:09.430", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.\r\n\r This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el software Cisco Firepower Threat Defense (FTD) para Cisco Firepower 1000, 2100, 3100 y 4200 Series podr\u00eda permitir que un atacante local no autenticado acceda a un sistema afectado utilizando credenciales est\u00e1ticas. Esta vulnerabilidad se debe a la presencia de cuentas est\u00e1ticas con contrase\u00f1as codificadas en un sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad iniciando sesi\u00f3n en la CLI de un dispositivo afectado con estas credenciales. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder al sistema afectado y recuperar informaci\u00f3n confidencial, realizar acciones limitadas de resoluci\u00f3n de problemas, modificar algunas opciones de configuraci\u00f3n o hacer que el dispositivo no pueda iniciarse en el sistema operativo, lo que requiere una nueva imagen del dispositivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20415.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20415.json index ef06246ab11..ee953967aff 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20415.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20415.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20415", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:09.713", - "lastModified": "2024-10-23T18:15:09.713", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando una entrada dise\u00f1ada en varios campos de datos en una interfaz afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de secuencia de comandos arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20424.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20424.json index 7ef1b7cc7e1..fae4dc337b7 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20424.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20424.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20424", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:09.930", - "lastModified": "2024-10-23T18:15:09.930", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.\r\n\r This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only)." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Secure Firewall Management Center (FMC), anteriormente Firepower Management Center Software, podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema operativo subyacente como superusuario. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de ciertas solicitudes HTTP. Un atacante podr\u00eda aprovechar esta vulnerabilidad autentic\u00e1ndose en la interfaz de administraci\u00f3n basada en web de un dispositivo afectado y luego enviando una solicitud HTTP manipulada al dispositivo. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios con permisos superusuario en el sistema operativo subyacente del dispositivo Cisco FMC o ejecutar comandos en dispositivos Cisco Firepower Threat Defense (FTD) administrados. Para aprovechar esta vulnerabilidad, el atacante necesitar\u00eda credenciales v\u00e1lidas para una cuenta de usuario con al menos el rol de analista de seguridad (solo lectura)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20426.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20426.json index 18235d9f524..098e250fe56 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20426.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20426.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20426", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:10.147", - "lastModified": "2024-10-23T18:15:10.147", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el protocolo de intercambio de claves de Internet versi\u00f3n 2 (IKEv2) para la terminaci\u00f3n de VPN del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico IKEv2 manipulado a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue, lo que da como resultado una condici\u00f3n de DoS." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20431.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20431.json index 5156ee74e7d..ae39ba767be 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20431.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20431.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20431", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:10.440", - "lastModified": "2024-10-23T18:15:10.440", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy.\r\n\r This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this vulnerability by sending traffic through an affected device. A successful exploit could allow the attacker to bypass a geolocation-based access control policy and successfully send traffic to a protected device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de control de acceso por geolocalizaci\u00f3n del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado eluda una pol\u00edtica de control de acceso. Esta vulnerabilidad se debe a una asignaci\u00f3n incorrecta de datos de geolocalizaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante eludir una pol\u00edtica de control de acceso basada en geolocalizaci\u00f3n y enviar tr\u00e1fico con \u00e9xito a un dispositivo protegido." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20471.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20471.json index 67275598a8b..c0665f3b179 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20471.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20471.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20471", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:10.773", - "lastModified": "2024-10-23T18:15:10.773", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r\n\r This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Secure Firewall Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice ataques de inyecci\u00f3n SQL en un sistema afectado. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida adecuadamente la entrada del usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad autentic\u00e1ndose en la aplicaci\u00f3n como administrador y enviando consultas SQL manipuladas a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener datos no autorizados de la base de datos y realizar cambios en el sistema. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda privilegios de nivel de administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20472.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20472.json index bffb671909f..3908bcf530b 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20472.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20472.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20472", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:11.007", - "lastModified": "2024-10-23T18:15:11.007", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r\n\r\nThis vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Secure Firewall Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice ataques de inyecci\u00f3n SQL en un sistema afectado. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida adecuadamente la entrada del usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad autentic\u00e1ndose en la aplicaci\u00f3n como administrador y enviando consultas SQL manipuladas a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener datos no autorizados de la base de datos y realizar cambios en el sistema. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda privilegios de nivel de administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20473.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20473.json index 72c5fd67e3f..6e8ac1ecac0 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20473.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20473.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20473", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:11.280", - "lastModified": "2024-10-23T18:15:11.280", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r\n\r\nThis vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit this vulnerability, an attacker would need Administrator-level privileges." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Secure Firewall Management Center (FMC) podr\u00eda permitir que un atacante remoto autenticado realice ataques de inyecci\u00f3n SQL en un sistema afectado. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida adecuadamente la entrada del usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad autentic\u00e1ndose en la aplicaci\u00f3n como administrador y enviando consultas SQL manipuladas a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener datos no autorizados de la base de datos y realizar cambios en el sistema. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda privilegios de nivel de administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20474.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20474.json index 31e8fd94508..b10da157083 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20474.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20474.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20474", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:11.517", - "lastModified": "2024-10-23T18:15:11.517", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client.\r\n\r This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software.\r\n\r Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el procesamiento de la versi\u00f3n 2 de Internet Key Exchange (IKEv2) de Cisco Secure Client Software podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS) de Cisco Secure Client. Esta vulnerabilidad se debe a una condici\u00f3n de desbordamiento de enteros. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un paquete IKEv2 manipulado a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar que Cisco Secure Client Software se bloquee, lo que provocar\u00eda una condici\u00f3n de DoS en el software cliente. Nota: Las versiones 4.10 y anteriores de Cisco Secure Client Software se conoc\u00edan como Cisco AnyConnect Secure Mobility Client." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20481.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20481.json index 2bb90022370..9e2e3bc9e0a 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20481.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20481.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20481", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:11.737", - "lastModified": "2024-10-25T01:00:01.450", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "cisaExploitAdd": "2024-10-24", "cisaActionDue": "2024-11-14", diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20482.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20482.json index e81049f39ef..95657700f45 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20482.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20482.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20482", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:12.063", - "lastModified": "2024-10-23T18:15:12.063", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role.\r\n\r This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Secure Firewall Management Center (FMC), anteriormente Firepower Management Center Software, podr\u00eda permitir que un atacante remoto autenticado eleve los privilegios en un dispositivo afectado. Para aprovechar esta vulnerabilidad, un atacante debe tener una cuenta v\u00e1lida en el dispositivo que est\u00e9 configurada con un rol de solo lectura personalizado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los permisos de rol en parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad al realizar una operaci\u00f3n de escritura en la parte afectada de la interfaz de administraci\u00f3n basada en web. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante modificar ciertas partes de la configuraci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20485.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20485.json index 7677cbae854..9629f91e0de 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20485.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20485.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20485", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:12.273", - "lastModified": "2024-10-23T18:15:12.273", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.\r\n\r This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el servidor web VPN del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario con privilegios de nivel ra\u00edz. Se requieren privilegios de nivel de administrador para explotar esta vulnerabilidad. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de un archivo espec\u00edfico cuando se lee desde la memoria flash del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad restaurando un archivo de copia de seguridad manipulado a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante ejecute c\u00f3digo arbitrario en el dispositivo afectado despu\u00e9s de la pr\u00f3xima recarga del dispositivo, lo que podr\u00eda alterar el comportamiento del sistema. Debido a que el c\u00f3digo inyectado podr\u00eda persistir despu\u00e9s de reiniciar el dispositivo, Cisco ha elevado la calificaci\u00f3n de impacto de seguridad (SIR) de este aviso de medio a alto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20493.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20493.json index 91275aefcf9..18cc4d2aee4 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20493.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20493.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20493", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:12.533", - "lastModified": "2024-10-23T18:15:12.533", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition.\r\n\r This vulnerability is due to ineffective handling of memory resources during the authentication process. An attacker could exploit this vulnerability by sending crafted packets, which could cause resource exhaustion of the authentication process. A successful exploit could allow the attacker to deny authentication for Remote Access SSL VPN users for several minutes, resulting in a temporary DoS condition." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de autenticaci\u00f3n de inicio de sesi\u00f3n de la funci\u00f3n VPN SSL de acceso remoto del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado deniegue m\u00e1s autenticaciones de usuarios de VPN durante varios minutos, lo que dar\u00eda lugar a una condici\u00f3n de denegaci\u00f3n de servicio (DoS) temporal. Esta vulnerabilidad se debe a un manejo ineficaz de los recursos de memoria durante el proceso de autenticaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando paquetes manipulados, lo que podr\u00eda provocar el agotamiento de los recursos del proceso de autenticaci\u00f3n. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante denegar la autenticaci\u00f3n de los usuarios de VPN SSL de acceso remoto durante varios minutos, lo que dar\u00eda lugar a una condici\u00f3n de denegaci\u00f3n de servicio (DoS) temporal." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20494.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20494.json index a7e6e0e2a1e..3258bc6c4e9 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20494.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20494.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20494", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:12.783", - "lastModified": "2024-10-23T18:15:12.783", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper data validation during the TLS 1.3 handshake. An attacker could exploit this vulnerability by sending a crafted TLS 1.3 packet to an affected system through a TLS 1.3-enabled listening socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\n\r Note: This vulnerability can also impact the integrity of a device by causing VPN HostScan communication failures or file transfer failures when Cisco ASA Software is upgraded using Cisco Adaptive Security Device Manager (ASDM)." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad de criptograf\u00eda TLS del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado haga que el dispositivo se recargue inesperadamente, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a una validaci\u00f3n de datos incorrecta durante el protocolo de enlace TLS 1.3. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un paquete TLS 1.3 manipulado a un sistema afectado a trav\u00e9s de un socket de escucha habilitado para TLS 1.3. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio. Nota: Esta vulnerabilidad tambi\u00e9n puede afectar la integridad de un dispositivo al provocar fallas de comunicaci\u00f3n de VPN HostScan o fallas de transferencia de archivos cuando se actualiza el software Cisco ASA mediante Cisco Adaptive Security Device Manager (ASDM)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20495.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20495.json index 69c33aa3b18..253b0c6d1cd 100644 --- a/CVE-2024/CVE-2024-204xx/CVE-2024-20495.json +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20495.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20495", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:13.007", - "lastModified": "2024-10-23T18:15:13.007", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n de VPN de acceso remoto del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado haga que el dispositivo se recargue inesperadamente, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los datos de la clave del cliente despu\u00e9s de que se establece la sesi\u00f3n TLS. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un valor de clave creado a un sistema afectado a trav\u00e9s de la sesi\u00f3n TLS segura. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20526.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20526.json index 7de82a2107b..f7404c2306c 100644 --- a/CVE-2024/CVE-2024-205xx/CVE-2024-20526.json +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20526.json @@ -2,13 +2,17 @@ "id": "CVE-2024-20526", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-10-23T18:15:13.303", - "lastModified": "2024-10-23T18:15:13.303", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device.\r\n\r This vulnerability is due to a logic error when an SSH session is established. An attacker could exploit this vulnerability by sending crafted SSH messages to an affected device. A successful exploit could allow the attacker to exhaust available SSH resources on the affected device so that new SSH connections to the device are denied, resulting in a DoS condition. Existing SSH connections to the device would continue to function normally. The device must be rebooted manually to recover. However, user traffic would not be impacted and could be managed using a remote application such as Cisco Adaptive Security Device Manager (ASDM)." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el servidor SSH del software Cisco Adaptive Security Appliance (ASA) podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) para el servidor SSH de un dispositivo afectado. Esta vulnerabilidad se debe a un error l\u00f3gico cuando se establece una sesi\u00f3n SSH. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando mensajes SSH manipulados a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante agote los recursos SSH disponibles en el dispositivo afectado para que se denieguen las nuevas conexiones SSH al dispositivo, lo que da como resultado una condici\u00f3n de DoS. Las conexiones SSH existentes al dispositivo continuar\u00edan funcionando normalmente. El dispositivo debe reiniciarse manualmente para recuperarse. Sin embargo, el tr\u00e1fico de usuarios no se ver\u00eda afectado y podr\u00eda administrarse mediante una aplicaci\u00f3n remota como Cisco Adaptive Security Device Manager (ASDM)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json index 530761785db..a97a2c7ed06 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30122", "sourceIdentifier": "psirt@hcl.com", "published": "2024-10-23T15:15:30.390", - "lastModified": "2024-10-23T15:15:30.390", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers." + }, + { + "lang": "es", + "value": "HCL Sametime se ve afectado por encabezados HTTP relacionados con la seguridad mal configurados. Se identific\u00f3 que faltaban algunos encabezados HTTP en las respuestas del servicio web. Esto provocar\u00e1 un tratamiento predeterminado menos seguro del navegador para las pol\u00edticas controladas por estos encabezados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30124.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30124.json index 3b81fa407ac..707bcd72a9c 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30124.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30124.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30124", "sourceIdentifier": "psirt@hcl.com", "published": "2024-10-23T16:15:05.667", - "lastModified": "2024-10-23T16:15:05.667", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:36.827", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously." + }, + { + "lang": "es", + "value": "HCL Sametime se ve afectado por servicios inseguros que se utilizan en el cliente UIM de forma predeterminada. Se habilit\u00f3 un servicio REST heredado sin usar de forma predeterminada mediante el protocolo HTTP. Un atacante podr\u00eda usar este endpoint de servicio de forma maliciosa." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37383.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37383.json index f518967b9df..15931d3a880 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37383.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37383.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37383", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-07T04:15:30.463", - "lastModified": "2024-10-25T01:00:01.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-25T13:56:29.010", + "vulnStatus": "Analyzed", "cveTags": [], "cisaExploitAdd": "2024-10-24", "cisaActionDue": "2024-11-14", @@ -21,6 +21,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -44,6 +64,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -55,22 +85,75 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.5.7", + "matchCriteriaId": "018530A6-4785-49CC-8868-90824E79CA82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.6.0", + "versionEndExcluding": "1.6.7", + "matchCriteriaId": "1964E474-BED1-4806-A9D0-848BC3D93C0E" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38314.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38314.json index 85b2d686234..c32a3e57582 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38314.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38314.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38314", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-10-24T18:15:07.957", - "lastModified": "2024-10-24T18:15:07.957", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment." + }, + { + "lang": "es", + "value": "IBM Maximo Application Suite - Monitor Component 8.10, 8.11 y 9.0 podr\u00eda revelar informaci\u00f3n en forma de clave criptogr\u00e1fica codificada a un atacante que haya comprometido el entorno." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40431.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40431.json index 5279ed9ed12..fac4705cca2 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40431.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40431.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40431", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-23T22:15:02.340", - "lastModified": "2024-10-24T18:35:07.010", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40432.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40432.json index a7b0b836d0b..5c0b805d9f9 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40432.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40432.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40432", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-23T22:15:02.520", - "lastModified": "2024-10-24T16:35:06.560", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-405xx/CVE-2024-40595.json b/CVE-2024/CVE-2024-405xx/CVE-2024-40595.json index e5b25f3d60b..89073253fd8 100644 --- a/CVE-2024/CVE-2024-405xx/CVE-2024-40595.json +++ b/CVE-2024/CVE-2024-405xx/CVE-2024-40595.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40595", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T06:15:11.703", - "lastModified": "2024-10-24T15:35:14.670", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40810.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40810.json index 72e9011eec6..394f2e08a22 100644 --- a/CVE-2024/CVE-2024-408xx/CVE-2024-40810.json +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40810.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40810", "sourceIdentifier": "product-security@apple.com", "published": "2024-10-24T17:15:16.263", - "lastModified": "2024-10-24T17:15:16.263", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de escritura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.6. Una aplicaci\u00f3n puede provocar un bloqueo del coprocesador." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41617.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41617.json index ece41f1b019..c76f6b65cff 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41617.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41617.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41617", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T22:15:03.687", - "lastModified": "2024-10-24T22:15:03.687", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution." + }, + { + "lang": "es", + "value": "Money Manager EX WebApp (web-money-manager-ex) 1.2.2 es vulnerable a un control de acceso incorrecto. La funci\u00f3n `redirect_if_not_loggedin` en `functions_security.php` no puede finalizar la ejecuci\u00f3n del script despu\u00e9s de redirigir a usuarios no autenticados. Esta falla permite que un atacante no autenticado cargue archivos arbitrarios, lo que puede provocar una ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41618.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41618.json index 5d90ac930ff..b036dcd4f06 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41618.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41618.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41618", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T22:15:03.787", - "lastModified": "2024-10-24T22:15:03.787", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the `TrDeleteArr` parameter, which is directly incorporated into an SQL query." + }, + { + "lang": "es", + "value": "Money Manager EX WebApp (web-money-manager-ex) 1.2.2 es vulnerable a la inyecci\u00f3n SQL en la funci\u00f3n `transaction_delete_group`. La vulnerabilidad se debe a una desinfecci\u00f3n incorrecta de la entrada del usuario en el par\u00e1metro `TrDeleteArr`, que se incorpora directamente a una consulta SQL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42420.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42420.json index 9e06e8e3cb4..90768d6fc19 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42420.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42420.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42420", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T07:15:03.233", - "lastModified": "2024-10-25T09:15:05.163", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages.\r\nCrafted HTTP requests may cause affected products crashed." + }, + { + "lang": "es", + "value": "Las impresoras multifunci\u00f3n Sharp y Toshiba Tec contienen m\u00faltiples vulnerabilidades de lectura fuera de los l\u00edmites, debido al procesamiento incorrecto de la entrada de b\u00fasqueda de palabras clave y al procesamiento incorrecto de los mensajes SOAP. Las solicitudes HTTP manipuladas pueden provocar el bloqueo de los productos afectados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43424.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43424.json index eb404da0044..8e0c8cab802 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43424.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43424.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43424", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T07:15:03.463", - "lastModified": "2024-10-25T09:15:05.340", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability.\r\nCrafted HTTP requests may cause affected products crashed." + }, + { + "lang": "es", + "value": "Las impresoras multifunci\u00f3n Sharp y Toshiba Tec procesan incorrectamente los encabezados de solicitud HTTP, lo que genera una vulnerabilidad de lectura fuera de los l\u00edmites. Las solicitudes HTTP manipuladas pueden provocar el bloqueo de los productos afectados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43848.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43848.json index 42f05475ca3..d41f9f36e7d 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43848.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43848.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43848", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:10.023", - "lastModified": "2024-08-19T12:59:59.177", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-25T13:57:51.800", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,75 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: mac80211: arreglar el trabajo de desmontaje de TTLM El trabajador calcula el puntero sdata incorrecto, por lo que si alguna vez se ejecuta, fallar\u00e1. Arregla eso." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.10", + "versionEndExcluding": "6.10.3", + "matchCriteriaId": "21DC7A88-E88C-4C44-9AFB-CBB30134097C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2fe0a605d083b884490ee4de02be071b5b4291b1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9750899410c8478ef043c42029f4f6144c096eac", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44098.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44098.json index 26d782ba477..4314aee2a1c 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44098.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44098.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44098", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.170", - "lastModified": "2024-10-25T11:15:16.170", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44099.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44099.json index c8f64e5b1c3..e645d2472ac 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44099.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44099.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44099", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.237", - "lastModified": "2024-10-25T11:15:16.237", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44100.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44100.json index a8d1b3e3e3c..dad4e8b5c88 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44100.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44100.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44100", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.293", - "lastModified": "2024-10-25T11:15:16.293", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44101.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44101.json index 17551ba1115..adc6138698a 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44101.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44101.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44101", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.343", - "lastModified": "2024-10-25T11:15:16.343", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44141.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44141.json index 492b5e8d8b9..56c76c7d44a 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44141.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44141.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44141", "sourceIdentifier": "product-security@apple.com", "published": "2024-10-24T17:15:16.390", - "lastModified": "2024-10-24T18:35:07.340", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14.6. Una persona con acceso f\u00edsico a una Mac desbloqueada puede obtener la ejecuci\u00f3n del c\u00f3digo ra\u00edz." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44185.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44185.json index fb10954efbd..14edc86fcf4 100644 --- a/CVE-2024/CVE-2024-441xx/CVE-2024-44185.json +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44185.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44185", "sourceIdentifier": "product-security@apple.com", "published": "2024-10-24T17:15:16.470", - "lastModified": "2024-10-24T17:15:16.470", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 y iPadOS 17.6, macOS Sonoma 14.6. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un bloqueo inesperado del proceso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44205.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44205.json index f04996d0505..3d9902d7ac0 100644 --- a/CVE-2024/CVE-2024-442xx/CVE-2024-44205.json +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44205.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44205", "sourceIdentifier": "product-security@apple.com", "published": "2024-10-24T17:15:16.543", - "lastModified": "2024-10-24T17:15:16.543", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad con una mejor redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 y iPadOS 16.7.9, iOS 17.6 y iPadOS 17.6, macOS Sonoma 14.6. Una aplicaci\u00f3n aislada puede tener acceso a datos confidenciales del usuario en los registros del sistema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-442xx/CVE-2024-44206.json b/CVE-2024/CVE-2024-442xx/CVE-2024-44206.json index c9b14175ae0..13067d78e99 100644 --- a/CVE-2024/CVE-2024-442xx/CVE-2024-44206.json +++ b/CVE-2024/CVE-2024-442xx/CVE-2024-44206.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44206", "sourceIdentifier": "product-security@apple.com", "published": "2024-10-24T17:15:16.620", - "lastModified": "2024-10-24T17:15:16.620", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema en el manejo de protocolos URL con una l\u00f3gica mejorada. Este problema se solucion\u00f3 en tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 y iPadOS 17.6, macOS Sonoma 14.6. Es posible que los usuarios puedan eludir algunas restricciones de contenido web." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-450xx/CVE-2024-45031.json b/CVE-2024/CVE-2024-450xx/CVE-2024-45031.json index d86d53e40a9..4ae887325f3 100644 --- a/CVE-2024/CVE-2024-450xx/CVE-2024-45031.json +++ b/CVE-2024/CVE-2024-450xx/CVE-2024-45031.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45031", "sourceIdentifier": "security@apache.org", "published": "2024-10-24T15:15:13.533", - "lastModified": "2024-10-24T15:15:13.533", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application.\nXSS payloads could also be injected in Syncope Enduser when editing \u201cPersonal Information\u201d or \u201cUser Requests\u201d: such payloads would trigger for administrators in Syncope Console, thus enabling session hijacking.\n\nUsers are recommended to upgrade to version 3.0.9, which fixes this issue." + }, + { + "lang": "es", + "value": "Al editar objetos en Syncope Console, se pod\u00edan usar etiquetas HTML incompletas para evitar la desinfecci\u00f3n de HTML. Esto hac\u00eda posible inyectar payloads XSS almacenados que se activaban para otros usuarios durante el uso normal de la aplicaci\u00f3n. Los payloads XSS tambi\u00e9n se pod\u00edan inyectar en Syncope Enduser al editar \u201cInformaci\u00f3n personal\u201d o \u201cSolicitudes de usuario\u201d: dichos payloads se activaban para los administradores en Syncope Console, lo que permit\u00eda el secuestro de sesiones. Se recomienda a los usuarios que actualicen a la versi\u00f3n 3.0.9, que soluciona este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45242.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45242.json index a565b8308cc..5006ad3573b 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45242.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45242.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45242", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T20:15:04.243", - "lastModified": "2024-10-24T20:15:04.243", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions." + }, + { + "lang": "es", + "value": "Los dispositivos EnGenius ENH1350EXT A8J-ENH1350EXT hasta 3.9.3.2_c1.9.51 permiten la inyecci\u00f3n (ciega) de comandos del SO a trav\u00e9s de metacaracteres de shell a la utilidad Ping o Speed Test. Durante el tiempo de configuraci\u00f3n inicial, el dispositivo crea una red abierta no segura cuyo panel de administraci\u00f3n est\u00e1 configurado con las credenciales predeterminadas de admin/admin. Un atacante no autorizado que se encuentre cerca de la red Wi-Fi puede aprovechar este lapso de tiempo para ejecutar comandos arbitrarios del SO con permisos de nivel ra\u00edz." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45259.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45259.json index f645d8aa48e..05fd0f07429 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45259.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45259.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45259", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T20:15:04.323", - "lastModified": "2024-10-24T20:15:04.323", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. Al interceptar una solicitud HTTP y cambiar la propiedad del nombre de archivo en la interfaz de descarga, se puede eliminar cualquier archivo del dispositivo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45260.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45260.json index 6a200a4fa62..a0c1ed9c65c 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45260.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45260.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45260", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T21:15:11.977", - "lastModified": "2024-10-24T21:15:11.977", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. Los usuarios que pertenecen a grupos no autorizados pueden invocar cualquier interfaz del dispositivo y, de esta manera, obtener control total sobre \u00e9l." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45261.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45261.json index 0f8ff9f13b0..bbaac2c986d 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45261.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45261.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45261", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T21:15:12.057", - "lastModified": "2024-10-24T21:15:12.057", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. El SID generado para un usuario espec\u00edfico no est\u00e1 vinculado a ese usuario en s\u00ed, lo que permite que otros usuarios lo utilicen potencialmente para la autenticaci\u00f3n. Una vez que un atacante elude los procedimientos de autenticaci\u00f3n de la aplicaci\u00f3n, puede generar un SID v\u00e1lido, escalar privilegios y obtener el control total." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45262.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45262.json index aa4a4a74061..71c34804e64 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45262.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45262.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45262", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T21:15:12.143", - "lastModified": "2024-10-24T21:15:12.143", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. El par\u00e1metro params en el m\u00e9todo de llamada del endpoint /rpc es vulnerable a la navegaci\u00f3n arbitraria de directorios, lo que permite a los atacantes ejecutar scripts en cualquier ruta." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45263.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45263.json index e3e2404296c..1e9f57cf9ca 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45263.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45263.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45263", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T21:15:12.217", - "lastModified": "2024-10-24T21:15:12.217", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet, incluidos MT6000, MT3000, MT2500, AXT1800 y AX1800 4.6.2. La interfaz de carga permite cargar archivos arbitrarios al dispositivo. Una vez que el dispositivo ejecuta los archivos, puede provocar una fuga de informaci\u00f3n, lo que permite un control total." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45785.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45785.json index 520c559d5e3..43b8fd3a419 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45785.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45785.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45785", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T08:15:02.883", - "lastModified": "2024-10-25T08:15:02.883", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved." + }, + { + "lang": "es", + "value": "La versi\u00f3n 3 de MUSASI contiene un problema con el uso de la autenticaci\u00f3n del lado del cliente. Si se explota esta vulnerabilidad, se podr\u00edan recuperar las credenciales y la informaci\u00f3n confidencial de otros usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45829.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45829.json index 19f4bc961a4..bf7d587072d 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45829.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45829.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45829", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T07:15:03.660", - "lastModified": "2024-10-25T09:15:05.863", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability.\r\nCrafted HTTP requests may cause affected products crashed." + }, + { + "lang": "es", + "value": "Las impresoras multifunci\u00f3n Sharp y Toshiba Tec proporcionan una p\u00e1gina web para descargar datos, donde los par\u00e1metros de consulta en las solicitudes HTTP se procesan incorrectamente y dan como resultado una vulnerabilidad de lectura fuera de los l\u00edmites. Las solicitudes HTTP manipuladas pueden provocar el bloqueo de los productos afectados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45842.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45842.json index 2908d4bb47d..312ec7f00b6 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45842.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45842.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45842", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T07:15:03.860", - "lastModified": "2024-10-25T09:15:06.080", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability.\r\nUnintended internal files may be retrieved when processing crafted HTTP requests." + }, + { + "lang": "es", + "value": "Las impresoras multifunci\u00f3n Sharp y Toshiba Tec procesan incorrectamente los datos URI en las solicitudes HTTP PUT, lo que genera una vulnerabilidad de path traversal. Es posible que se recuperen archivos internos no deseados al procesar solicitudes HTTP manipuladas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46478.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46478.json index d42f872b503..d1ec67a9d17 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46478.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46478.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46478", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-24T18:15:08.863", - "lastModified": "2024-10-24T18:15:08.863", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681." + }, + { + "lang": "es", + "value": "HTMLDOC v1.9.18 contiene un desbordamiento de b\u00fafer en la funci\u00f3n parse_pre, ps-pdf.cxx:5681." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46994.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46994.json index 55b32d6c712..9fd9880346a 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46994.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46994.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46994", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-24T19:15:13.843", - "lastModified": "2024-10-24T19:15:13.843", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue." + }, + { + "lang": "es", + "value": "baserCMS es un framework de desarrollo de sitios web. Las versiones anteriores a la 5.1.2 tienen una vulnerabilidad de cross-site scripting en las funciones de listas de contenidos y publicaciones de blog. La versi\u00f3n 5.1.2 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46995.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46995.json index 32412186af1..2b38b89ad2e 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46995.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46995.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46995", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-24T19:15:14.137", - "lastModified": "2024-10-24T19:15:14.137", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue." + }, + { + "lang": "es", + "value": "baserCMS es un framework de desarrollo de sitios web. Las versiones anteriores a la 5.1.2 tienen una vulnerabilidad de cross-site scripting en HTTP 400 Bad Request. La versi\u00f3n 5.1.2 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46996.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46996.json index b585014ec9c..4142c871814 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46996.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46996.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46996", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-24T19:15:14.383", - "lastModified": "2024-10-24T19:15:14.383", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue." + }, + { + "lang": "es", + "value": "baserCMS es un framework de desarrollo de sitios web. Las versiones anteriores a la 5.1.2 tienen una vulnerabilidad de cross-site scripting en la funci\u00f3n de publicaciones de blog. La versi\u00f3n 5.1.2 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46998.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46998.json index 716bad74e43..36305a7a377 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46998.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46998.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46998", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-24T19:15:14.600", - "lastModified": "2024-10-24T19:15:14.600", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue." + }, + { + "lang": "es", + "value": "baserCMS es un framework de desarrollo de sitios web. Las versiones anteriores a la 5.1.2 tienen una vulnerabilidad de cross-site scripting en la funci\u00f3n Editar configuraci\u00f3n del formulario de correo electr\u00f3nico. La versi\u00f3n 5.1.2 soluciona el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47005.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47005.json index 6fdaaf3bdab..05a78cf80be 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47005.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47005.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47005", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T07:15:04.063", - "lastModified": "2024-10-25T09:15:06.277", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted.\r\nA non-administrative user may execute some configuration APIs." + }, + { + "lang": "es", + "value": "Las impresoras multifunci\u00f3n Sharp y Toshiba Tec ofrecen API relacionadas con la configuraci\u00f3n. Se espera que solo los usuarios administrativos puedan llamarlas, pero no est\u00e1n lo suficientemente restringidas. Un usuario no administrativo puede ejecutar algunas API de configuraci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47012.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47012.json index d5b86f0fe48..bc36e2ef099 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47012.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47012.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47012", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.403", - "lastModified": "2024-10-25T11:15:16.403", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47013.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47013.json index 23091f50f1e..5896e82f8a6 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47013.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47013.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47013", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.460", - "lastModified": "2024-10-25T11:15:16.460", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47014.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47014.json index fd3597eda97..170699b22c3 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47014.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47014.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47014", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.513", - "lastModified": "2024-10-25T11:15:16.513", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47015.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47015.json index 6e0509f696e..f84a338afc7 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47015.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47015.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47015", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.570", - "lastModified": "2024-10-25T11:15:16.570", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47016.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47016.json index 422718ce4da..2ac4d20b3ea 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47016.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47016.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47016", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.617", - "lastModified": "2024-10-25T11:15:16.617", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47017.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47017.json index e1d3e095d2c..d96484c6cc1 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47017.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47017.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47017", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.680", - "lastModified": "2024-10-25T11:15:16.680", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47018.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47018.json index 31a02b43fba..0c8a4a4f31e 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47018.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47018.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47018", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.737", - "lastModified": "2024-10-25T11:15:16.737", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47019.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47019.json index ec2d0d1fbe8..9ca3286c0eb 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47019.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47019.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47019", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.790", - "lastModified": "2024-10-25T11:15:16.790", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47020.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47020.json index 04335994cb8..6625bab53d5 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47020.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47020.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47020", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.843", - "lastModified": "2024-10-25T11:15:16.843", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47021.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47021.json index 9e299e5aadc..5d19c44ca17 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47021.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47021.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47021", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.900", - "lastModified": "2024-10-25T11:15:16.900", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47022.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47022.json index f070e96c359..76ac49904e3 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47022.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47022.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47022", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:16.950", - "lastModified": "2024-10-25T11:15:16.950", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47023.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47023.json index ef8a0c963f2..edb0ca7af3b 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47023.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47023.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47023", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.003", - "lastModified": "2024-10-25T11:15:17.003", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47024.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47024.json index 29ec1a35144..2a957708592 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47024.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47024.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47024", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.063", - "lastModified": "2024-10-25T11:15:17.063", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47025.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47025.json index 7ab945337d5..a0741d63241 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47025.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47025.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47025", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.113", - "lastModified": "2024-10-25T11:15:17.113", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47026.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47026.json index aafe447203a..934f3a1ffee 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47026.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47026.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47026", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.167", - "lastModified": "2024-10-25T11:15:17.167", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47027.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47027.json index e0539f7999c..aae69f61d3f 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47027.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47027.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47027", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.220", - "lastModified": "2024-10-25T11:15:17.220", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47028.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47028.json index 51e97a3d5a7..38de5439c86 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47028.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47028.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47028", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.280", - "lastModified": "2024-10-25T11:15:17.280", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47029.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47029.json index 458389defdc..1ba078fb4f5 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47029.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47029.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47029", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.340", - "lastModified": "2024-10-25T11:15:17.340", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47030.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47030.json index 2f9a3156f84..1e5d0d589ec 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47030.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47030.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47030", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.390", - "lastModified": "2024-10-25T11:15:17.390", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47031.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47031.json index 801b5544170..38c33a76dbb 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47031.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47031.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47031", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.447", - "lastModified": "2024-10-25T11:15:17.447", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47033.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47033.json index 19618d1c453..f065adfb1be 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47033.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47033.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47033", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.500", - "lastModified": "2024-10-25T11:15:17.500", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47034.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47034.json index 0f99dc03f88..ee998769e21 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47034.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47034.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47034", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.557", - "lastModified": "2024-10-25T11:15:17.557", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47035.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47035.json index 44317d71fa0..d1fcda55fe6 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47035.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47035.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47035", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.610", - "lastModified": "2024-10-25T11:15:17.610", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47041.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47041.json index 2e442478402..288c2704b88 100644 --- a/CVE-2024/CVE-2024-470xx/CVE-2024-47041.json +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47041.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47041", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-10-25T11:15:17.667", - "lastModified": "2024-10-25T11:15:17.667", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47158.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47158.json index 00e00416867..ebe96adc011 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47158.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47158.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47158", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T08:15:03.080", - "lastModified": "2024-10-25T08:15:03.080", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website." + }, + { + "lang": "es", + "value": "N-LINE 2.0.6 y las versiones anteriores contienen una vulnerabilidad de inyecci\u00f3n de c\u00f3digo. Si se aprovecha esta vulnerabilidad, se puede ejecutar c\u00f3digo arbitrario en el navegador del instructor o se puede dirigir al instructor a un sitio web malicioso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47173.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47173.json index 9dbbe2804fe..15e18ddb53b 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47173.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47173.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47173", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-24T19:15:14.817", - "lastModified": "2024-10-24T19:15:14.817", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue." + }, + { + "lang": "es", + "value": "Aimeos es un framework de comercio electr\u00f3nico. Todas las configuraciones de SaaS y de mercado que utilizan la interfaz de administraci\u00f3n de la API GraphQL de Aimeos, desde la versi\u00f3n 2024.04 hasta la 2024.07.1, se ven afectadas por un posible ataque de denegaci\u00f3n de servicio. La versi\u00f3n 2024.07.2 soluciona el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47406.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47406.json index 2d850c84d9a..237b54c5509 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47406.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47406.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47406", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T07:15:04.257", - "lastModified": "2024-10-25T09:15:06.427", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability." + }, + { + "lang": "es", + "value": "Las impresoras multifunci\u00f3n Sharp y Toshiba Tec procesan incorrectamente las solicitudes de autenticaci\u00f3n HTTP, lo que genera una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47481.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47481.json index 7a8d58d7667..e0c9f05af9f 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47481.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47481.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47481", "sourceIdentifier": "security_alert@emc.com", "published": "2024-10-25T11:15:17.717", - "lastModified": "2024-10-25T11:15:17.717", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47483.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47483.json index c6a4dafef57..1ebc7f95d09 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47483.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47483.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47483", "sourceIdentifier": "security_alert@emc.com", "published": "2024-10-25T11:15:17.930", - "lastModified": "2024-10-25T11:15:17.930", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47549.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47549.json index 8029ba4a5d1..62c949afaa3 100644 --- a/CVE-2024/CVE-2024-475xx/CVE-2024-47549.json +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47549.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47549", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T07:15:04.460", - "lastModified": "2024-10-25T09:15:06.680", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers.\r\nAccessing a crafted URL which points to an affected product may cause malicious script executed on the web browser." + }, + { + "lang": "es", + "value": "Los equipos multifunci\u00f3n Sharp y Toshiba Tec procesan incorrectamente los par\u00e1metros de consulta en las solicitudes HTTP, lo que puede permitir la contaminaci\u00f3n de datos no deseados en los encabezados de respuesta HTTP. Acceder a una URL manipulada que apunta a un producto afectado puede provocar la ejecuci\u00f3n de un script malicioso en el navegador web." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47801.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47801.json index bbc33f6dcf2..e2e535d96d1 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47801.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47801.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47801", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T07:15:04.657", - "lastModified": "2024-10-25T09:15:06.780", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability.\r\nAccessing a crafted URL which points to an affected product may cause malicious script executed on the web browser." + }, + { + "lang": "es", + "value": "Los equipos multifunci\u00f3n Sharp y Toshiba Tec procesan incorrectamente los par\u00e1metros de consulta en las solicitudes HTTP, lo que genera una vulnerabilidad de cross-site scripting reflejado. Acceder a una URL manipulada que apunta a un producto afectado puede provocar la ejecuci\u00f3n de una secuencia de comandos maliciosa en el navegador web." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47878.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47878.json index b6d7b3adc09..a0512a04f1b 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47878.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47878.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47878", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-24T21:15:12.293", - "lastModified": "2024-10-24T21:15:12.293", - "vulnStatus": "Received", + "lastModified": "2024-10-25T12:56:07.750", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `