admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-01T16:00:17.392129+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-01 16:03:14 +00:00
parent 18d9db605c
commit a459c96920
99 changed files with 4348 additions and 1398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
CVE-2013/CVE-2013-36xx/CVE-2013-3632.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2013-3632",
"sourceIdentifier": "cret@cert.org",
"published": "2014-09-29T22:55:08.847",
"lastModified": "2014-09-30T18:39:53.397",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:35:00.653",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",

24
CVE-2023/CVE-2023-240xx/CVE-2023-24023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24023",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T07:15:41.340",
"lastModified": "2024-04-01T15:46:04.410",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:35:02.220",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},

34
CVE-2023/CVE-2023-429xx/CVE-2023-42913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42913",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-28T16:15:08.023",
"lastModified": "2024-04-08T22:46:44.747",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T15:35:03.843",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [

43
CVE-2023/CVE-2023-525xx/CVE-2023-52537.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52537",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T09:15:08.403",
"lastModified": "2024-04-08T18:48:40.217",
"lastModified": "2024-08-01T14:35:02.953",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,46 @@
"value": "Vulnerabilidad de omitir la verificaci\u00f3n del nombre del paquete en el m\u00f3dulo HwIms. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad afectar\u00e1 la disponibilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-280"
},
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/3/",

27
CVE-2023/CVE-2023-525xx/CVE-2023-52549.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52549",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T09:15:08.970",
"lastModified": "2024-04-08T18:48:40.217",
"lastModified": "2024-08-01T14:35:03.770",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Vulnerabilidad de errores de verificaci\u00f3n de datos en el m\u00f3dulo del kernel. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@huawei.com",

39
CVE-2023/CVE-2023-527xx/CVE-2023-52755.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52755",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:15.037",
"lastModified": "2024-05-21T16:53:56.550",
"lastModified": "2024-08-01T14:35:03.980",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: corrige la escritura fuera de los l\u00edmites de slab en smb_inherit_dacl(). La escritura fuera de los l\u00edmites de slab se debe a que las compensaciones son mayores que el tama\u00f1o de asignaci\u00f3n de pntsd. Este parche agrega la verificaci\u00f3n para validar 3 compensaciones usando el tama\u00f1o de asignaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/09d9d8b40a3338193619c14ed4dc040f4f119e70",

27
CVE-2024/CVE-2024-17xx/CVE-2024-1747.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1747",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-01T06:15:01.980",
"lastModified": "2024-08-01T12:42:36.933",
"lastModified": "2024-08-01T15:35:05.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress WooCommerce Customers Manager anterior a 30.2 no tiene autorizaci\u00f3n ni CSRF en varias acciones AJAX, lo que permite a cualquier usuario autenticado, como un suscriptor, llamarlos y actualizar/eliminar/crear metadatos del cliente, lo que tambi\u00e9n genera Cross Site Scripting almacenado debido a la falta de escape de dichos valores de metadatos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/17e45d4d-0ee1-4863-a8a4-df8587f448ec/",

39
CVE-2024/CVE-2024-200xx/CVE-2024-20039.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20039",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-04-01T03:15:07.780",
"lastModified": "2024-04-01T12:49:09.583",
"lastModified": "2024-08-01T15:35:05.340",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el protocolo de m\u00f3dem, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01240012; ID del problema: MSV-1215."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/April-2024",

39
CVE-2024/CVE-2024-244xx/CVE-2024-24407.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24407",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T23:15:46.283",
"lastModified": "2024-03-29T12:45:02.937",
"lastModified": "2024-08-01T15:35:06.210",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el sistema de gesti\u00f3n Best Courier v.1.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del componente print_pdets.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/modian-un/CVE/blob/main/Barangay%20Population%20Monitoring%20System.md",

4
CVE-2024/CVE-2024-24xx/CVE-2024-2455.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2455",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-01T13:15:10.493",
"lastModified": "2024-08-01T13:15:10.493",
"vulnStatus": "Received",
"lastModified": "2024-08-01T14:04:01.833",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

39
CVE-2024/CVE-2024-265xx/CVE-2024-26520.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26520",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-26T17:15:11.507",
"lastModified": "2024-07-29T14:12:08.783",
"lastModified": "2024-08-01T15:35:07.080",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Un problema en Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 permite a un atacante omitir la autenticaci\u00f3n y realizar restablecimientos de contrase\u00f1a arbitrarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-620"
}
]
}
],
"references": [
{
"url": "https://idssgmcc.github.io/aran.github.io/2.html",

39
CVE-2024/CVE-2024-278xx/CVE-2024-27862.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27862",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.363",
"lastModified": "2024-07-30T13:32:45.943",
"lastModified": "2024-08-01T14:35:05.210",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Se abord\u00f3 una cuesti\u00f3n de l\u00f3gica con una mejor gesti\u00f3n estatal. Este problema se solucion\u00f3 en macOS Sonoma 14.6. Habilitar el modo de bloqueo mientras configura una Mac puede hacer que FileVault se desactive inesperadamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18",

12
CVE-2024/CVE-2024-278xx/CVE-2024-27878.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27878",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.747",
"lastModified": "2024-08-01T13:48:52.587",
"lastModified": "2024-08-01T14:35:06.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -22,19 +22,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]

27
CVE-2024/CVE-2024-278xx/CVE-2024-27897.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27897",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T10:15:08.713",
"lastModified": "2024-04-08T18:48:40.217",
"lastModified": "2024-08-01T14:35:06.260",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Vulnerabilidad de verificaci\u00f3n de entrada en el m\u00f3dulo de llamada. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@huawei.com",

39
CVE-2024/CVE-2024-282xx/CVE-2024-28270.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28270",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T19:15:07.417",
"lastModified": "2024-04-09T12:48:04.090",
"lastModified": "2024-08-01T14:35:06.503",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema descubierto en web-flash v3.0 permite a los atacantes restablecer contrase\u00f1as para usuarios arbitrarios mediante una solicitud POST manipulada /prod-api/user/resetPassword."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-261"
}
]
}
],
"references": [
{
"url": "https://github.com/bcvgh/web-flash-Broken-Access-Control-vulnerability/",

43
CVE-2024/CVE-2024-285xx/CVE-2024-28520.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28520",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-04T06:15:09.460",
"lastModified": "2024-04-04T12:48:41.700",
"lastModified": "2024-08-01T14:35:07.467",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,46 @@
"value": "Vulnerabilidad de carga de archivos en Byzoro Networks Smart S210 multi-service security gateway intelligent management platform versi\u00f3n S210, permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s del componente uploadfile.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
},
{
"lang": "en",
"value": "CWE-616"
}
]
}
],
"references": [
{
"url": "https://github.com/aknbg1thub/cve/blob/main/upload.md",

39
CVE-2024/CVE-2024-296xx/CVE-2024-29686.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29686",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T16:15:08.047",
"lastModified": "2024-05-17T02:37:53.310",
"lastModified": "2024-08-01T15:35:08.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,42 @@
"value": "Vulnerabilidad de Server-side Template Injection (SSTI) en Winter CMS v.1.2.3 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el campo P\u00e1ginas del CMS y los componentes del complemento. NOTA: el proveedor cuestiona esto porque el payload solo puede ser ingresada por un usuario confiable, como el propietario del servidor que aloja Winter CMS, o un desarrollador que trabaja para ellos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-97"
}
]
}
],
"references": [
{
"url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779",

56
CVE-2024/CVE-2024-299xx/CVE-2024-29977.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-29977",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:11.290",
"lastModified": "2024-08-01T15:15:11.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate\u00a0synced reactions, when shared channels are enabled,\u00a0which allows a malicious remote to create arbitrary reactions on arbitrary posts"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

39
CVE-2024/CVE-2024-301xx/CVE-2024-30166.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30166",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T03:15:10.510",
"lastModified": "2024-04-03T12:38:04.840",
"lastModified": "2024-08-01T15:35:09.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En Mbed TLS 3.3.0 hasta 3.5.2 anterior a 3.6.0, un cliente malintencionado puede provocar la divulgaci\u00f3n de informaci\u00f3n o una denegaci\u00f3n de servicio debido a una sobrelectura del b\u00fafer de pila (de menos de 256 bytes) en un servidor TLS 1.3 a trav\u00e9s de un TLS. 3.1 ClientHello."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0",

39
CVE-2024/CVE-2024-305xx/CVE-2024-30588.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30588",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T14:15:15.233",
"lastModified": "2024-03-28T16:07:30.893",
"lastModified": "2024-08-01T15:35:10.357",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1202 v1.2.0.14(408) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro schedStartTime de la funci\u00f3n setSchedWifi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_start.md",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30612.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30612",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T15:15:46.907",
"lastModified": "2024-03-28T16:07:30.893",
"lastModified": "2024-08-01T15:35:11.227",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda AC10U v15.03.06.48 tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro deviceId, limitSpeed, limitSpeedUp de la funci\u00f3n formSetClientState."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30613.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30613",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T13:15:15.820",
"lastModified": "2024-03-29T13:28:22.880",
"lastModified": "2024-08-01T15:35:12.083",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda AC15 v15.03.05.18 tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro de tiempo de la funci\u00f3n setSmartPowerManagement."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/setSmartPowerManagement.md",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30631.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30631",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T13:15:16.313",
"lastModified": "2024-03-29T13:28:22.880",
"lastModified": "2024-08-01T15:35:12.897",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1205 v2.0.0.7(775) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro schedStartTime de la funci\u00f3n setSchedWifi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_start.md",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30638.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30638",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T14:15:14.780",
"lastModified": "2024-04-01T01:12:59.077",
"lastModified": "2024-08-01T15:35:13.663",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda F1202 v1.2.0.20(408) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro de entradas en la funci\u00f3n fromAddressNat."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_entrys.md",

39
CVE-2024/CVE-2024-308xx/CVE-2024-30866.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30866",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-01T15:16:00.997",
"lastModified": "2024-04-01T15:53:18.060",
"lastModified": "2024-08-01T14:35:08.350",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "netentsec NS-ASG 6.3 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de /3g/menu.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-menu.md",

39
CVE-2024/CVE-2024-309xx/CVE-2024-30998.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30998",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T06:15:07.650",
"lastModified": "2024-04-03T12:38:04.840",
"lastModified": "2024-08-01T14:35:09.133",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PHPGurukul Men Salon Management System v.2.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro de correo electr\u00f3nico en el componente index.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/efekaanakkar/CVEs/blob/main/PHPGurukul-Men-Salon-Management-System-2.0.md",

18
CVE-2024/CVE-2024-32xx/CVE-2024-3219.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3219",
"sourceIdentifier": "cna@python.org",
"published": "2024-07-29T22:15:04.970",
"lastModified": "2024-07-30T13:32:45.943",
"lastModified": "2024-08-01T14:15:03.360",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -33,6 +33,14 @@
"url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c",
"source": "cna@python.org"
},
{
"url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508",
"source": "cna@python.org"
},
{
"url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39",
"source": "cna@python.org"
},
{
"url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929",
"source": "cna@python.org"
@ -41,6 +49,14 @@
"url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54",
"source": "cna@python.org"
},
{
"url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c",
"source": "cna@python.org"
},
{
"url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660",
"source": "cna@python.org"
},
{
"url": "https://github.com/python/cpython/issues/122133",
"source": "cna@python.org"

27
CVE-2024/CVE-2024-340xx/CVE-2024-34009.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34009",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.833",
"lastModified": "2024-06-03T14:46:24.250",
"lastModified": "2024-08-01T15:35:14.680",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Las comprobaciones insuficientes de si ReCAPTCHA estaba habilitado hicieron posible eludir las comprobaciones en la p\u00e1gina de inicio de sesi\u00f3n. Esto no afect\u00f3 a otras p\u00e1ginas donde se utiliza ReCAPTCHA."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",

39
CVE-2024/CVE-2024-340xx/CVE-2024-34021.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34021",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-08-01T02:15:01.873",
"lastModified": "2024-08-01T12:42:36.933",
"lastModified": "2024-08-01T14:35:09.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los enrutadores LAN inal\u00e1mbricos ELECOM. Un usuario que haya iniciado sesi\u00f3n con privilegios administrativos puede cargar un archivo especialmente manipulado en el producto afectado, lo que resultar\u00e1 en la ejecuci\u00f3n arbitraria de un comando del sistema operativo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN06672778/",

14
CVE-2024/CVE-2024-358xx/CVE-2024-35853.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35853",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:22.220",
"lastModified": "2024-07-03T02:02:18.807",
"lastModified": "2024-08-01T14:35:10.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,18 +39,6 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf",

56
CVE-2024/CVE-2024-364xx/CVE-2024-36492.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-36492",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:11.810",
"lastModified": "2024-08-01T15:15:11.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

2
CVE-2024/CVE-2024-381xx/CVE-2024-38182.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38182",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-31T23:15:13.560",
"lastModified": "2024-08-01T12:42:36.933",
"lastModified": "2024-08-01T15:15:12.040",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{

56
CVE-2024/CVE-2024-392xx/CVE-2024-39274.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-39274",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:12.150",
"lastModified": "2024-08-01T15:15:12.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that\u00a0the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

39
CVE-2024/CVE-2024-396xx/CVE-2024-39607.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39607",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-08-01T02:15:01.950",
"lastModified": "2024-08-01T12:42:36.933",
"lastModified": "2024-08-01T15:35:17.240",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en los enrutadores LAN inal\u00e1mbricos ELECOM. Un usuario que haya iniciado sesi\u00f3n y tenga privilegios administrativos puede enviar una solicitud especialmente manipulada al producto afectado para ejecutar un comando arbitrario del sistema operativo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN06672778/",

56
CVE-2024/CVE-2024-397xx/CVE-2024-39777.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-39777",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:12.370",
"lastModified": "2024-08-01T15:15:12.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow\u00a0unsolicited invites to expose access to local channels, when shared channels are enabled,\u00a0which allows a malicious\u00a0remote to send an invite with the ID of an existing local channel, and that local channel will then become shared without the consent of the local admin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

56
CVE-2024/CVE-2024-398xx/CVE-2024-39832.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-39832",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:12.587",
"lastModified": "2024-08-01T15:15:12.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

56
CVE-2024/CVE-2024-398xx/CVE-2024-39837.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-39837",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:12.790",
"lastModified": "2024-08-01T15:15:12.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation\u00a0which allows\u00a0a malicious remote to create arbitrary channels,\u00a0when shared channels were enabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

56
CVE-2024/CVE-2024-398xx/CVE-2024-39839.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-39839",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:12.993",
"lastModified": "2024-08-01T15:15:12.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow\u00a0users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the local server as long as the user hadn't been synced before."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

27
CVE-2024/CVE-2024-39xx/CVE-2024-3983.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3983",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-01T06:15:02.517",
"lastModified": "2024-08-01T12:42:36.933",
"lastModified": "2024-08-01T14:35:11.540",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress WooCommerce Customers Manager anterior a la versi\u00f3n 30.1 no tiene comprobaciones CSRF en algunas acciones masivas, lo que podr\u00eda permitir a los atacantes hacer que los administradores que han iniciado sesi\u00f3n realicen acciones no deseadas, como eliminar clientes mediante ataques CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/e4059d66-07b9-4f1a-a461-d6e8f0e98eec/",

27
CVE-2024/CVE-2024-40xx/CVE-2024-4090.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-4090",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-01T06:15:02.587",
"lastModified": "2024-08-01T12:42:36.933",
"lastModified": "2024-08-01T14:35:12.593",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any de WordPress anterior a 2.7.2 no sanitiza ni escapan a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross Site Scripting. incluso cuando unfiltered_html no est\u00e1 permitido"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/aedcb986-0f2b-4852-baf1-6cb61e83e109/",

68
CVE-2024/CVE-2024-411xx/CVE-2024-41123.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-41123",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T15:15:13.213",
"lastModified": "2024-08-01T15:15:13.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh",
"source": "security-advisories@github.com"
},
{
"url": "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-411xx/CVE-2024-41144.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41144",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:13.427",
"lastModified": "2024-08-01T15:15:13.427",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate\u00a0synced posts, when shared channels are enabled,\u00a0\u00a0which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

56
CVE-2024/CVE-2024-411xx/CVE-2024-41162.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41162",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:13.627",
"lastModified": "2024-08-01T15:15:13.627",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow\u00a0the modification of local channels by a remote, when shared channels are enabled, which allows\u00a0a malicious remote to make an arbitrary local channel read-only."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

39
CVE-2024/CVE-2024-412xx/CVE-2024-41255.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41255",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-31T21:15:18.030",
"lastModified": "2024-08-01T12:42:36.933",
"lastModified": "2024-08-01T15:35:18.570",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " filestash v0.4 est\u00e1 configurado para omitir la verificaci\u00f3n del certificado TLS cuando se usa el protocolo FTPS, lo que posiblemente permita a los atacantes ejecutar un ataque de man-in-the-middle a trav\u00e9s de la funci\u00f3n Init de index.go."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-453"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/nyxfqq/c367f2ca9448810924dcf0f1af30b441",

56
CVE-2024/CVE-2024-419xx/CVE-2024-41926.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41926",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-01T15:15:13.900",
"lastModified": "2024-08-01T15:15:13.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs,\u00a0which allows a malicious remote to\u00a0set arbitrary RemoteId values for synced users and therefore\u00a0claim that a user was synced from another remote."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

68
CVE-2024/CVE-2024-419xx/CVE-2024-41946.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-41946",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T15:15:14.100",
"lastModified": "2024-08-01T15:15:14.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4",
"source": "security-advisories@github.com"
},
{
"url": "https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml",
"source": "security-advisories@github.com"
},
{
"url": "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-419xx/CVE-2024-41961.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-41961",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T15:15:14.310",
"lastModified": "2024-08-01T15:15:14.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q",
"source": "security-advisories@github.com"
}
]
}

27
CVE-2024/CVE-2024-59xx/CVE-2024-5975.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-5975",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-30T06:15:03.277",
"lastModified": "2024-07-30T13:32:45.943",
"lastModified": "2024-08-01T14:00:06.617",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress CZ Loan Management hasta la versi\u00f3n 1.1 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL a trav\u00e9s de una acci\u00f3n AJAX disponible para usuarios no autenticados, lo que lleva a una inyecci\u00f3n de SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf/",

27
CVE-2024/CVE-2024-60xx/CVE-2024-6021.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6021",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-30T06:15:03.387",
"lastModified": "2024-07-30T13:32:45.943",
"lastModified": "2024-08-01T14:00:08.097",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento Donation Block For PayPal WordPress hasta la versi\u00f3n 2.1.0 no sanitiza ni escapa a los env\u00edos de formularios, lo que genera una vulnerabilidad de Cross Site Scripting almacenado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/9d83cffd-7dcd-4301-8d4d-3043b14e05b5/",

27
CVE-2024/CVE-2024-60xx/CVE-2024-6022.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6022",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-12T06:15:04.893",
"lastModified": "2024-07-12T12:49:07.030",
"lastModified": "2024-08-01T14:00:08.327",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento ContentLock para WordPress hasta la versi\u00f3n 1.0.3 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/871a93b5-ec67-4fe0-bc39-e5485477fbeb/",

27
CVE-2024/CVE-2024-60xx/CVE-2024-6023.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6023",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-12T06:15:05.130",
"lastModified": "2024-07-12T12:49:07.030",
"lastModified": "2024-08-01T14:00:08.660",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento ContentLock para WordPress hasta la versi\u00f3n 1.0.3 no tiene activada la verificaci\u00f3n CSRF al agregar correos electr\u00f3nicos, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n realice dicha acci\u00f3n a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/6e812189-2980-453d-931d-1f785e8dbcc0/",

27
CVE-2024/CVE-2024-60xx/CVE-2024-6070.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6070",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-13T06:15:05.520",
"lastModified": "2024-07-15T13:00:34.853",
"lastModified": "2024-08-01T14:00:09.647",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento If-So Dynamic Content Personalization de WordPress anterior a 1.8.0.4 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo en configuraci\u00f3n multisitio)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/97bab6cf-011c-4df4-976c-1f3252082f8f/",

24
CVE-2024/CVE-2024-60xx/CVE-2024-6072.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6072",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.007",
"lastModified": "2024-07-17T13:33:13.640",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:00:09.867",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

24
CVE-2024/CVE-2024-60xx/CVE-2024-6073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6073",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.090",
"lastModified": "2024-07-17T13:33:19.797",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:00:10.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},

24
CVE-2024/CVE-2024-60xx/CVE-2024-6074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6074",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.170",
"lastModified": "2024-07-17T13:33:26.323",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:00:10.323",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

24
CVE-2024/CVE-2024-60xx/CVE-2024-6075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6075",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.260",
"lastModified": "2024-07-17T13:33:35.213",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:00:10.553",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

24
CVE-2024/CVE-2024-60xx/CVE-2024-6076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6076",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-15T06:15:02.340",
"lastModified": "2024-07-17T13:33:42.003",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:00:10.780",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

24
CVE-2024/CVE-2024-60xx/CVE-2024-6094.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6094",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-24T06:15:01.903",
"lastModified": "2024-07-29T20:20:51.257",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:00:11.220",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},

14
CVE-2024/CVE-2024-61xx/CVE-2024-6151.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6151",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-07-10T21:15:11.013",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-08-01T14:00:12.180",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -61,6 +61,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX678035",

27
CVE-2024/CVE-2024-61xx/CVE-2024-6164.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6164",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-18T06:15:02.233",
"lastModified": "2024-07-18T12:28:43.707",
"lastModified": "2024-08-01T14:00:13.243",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Filter &amp; Grids de WordPress anterior a 2.8.33 es vulnerable a la inclusi\u00f3n de archivos locales a trav\u00e9s del par\u00e1metro post_layout. Esto hace posible que un atacante no autenticado incluya y ejecute archivos PHP en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/",

27
CVE-2024/CVE-2024-61xx/CVE-2024-6165.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6165",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-31T06:15:03.373",
"lastModified": "2024-07-31T12:57:02.300",
"lastModified": "2024-08-01T14:00:13.553",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento WANotifier de WordPress anterior a 2.6.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/b9e6648a-9d19-4e73-ad6c-f727802d8dd5/",

27
CVE-2024/CVE-2024-61xx/CVE-2024-6197.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6197",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"published": "2024-07-24T08:15:03.340",
"lastModified": "2024-07-24T21:15:12.600",
"lastModified": "2024-08-01T14:00:14.760",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El analizador ASN1 de libcurl tiene esta funci\u00f3n utf8asn1str() utilizada para analizar una cadena ASN.1 UTF-8. Puede detectar un campo no v\u00e1lido y devolver un error. Desafortunadamente, al hacerlo tambi\u00e9n invoca `free()` en un b\u00fafer localstack de 4 bytes. La mayor\u00eda de las implementaciones modernas de malloc detectan este error y lo abortan inmediatamente. Sin embargo, algunos aceptan el puntero de entrada y agregan esa memoria a su lista de fragmentos disponibles. Esto lleva a la sobrescritura de la memoria de stack. El contenido de la sobrescritura lo decide la implementaci\u00f3n `free()`; Es probable que sean punteros de memoria y un conjunto de banderas. El resultado m\u00e1s probable de explotar este defecto es un colapso, aunque no se puede descartar que se puedan obtener resultados m\u00e1s graves en circunstancias especiales."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/24/1",

24
CVE-2024/CVE-2024-62xx/CVE-2024-6205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6205",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-19T06:15:03.817",
"lastModified": "2024-07-19T20:23:18.960",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:00:15.120",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},

27
CVE-2024/CVE-2024-62xx/CVE-2024-6223.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6223",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-30T06:15:03.517",
"lastModified": "2024-07-30T13:32:45.943",
"lastModified": "2024-08-01T14:00:15.830",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress Send email only on Reply to My Comment hasta la versi\u00f3n 1.0.6 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross Site Scripting reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/cf7d1cea-0bf4-4b9e-bab4-71d5719a7c30/",

27
CVE-2024/CVE-2024-62xx/CVE-2024-6224.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6224",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-30T06:15:03.623",
"lastModified": "2024-07-30T13:32:45.943",
"lastModified": "2024-08-01T14:00:16.047",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento de WordPress Send email only on Reply to My Comment hasta la versi\u00f3n 1.0.6 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador conectado agregue payloads de XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/54457f1b-6572-4de0-9100-3433c715c5ce/",

27
CVE-2024/CVE-2024-62xx/CVE-2024-6226.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6226",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-30T06:15:03.720",
"lastModified": "2024-07-30T13:32:45.943",
"lastModified": "2024-08-01T14:00:16.260",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress WpStickyBar hasta la versi\u00f3n 2.1.0 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross Site Scripting reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/e42ce8dc-51d4-471d-b3bb-ad2a6b735d02/",

27
CVE-2024/CVE-2024-62xx/CVE-2024-6231.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6231",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-23T06:15:11.330",
"lastModified": "2024-07-24T12:55:13.223",
"lastModified": "2024-08-01T14:00:16.470",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress Request a Quote anterior a 2.4.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en la configuraci\u00f3n de m\u00faltiples sitios)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/75ad1d8f-edc3-4eb3-b4c0-73832c0a4ca0/",

14
CVE-2024/CVE-2024-62xx/CVE-2024-6236.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6236",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-07-10T21:15:11.120",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-08-01T14:00:16.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -61,6 +61,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX677998",

24
CVE-2024/CVE-2024-62xx/CVE-2024-6243.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6243",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-22T06:15:02.663",
"lastModified": "2024-07-25T15:17:26.980",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:00:17.580",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},

24
CVE-2024/CVE-2024-62xx/CVE-2024-6271.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6271",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-22T06:15:02.810",
"lastModified": "2024-07-25T15:14:33.857",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-01T14:00:18.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},

27
CVE-2024/CVE-2024-62xx/CVE-2024-6272.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6272",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-31T06:15:03.637",
"lastModified": "2024-07-31T12:57:02.300",
"lastModified": "2024-08-01T15:35:19.753",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento SpiderContacts de WordPress hasta la versi\u00f3n 1.1.7 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/146b94df-7fc6-4da3-9ef1-d2875ae3fa9e/",

27
CVE-2024/CVE-2024-63xx/CVE-2024-6362.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6362",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-29T06:15:02.700",
"lastModified": "2024-07-29T14:12:08.783",
"lastModified": "2024-08-01T14:00:20.147",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress Ultimate Blocks anterior a 3.2.0 no valida ni escapa algunos de sus atributos de bloque posteriores a la cuadr\u00edcula antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el bloque, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross Site Scripting almacenado"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/d2e2d06b-0f07-40b9-9b87-3373f62ae1a9/",

27
CVE-2024/CVE-2024-63xx/CVE-2024-6366.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6366",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-29T06:15:02.790",
"lastModified": "2024-07-29T14:12:08.783",
"lastModified": "2024-08-01T14:00:20.363",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento de WordPress User Profile Builder anterior a 3.11.8 no tiene la autorizaci\u00f3n adecuada, lo que permite a usuarios no autenticados cargar archivos multimedia a trav\u00e9s de la funcionalidad de carga as\u00edncrona de WP."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/",

39
CVE-2024/CVE-2024-64xx/CVE-2024-6408.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6408",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-31T06:15:03.913",
"lastModified": "2024-07-31T12:57:02.300",
"lastModified": "2024-08-01T14:00:21.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " El complemento Slider by 10Web WordPress anterior a 1.2.57 no sanitiza ni escapa a su t\u00edtulo de control deslizante, lo que podr\u00eda permitir a usuarios con altos privilegios, como editores y superiores, realizar ataques de cross site scripting incluso cuando unfiltered_html no est\u00e1 permitido."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/31aaeffb-a752-4941-9d0f-1b374fbc7abb/",

27
CVE-2024/CVE-2024-64xx/CVE-2024-6420.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6420",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-23T06:15:11.413",
"lastModified": "2024-07-24T12:55:13.223",
"lastModified": "2024-08-01T14:00:22.580",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress Hide My WP Ghost anterior a 5.2.02 no impide las redirecciones a la p\u00e1gina de inicio de sesi\u00f3n a trav\u00e9s de la funci\u00f3n auth_redirect de WordPress, lo que permite que un visitante no autenticado acceda a la p\u00e1gina de inicio de sesi\u00f3n oculta."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/",

27
CVE-2024/CVE-2024-64xx/CVE-2024-6487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6487",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-29T06:15:02.873",
"lastModified": "2024-07-29T14:12:08.783",
"lastModified": "2024-08-01T14:00:24.000",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress Inline Related Posts anterior a 3.8.0 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en la configuraci\u00f3n de m\u00faltiples sitios)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/eeec9608-a7b2-4926-bac2-4c81a65dd473/",

27
CVE-2024/CVE-2024-64xx/CVE-2024-6490.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6490",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-26T06:15:02.927",
"lastModified": "2024-07-26T12:38:41.683",
"lastModified": "2024-08-01T14:00:24.333",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Durante las pruebas del complemento Master Slider de WordPress hasta la versi\u00f3n 3.9.10, se encontr\u00f3 una vulnerabilidad CSRF, que permite a un usuario no autorizado manipular solicitudes en nombre de la v\u00edctima y, por lo tanto, eliminar todos los sliders dentro del complemento Master Slider de WordPress hasta la versi\u00f3n 3.9.10."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/",

27
CVE-2024/CVE-2024-65xx/CVE-2024-6529.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6529",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-01T06:15:02.737",
"lastModified": "2024-08-01T12:42:36.933",
"lastModified": "2024-08-01T14:35:13.090",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " El complemento de WordPress Ultimate Classified Listings anterior a 1.4 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross Site Scripting reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/1a346c9a-cc1a-46b1-b27a-a77a38449933/",

39
CVE-2024/CVE-2024-66xx/CVE-2024-6605.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6605",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-07-09T15:15:12.660",
"lastModified": "2024-07-09T18:18:38.713",
"lastModified": "2024-08-01T14:00:29.013",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Firefox Android permiti\u00f3 la interacci\u00f3n inmediata con solicitudes de permiso. Esto podr\u00eda usarse para realizar tapjacking. Esta vulnerabilidad afecta a Firefox &lt; 128."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-277"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1836786",

39
CVE-2024/CVE-2024-66xx/CVE-2024-6607.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6607",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-07-09T15:15:12.790",
"lastModified": "2024-07-16T18:15:09.327",
"lastModified": "2024-08-01T14:00:30.023",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Era posible evitar que un usuario saliera del bloqueo del puntero al presionar Escape y superponer notificaciones de customValidity desde un elemento `&lt;select&gt;` sobre ciertas solicitudes de permiso. Esto podr\u00eda usarse para confundir a un usuario y obligarlo a otorgar permisos no deseados a un sitio. Esta vulnerabilidad afecta a Firefox &lt; 128."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-763"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1694513",

27
CVE-2024/CVE-2024-66xx/CVE-2024-6695.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6695",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-31T06:15:04.237",
"lastModified": "2024-07-31T12:57:02.300",
"lastModified": "2024-08-01T14:00:34.400",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " Es posible que un atacante obtenga acceso administrativo sin tener ning\u00fan tipo de cuenta en el sitio objetivo y realice acciones no autorizadas. Esto se debe a un flujo l\u00f3gico inadecuado en el proceso de registro de usuarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/4afa5c85-ce27-4ca7-bba2-61fb39c53a5b/",

27
CVE-2024/CVE-2024-67xx/CVE-2024-6772.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6772",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:06.810",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-08-01T14:00:38.260",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La implementaci\u00f3n inapropiada en V8 en Google Chrome anterior a 126.0.6478.182 permiti\u00f3 a un atacante remoto realizar acceso a memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html",

27
CVE-2024/CVE-2024-67xx/CVE-2024-6773.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6773",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:06.893",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-08-01T14:00:38.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La implementaci\u00f3n inadecuada en V8 en Google Chrome anterior a 126.0.6478.182 permiti\u00f3 a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html",

37
CVE-2024/CVE-2024-67xx/CVE-2024-6774.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6774",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:06.963",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-08-01T14:00:38.700",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El Use After Free en Screen Capture en Google Chrome anterior a 126.0.6478.182 permit\u00eda a un atacante remoto convencer a un usuario de realizar gestos espec\u00edficos en la interfaz de usuario para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
@ -26,6 +49,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [

37
CVE-2024/CVE-2024-67xx/CVE-2024-6775.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6775",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:07.073",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-08-01T14:00:39.580",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El Use After Free en Media Stream en Google Chrome anterior a 126.0.6478.182 permit\u00eda a un atacante remoto convencer a un usuario de realizar gestos espec\u00edficos en la interfaz de usuario para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
@ -26,6 +49,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [

37
CVE-2024/CVE-2024-67xx/CVE-2024-6776.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6776",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:07.163",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-08-01T14:00:40.423",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El Use After Free en Audio en Google Chrome anterior a 126.0.6478.182 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
@ -26,6 +49,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [

37
CVE-2024/CVE-2024-67xx/CVE-2024-6777.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6777",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:07.267",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-08-01T14:00:41.267",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El Use After Free en Navegaci\u00f3n en Google Chrome anterior a 126.0.6478.182 permiti\u00f3 a un atacante convencer a un usuario de instalar una extensi\u00f3n maliciosa para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una extensi\u00f3n de Chrome manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
@ -26,6 +49,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [

37
CVE-2024/CVE-2024-67xx/CVE-2024-6778.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6778",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:07.357",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-08-01T14:00:42.093",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Race in DevTools en Google Chrome anterior a 126.0.6478.182 permiti\u00f3 que un atacante convenciera a un usuario de instalar una extensi\u00f3n maliciosa para inyectar scripts o HTML en una p\u00e1gina privilegiada a trav\u00e9s de una extensi\u00f3n de Chrome manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
@ -26,6 +49,16 @@
"value": "CWE-362"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-366"
}
]
}
],
"references": [

27
CVE-2024/CVE-2024-67xx/CVE-2024-6779.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6779",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:07.460",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-08-01T14:00:42.927",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El acceso a memoria fuera de los l\u00edmites en V8 en Google Chrome anterior a 126.0.6478.182 permit\u00eda a un atacante remoto realizar potencialmente un escape de la zona de pruebas a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html",

14
CVE-2024/CVE-2024-68xx/CVE-2024-6834.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6834",
"sourceIdentifier": "zowe-security@lists.openmainframeproject.org",
"published": "2024-07-17T15:15:14.970",
"lastModified": "2024-07-18T12:28:43.707",
"lastModified": "2024-08-01T14:00:44.750",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://github.com/zowe/api-layer",

27
CVE-2024/CVE-2024-68xx/CVE-2024-6874.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6874",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"published": "2024-07-24T08:15:03.413",
"lastModified": "2024-07-24T12:55:13.223",
"lastModified": "2024-08-01T14:00:45.683",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La funci\u00f3n API de URL de libcurl [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) ofrece conversiones punycode, hacia y desde IDN. Al solicitar convertir un nombre que tiene exactamente 256 bytes, libcurl termina leyendo fuera de un b\u00fafer en la regi\u00f3n stack de la memoria cuando se construye para usar el backend IDN *macidn*. Luego, la funci\u00f3n de conversi\u00f3n llena exactamente el b\u00fafer proporcionado, pero no termina en nulo la cadena. Esta falla puede provocar que el contenido de la pila se devuelva accidentalmente como parte de la cadena convertida."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/24/2",

29
CVE-2024/CVE-2024-69xx/CVE-2024-6923.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-6923",
"sourceIdentifier": "cna@python.org",
"published": "2024-08-01T14:15:03.647",
"lastModified": "2024-08-01T14:15:03.647",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u2019t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/python/cpython/issues/121650",
"source": "cna@python.org"
},
{
"url": "https://github.com/python/cpython/pull/122233",
"source": "cna@python.org"
},
{
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/",
"source": "cna@python.org"
}
]
}

14
CVE-2024/CVE-2024-69xx/CVE-2024-6960.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6960",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2024-07-21T10:15:04.497",
"lastModified": "2024-07-22T13:00:31.330",
"lastModified": "2024-08-01T14:00:50.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518/",

14
CVE-2024/CVE-2024-69xx/CVE-2024-6961.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6961",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2024-07-21T11:15:03.187",
"lastModified": "2024-07-22T13:00:31.330",
"lastModified": "2024-08-01T14:00:51.710",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/",

14
CVE-2024/CVE-2024-73xx/CVE-2024-7340.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7340",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2024-07-31T15:15:11.203",
"lastModified": "2024-08-01T12:42:36.933",
"lastModified": "2024-08-01T14:01:07.677",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/wandb/weave/pull/1657",

4
CVE-2024/CVE-2024-73xx/CVE-2024-7357.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7357",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-01T13:15:10.950",
"lastModified": "2024-08-01T13:15:10.950",
"vulnStatus": "Received",
"lastModified": "2024-08-01T14:04:01.833",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",

137
CVE-2024/CVE-2024-73xx/CVE-2024-7358.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-7358",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-01T14:15:03.820",
"lastModified": "2024-08-01T14:15:03.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file getscreen.msi of the component Installation. The manipulation leads to creation of temporary file with insecure permissions. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-273337 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but was not able to provide a technical response in time."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-378"
}
]
}
],
"references": [
{
"url": "https://github.com/SaumyajeetDas/Vulnerability/tree/main/GetScreen",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.273337",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.273337",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.374979",
"source": "cna@vuldb.com"
}
]
}

77
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-08-01T14:00:22.673916+00:00
2024-08-01T16:00:17.392129+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-08-01T14:00:06.420000+00:00
2024-08-01T15:35:19.753000+00:00
```
### Last Data Feed Release
@ -33,46 +33,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
258730
258745
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `15`
- [CVE-2024-2455](CVE-2024/CVE-2024-24xx/CVE-2024-2455.json) (`2024-08-01T13:15:10.493`)
- [CVE-2024-7357](CVE-2024/CVE-2024-73xx/CVE-2024-7357.json) (`2024-08-01T13:15:10.950`)
- [CVE-2024-29977](CVE-2024/CVE-2024-299xx/CVE-2024-29977.json) (`2024-08-01T15:15:11.290`)
- [CVE-2024-36492](CVE-2024/CVE-2024-364xx/CVE-2024-36492.json) (`2024-08-01T15:15:11.810`)
- [CVE-2024-39274](CVE-2024/CVE-2024-392xx/CVE-2024-39274.json) (`2024-08-01T15:15:12.150`)
- [CVE-2024-39777](CVE-2024/CVE-2024-397xx/CVE-2024-39777.json) (`2024-08-01T15:15:12.370`)
- [CVE-2024-39832](CVE-2024/CVE-2024-398xx/CVE-2024-39832.json) (`2024-08-01T15:15:12.587`)
- [CVE-2024-39837](CVE-2024/CVE-2024-398xx/CVE-2024-39837.json) (`2024-08-01T15:15:12.790`)
- [CVE-2024-39839](CVE-2024/CVE-2024-398xx/CVE-2024-39839.json) (`2024-08-01T15:15:12.993`)
- [CVE-2024-41123](CVE-2024/CVE-2024-411xx/CVE-2024-41123.json) (`2024-08-01T15:15:13.213`)
- [CVE-2024-41144](CVE-2024/CVE-2024-411xx/CVE-2024-41144.json) (`2024-08-01T15:15:13.427`)
- [CVE-2024-41162](CVE-2024/CVE-2024-411xx/CVE-2024-41162.json) (`2024-08-01T15:15:13.627`)
- [CVE-2024-41926](CVE-2024/CVE-2024-419xx/CVE-2024-41926.json) (`2024-08-01T15:15:13.900`)
- [CVE-2024-41946](CVE-2024/CVE-2024-419xx/CVE-2024-41946.json) (`2024-08-01T15:15:14.100`)
- [CVE-2024-41961](CVE-2024/CVE-2024-419xx/CVE-2024-41961.json) (`2024-08-01T15:15:14.310`)
- [CVE-2024-6923](CVE-2024/CVE-2024-69xx/CVE-2024-6923.json) (`2024-08-01T14:15:03.647`)
- [CVE-2024-7358](CVE-2024/CVE-2024-73xx/CVE-2024-7358.json) (`2024-08-01T14:15:03.820`)
### CVEs modified in the last Commit
Recently modified CVEs: `1123`
Recently modified CVEs: `82`
- [CVE-2024-6973](CVE-2024/CVE-2024-69xx/CVE-2024-6973.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-6974](CVE-2024/CVE-2024-69xx/CVE-2024-6974.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-6975](CVE-2024/CVE-2024-69xx/CVE-2024-6975.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-6977](CVE-2024/CVE-2024-69xx/CVE-2024-6977.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-6978](CVE-2024/CVE-2024-69xx/CVE-2024-6978.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7302](CVE-2024/CVE-2024-73xx/CVE-2024-7302.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7324](CVE-2024/CVE-2024-73xx/CVE-2024-7324.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7325](CVE-2024/CVE-2024-73xx/CVE-2024-7325.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7326](CVE-2024/CVE-2024-73xx/CVE-2024-7326.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7327](CVE-2024/CVE-2024-73xx/CVE-2024-7327.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7328](CVE-2024/CVE-2024-73xx/CVE-2024-7328.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7329](CVE-2024/CVE-2024-73xx/CVE-2024-7329.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7330](CVE-2024/CVE-2024-73xx/CVE-2024-7330.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7331](CVE-2024/CVE-2024-73xx/CVE-2024-7331.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7332](CVE-2024/CVE-2024-73xx/CVE-2024-7332.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7333](CVE-2024/CVE-2024-73xx/CVE-2024-7333.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7334](CVE-2024/CVE-2024-73xx/CVE-2024-7334.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7335](CVE-2024/CVE-2024-73xx/CVE-2024-7335.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7336](CVE-2024/CVE-2024-73xx/CVE-2024-7336.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7337](CVE-2024/CVE-2024-73xx/CVE-2024-7337.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7338](CVE-2024/CVE-2024-73xx/CVE-2024-7338.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7339](CVE-2024/CVE-2024-73xx/CVE-2024-7339.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7340](CVE-2024/CVE-2024-73xx/CVE-2024-7340.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7342](CVE-2024/CVE-2024-73xx/CVE-2024-7342.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-7343](CVE-2024/CVE-2024-73xx/CVE-2024-7343.json) (`2024-08-01T12:42:36.933`)
- [CVE-2024-6272](CVE-2024/CVE-2024-62xx/CVE-2024-6272.json) (`2024-08-01T15:35:19.753`)
- [CVE-2024-6362](CVE-2024/CVE-2024-63xx/CVE-2024-6362.json) (`2024-08-01T14:00:20.147`)
- [CVE-2024-6366](CVE-2024/CVE-2024-63xx/CVE-2024-6366.json) (`2024-08-01T14:00:20.363`)
- [CVE-2024-6408](CVE-2024/CVE-2024-64xx/CVE-2024-6408.json) (`2024-08-01T14:00:21.483`)
- [CVE-2024-6420](CVE-2024/CVE-2024-64xx/CVE-2024-6420.json) (`2024-08-01T14:00:22.580`)
- [CVE-2024-6487](CVE-2024/CVE-2024-64xx/CVE-2024-6487.json) (`2024-08-01T14:00:24.000`)
- [CVE-2024-6490](CVE-2024/CVE-2024-64xx/CVE-2024-6490.json) (`2024-08-01T14:00:24.333`)
- [CVE-2024-6529](CVE-2024/CVE-2024-65xx/CVE-2024-6529.json) (`2024-08-01T14:35:13.090`)
- [CVE-2024-6605](CVE-2024/CVE-2024-66xx/CVE-2024-6605.json) (`2024-08-01T14:00:29.013`)
- [CVE-2024-6607](CVE-2024/CVE-2024-66xx/CVE-2024-6607.json) (`2024-08-01T14:00:30.023`)
- [CVE-2024-6695](CVE-2024/CVE-2024-66xx/CVE-2024-6695.json) (`2024-08-01T14:00:34.400`)
- [CVE-2024-6772](CVE-2024/CVE-2024-67xx/CVE-2024-6772.json) (`2024-08-01T14:00:38.260`)
- [CVE-2024-6773](CVE-2024/CVE-2024-67xx/CVE-2024-6773.json) (`2024-08-01T14:00:38.483`)
- [CVE-2024-6774](CVE-2024/CVE-2024-67xx/CVE-2024-6774.json) (`2024-08-01T14:00:38.700`)
- [CVE-2024-6775](CVE-2024/CVE-2024-67xx/CVE-2024-6775.json) (`2024-08-01T14:00:39.580`)
- [CVE-2024-6776](CVE-2024/CVE-2024-67xx/CVE-2024-6776.json) (`2024-08-01T14:00:40.423`)
- [CVE-2024-6777](CVE-2024/CVE-2024-67xx/CVE-2024-6777.json) (`2024-08-01T14:00:41.267`)
- [CVE-2024-6778](CVE-2024/CVE-2024-67xx/CVE-2024-6778.json) (`2024-08-01T14:00:42.093`)
- [CVE-2024-6779](CVE-2024/CVE-2024-67xx/CVE-2024-6779.json) (`2024-08-01T14:00:42.927`)
- [CVE-2024-6834](CVE-2024/CVE-2024-68xx/CVE-2024-6834.json) (`2024-08-01T14:00:44.750`)
- [CVE-2024-6874](CVE-2024/CVE-2024-68xx/CVE-2024-6874.json) (`2024-08-01T14:00:45.683`)
- [CVE-2024-6960](CVE-2024/CVE-2024-69xx/CVE-2024-6960.json) (`2024-08-01T14:00:50.973`)
- [CVE-2024-6961](CVE-2024/CVE-2024-69xx/CVE-2024-6961.json) (`2024-08-01T14:00:51.710`)
- [CVE-2024-7340](CVE-2024/CVE-2024-73xx/CVE-2024-7340.json) (`2024-08-01T14:01:07.677`)
- [CVE-2024-7357](CVE-2024/CVE-2024-73xx/CVE-2024-7357.json) (`2024-08-01T14:04:01.833`)
## Download and Usage

2405
_state.csv
View File

File diff suppressed because it is too large Load Diff