admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-19T23:00:21.127901+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-19 23:03:24 +00:00
parent 6bd513ee61
commit ae646c481f
468 changed files with 3937 additions and 1506 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2017/CVE-2017-133xx/CVE-2017-13315.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-13315",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T18:15:18.613",
"lastModified": "2024-11-19T18:15:18.613",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9338.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9338",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T18:15:18.707",
"lastModified": "2024-11-19T18:15:18.707",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9339.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9339",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T19:15:05.677",
"lastModified": "2024-11-19T19:15:05.677",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9340.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9340",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T19:15:05.743",
"lastModified": "2024-11-19T19:15:05.743",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9341.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9341",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T19:15:05.817",
"lastModified": "2024-11-19T19:15:05.817",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9344",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T19:15:05.877",
"lastModified": "2024-11-19T19:15:05.877",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9345.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9345",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T19:15:05.937",
"lastModified": "2024-11-19T19:15:05.937",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9346.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9346",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T19:15:06.000",
"lastModified": "2024-11-19T19:15:06.000",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9348.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9348",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.427",
"lastModified": "2024-11-19T20:15:27.427",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9364.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9364",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.493",
"lastModified": "2024-11-19T20:15:27.493",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

21
CVE-2018/CVE-2018-93xx/CVE-2018-9365.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9365",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T21:15:05.587",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

4
CVE-2018/CVE-2018-93xx/CVE-2018-9366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9366",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.550",
"lastModified": "2024-11-19T20:15:27.550",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9367.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9367",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.607",
"lastModified": "2024-11-19T20:15:27.607",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9368",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.667",
"lastModified": "2024-11-19T20:15:27.667",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9369",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.723",
"lastModified": "2024-11-19T20:15:27.723",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9370",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.787",
"lastModified": "2024-11-19T20:15:27.787",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9371",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.843",
"lastModified": "2024-11-19T20:15:27.843",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-93xx/CVE-2018-9372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9372",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.917",
"lastModified": "2024-11-19T20:15:27.917",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2018/CVE-2018-94xx/CVE-2018-9409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-9409",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T20:15:27.970",
"lastModified": "2024-11-19T20:15:27.970",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

21
CVE-2018/CVE-2018-94xx/CVE-2018-9410.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9410",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T21:15:05.657",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9411.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9411",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:18.750",
"lastModified": "2024-11-19T22:15:18.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9412.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9412",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:18.813",
"lastModified": "2024-11-19T22:15:18.813",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9417.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9417",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:18.880",
"lastModified": "2024-11-19T22:15:18.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9419.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9419",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:18.943",
"lastModified": "2024-11-19T22:15:18.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9420.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9420",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:19.010",
"lastModified": "2024-11-19T22:15:19.010",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9421.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9421",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:19.070",
"lastModified": "2024-11-19T22:15:19.070",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9424.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9424",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:19.130",
"lastModified": "2024-11-19T22:15:19.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9428.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9428",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:19.190",
"lastModified": "2024-11-19T22:15:19.190",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9432.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9432",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:19.247",
"lastModified": "2024-11-19T22:15:19.247",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9433.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9433",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T22:15:19.307",
"lastModified": "2024-11-19T22:15:19.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01",
"source": "security@android.com"
}
]
}

8
CVE-2020/CVE-2020-260xx/CVE-2020-26066.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-26066",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-18T17:15:09.437",
"lastModified": "2024-11-18T17:15:09.437",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:56.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.\r\nThe vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de usuario web de Cisco SD-WAN vManage Software podr\u00eda permitir que un atacante remoto autenticado obtenga acceso de lectura y escritura a la informaci\u00f3n almacenada en un sistema afectado. La vulnerabilidad se debe a un manejo inadecuado de las entradas de entidad externa XML (XXE) al analizar determinados archivos XML. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que importe un archivo XML creado con entradas maliciosas. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante leer y escribir archivos dentro de la aplicaci\u00f3n afectada. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2020/CVE-2020-260xx/CVE-2020-26067.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-26067",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-18T17:15:09.757",
"lastModified": "2024-11-18T17:15:09.757",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:56.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks.\r\nThe vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains malicious HTML or script content and joining a space using the malicious account name. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz basada en web de Cisco Webex Teams podr\u00eda permitir que un atacante remoto autenticado realice ataques de cross-site scripting. La vulnerabilidad se debe a una validaci\u00f3n incorrecta de los nombres de usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad creando una cuenta que contenga contenido HTML o script malicioso y uni\u00e9ndose a un espacio utilizando el nombre de cuenta malicioso. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar ataques de cross-site scripting y potencialmente obtener acceso a informaci\u00f3n confidencial basada en el navegador. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."
}
],
"metrics": {

4
CVE-2022/CVE-2022-474xx/CVE-2022-47424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47424",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T18:15:19.020",
"lastModified": "2024-11-19T18:15:19.020",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-212xx/CVE-2023-21270.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21270",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T18:15:19.253",
"lastModified": "2024-11-19T18:15:19.253",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

56
CVE-2023/CVE-2023-276xx/CVE-2023-27609.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-27609",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T22:15:19.443",
"lastModified": "2024-11-19T22:15:19.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NetTantra WP Roles at Registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through 0.23."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-roles-at-registration/wordpress-wp-roles-at-registration-plugin-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-499xx/CVE-2023-49952.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49952",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-18T18:15:05.927",
"lastModified": "2024-11-19T16:35:08.620",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:56.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

39
CVE-2023/CVE-2023-523xx/CVE-2023-52348.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52348",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-04-08T03:15:08.597",
"lastModified": "2024-04-08T18:48:40.217",
"lastModified": "2024-11-19T22:35:02.473",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el servicio ril, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del System necesarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313",

39
CVE-2023/CVE-2023-523xx/CVE-2023-52374.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52374",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-02-18T04:15:08.050",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-11-19T22:35:03.463",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de control de permisos en el m\u00f3dulo de gesti\u00f3n de paquetes. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/2/",

27
CVE-2023/CVE-2023-525xx/CVE-2023-52558.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52558",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-03-01T17:15:07.330",
"lastModified": "2024-03-01T22:22:25.913",
"lastModified": "2024-11-19T22:35:04.320",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En OpenBSD 7.4 anterior a la errata 002 y OpenBSD 7.3 anterior a la errata 019, un b\u00fafer de red que ten\u00eda que dividirse en cierta longitud pod\u00eda bloquear el kernel despu\u00e9s de recibir secuencias de escape especialmente manipuladas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",

8
CVE-2023/CVE-2023-529xx/CVE-2023-52921.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52921",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-19T02:15:09.310",
"lastModified": "2024-11-19T02:15:09.310",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix possible UAF in amdgpu_cs_pass1()\n\nSince the gang_size check is outside of chunk parsing\nloop, we need to reset i before we free the chunk data.\n\nSuggested by Ye Zhang (@VAR10CK) of Baidu Security."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige un posible UAF en amdgpu_cs_pass1(). Dado que la comprobaci\u00f3n de gang_size est\u00e1 fuera del bucle de an\u00e1lisis de fragmentos, debemos restablecer i antes de liberar los datos del fragmento. Sugerido por Ye Zhang (@VAR10CK) de Baidu Security."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-101xx/CVE-2024-10103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10103",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-19T06:15:17.740",
"lastModified": "2024-11-19T15:35:04.260",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

54
CVE-2024/CVE-2024-101xx/CVE-2024-10113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10113",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T06:15:03.340",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:26:25.497",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeka:wp_adcenter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.7",
"matchCriteriaId": "E12DA063-5CBD-42E3-96BB-A2C348E19550"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/wpadcenter/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0597a63d-2627-477f-874a-c35b6df7afd5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-102xx/CVE-2024-10204.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10204",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2024-11-19T14:15:16.940",
"lastModified": "2024-11-19T14:15:16.940",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file."
},
{
"lang": "es",
"value": "Existen vulnerabilidades de desbordamiento de b\u00fafer basado en mont\u00f3n y de variable no inicializada en el procedimiento de lectura de archivos X_B y SAT en eDrawings desde la versi\u00f3n SOLIDWORKS 2024 hasta la versi\u00f3n SOLIDWORKS 2025. Estas vulnerabilidades podr\u00edan permitir que un atacante ejecute c\u00f3digo arbitrario al abrir un archivo X_B o SAT especialmente manipulado."
}
],
"metrics": {

4
CVE-2024/CVE-2024-102xx/CVE-2024-10224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10224",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-11-19T18:15:19.773",
"lastModified": "2024-11-19T20:35:18.300",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

54
CVE-2024/CVE-2024-102xx/CVE-2024-10260.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10260",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T06:15:03.753",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:20:51.707",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tripetto:tripetto:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "8.0.3",
"matchCriteriaId": "9C971690-175E-41CC-8EAF-C9E4A0E4F0EA"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.svn.wordpress.org/tripetto/trunk/lib/attachments.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3718c252-2ca3-4f7d-b43a-3c1b2e6b34c0?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-102xx/CVE-2024-10268.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10268",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T08:15:15.883",
"lastModified": "2024-11-19T08:15:15.883",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento MP3 Audio Player \u2013 Music Player, Podcast Player & Radio de Sonaar para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo corto sonaar_audioplayer del complemento en todas las versiones hasta la 5.8 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-103xx/CVE-2024-10388.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10388",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T08:15:16.293",
"lastModified": "2024-11-19T08:15:16.293",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento GDPR de WordPress para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de los par\u00e1metros 'gdpr_firstname' y 'gdpr_lastname' en todas las versiones hasta la 2.0.2 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-103xx/CVE-2024-10390.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10390",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-18T17:15:10.897",
"lastModified": "2024-11-18T17:15:10.897",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:56.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Elfsight Telegram Chat CC para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n 'updatePreferences' en todas las versiones hasta la 1.1.0 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-104xx/CVE-2024-10486.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10486",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-18T22:15:05.657",
"lastModified": "2024-11-18T22:15:05.657",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks."
},
{
"lang": "es",
"value": "El complemento Google for WooCommerce para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n en todas las versiones hasta la 2.8.6 incluida. Esto se debe al archivo print_php_information.php, de acceso p\u00fablico. Esto permite que atacantes no autenticados obtengan informaci\u00f3n sobre el servidor web y la configuraci\u00f3n de PHP, que puede utilizarse para facilitar otros ataques."
}
],
"metrics": {

4
CVE-2024/CVE-2024-105xx/CVE-2024-10524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10524",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2024-11-19T15:15:06.740",
"lastModified": "2024-11-19T15:15:06.740",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

32
CVE-2024/CVE-2024-105xx/CVE-2024-10582.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10582",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T06:15:04.077",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:17:53.003",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smartwpress:music_player_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "E6BA172A-FAB7-4ADF-AE22-C36FEA8EB6CD"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3186359%40music-player-for-elementor%2Ftrunk&old=3174807%40music-player-for-elementor%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f66cdcf-cbe5-43e0-ad18-c2b9c4491ed4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-107xx/CVE-2024-10793.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10793",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T06:15:04.370",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:13:22.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:melapress:wp_activity_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.2.2",
"matchCriteriaId": "8A399A99-8BCF-48F5-B42D-0D403A87C908"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/tags/5.2.1/classes/WPSensors/class-wp-system-sensor.php#L679",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44f3b2e4-c537-4369-b2d6-39fbc6cb8e08?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-110xx/CVE-2024-11003.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11003",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-11-19T18:15:19.973",
"lastModified": "2024-11-19T20:35:19.000",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-110xx/CVE-2024-11036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11036",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T11:15:04.343",
"lastModified": "2024-11-19T11:15:04.343",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-110xx/CVE-2024-11038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11038",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T11:15:05.683",
"lastModified": "2024-11-19T11:15:05.683",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-110xx/CVE-2024-11069.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11069",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T08:15:16.577",
"lastModified": "2024-11-19T08:15:16.577",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users."
},
{
"lang": "es",
"value": "El complemento GDPR de WordPress para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'WordPress_GDPR_Data_Delete::check_action' en todas las versiones hasta la 2.0.2 incluida. Esto hace posible que atacantes no autenticados eliminen usuarios arbitrarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-110xx/CVE-2024-11075.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11075",
"sourceIdentifier": "psirt@sick.de",
"published": "2024-11-19T14:15:17.340",
"lastModified": "2024-11-19T14:15:17.340",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Incoming Goods Suite permite a un usuario con acceso sin privilegios al sistema subyacente (por ejemplo, local o a trav\u00e9s de SSH) una escalada de privilegios al nivel administrativo debido al uso de im\u00e1genes Docker del proveedor de componentes que se ejecutan con permisos de superusuario. La explotaci\u00f3n de esta configuraci\u00f3n incorrecta permite que un atacante obtenga control administrativo sobre todo el sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-110xx/CVE-2024-11098.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11098",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T08:15:16.833",
"lastModified": "2024-11-19T08:15:16.833",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
},
{
"lang": "es",
"value": "El complemento SVG Block para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de las cargas de archivos SVG de la API REST en todas las versiones hasta la 1.1.24 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de administrador o superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG."
}
],
"metrics": {

8
CVE-2024/CVE-2024-111xx/CVE-2024-11194.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11194",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T12:15:16.497",
"lastModified": "2024-11-19T12:15:16.497",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Classified Listing \u2013 Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array."
},
{
"lang": "es",
"value": "El complemento Classified Listing \u2013 Classified ads & Business Directory Plugin para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos que puede provocar una escalada de privilegios debido a una verificaci\u00f3n mal configurada en la funci\u00f3n 'rtcl_import_settings' en todas las versiones hasta la 3.1.15.1 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias limitadas en el sitio de WordPress. Esto se puede aprovechar para actualizar el rol de suscriptor con capacidades de nivel de administrador para obtener acceso de usuario administrativo a un sitio vulnerable. La vulnerabilidad es limitada en el sentido de que la opci\u00f3n actualizada debe tener un valor que sea una matriz."
}
],
"metrics": {

4
CVE-2024/CVE-2024-111xx/CVE-2024-11195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11195",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T11:15:05.930",
"lastModified": "2024-11-19T11:15:05.930",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-111xx/CVE-2024-11198.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11198",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T13:15:04.157",
"lastModified": "2024-11-19T13:15:04.157",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018extra_class\u2019 parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento GD Rating System para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'extra_class' en todas las versiones hasta la 3.6.1 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11224.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11224",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T13:15:04.423",
"lastModified": "2024-11-19T13:15:04.423",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018position\u2019 parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Parallax Image para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'position' en todas las versiones hasta la 1.9 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

69
CVE-2024/CVE-2024-112xx/CVE-2024-11247.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11247",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T17:15:19.237",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:55:35.283",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -124,26 +144,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:online_eyewear_shop:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "464A3580-D632-43EB-93EF-E2A1A5736F14"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Fl4g-Pshacker/cve/blob/main/xss.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.284683",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.284683",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.443194",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

81
CVE-2024/CVE-2024-112xx/CVE-2024-11248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11248",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T17:15:19.580",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:51:57.467",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -124,26 +144,73 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D"
}
]
}
]
}
],
"references": [
{
"url": "https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-formSetRebootTimer-stack-overflow-13d0448e619580bf8ab1df7cfb6c018b",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.284684",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.284684",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.443204",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

83
CVE-2024/CVE-2024-112xx/CVE-2024-11256.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11256",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T20:15:17.957",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:49:04.790",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -124,26 +154,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:1000projects:portfolio_management_system_mca:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EA77A4-2402-463E-9E5D-A08E8B927CE2"
}
]
}
]
}
],
"references": [
{
"url": "https://1000projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Hacker0xone/CVE/issues/8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.284711",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.284711",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.443370",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

83
CVE-2024/CVE-2024-112xx/CVE-2024-11257.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11257",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T20:15:18.253",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:24:40.443",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -124,26 +154,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:1000projects:beauty_parlour_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC5BB9B-86BF-4DDC-9A70-B48A4707A48E"
}
]
}
]
}
],
"references": [
{
"url": "https://1000projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Hacker0xone/CVE/issues/10",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.284715",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.284715",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.443385",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

83
CVE-2024/CVE-2024-112xx/CVE-2024-11258.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11258",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T20:15:18.523",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:24:27.473",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -124,26 +154,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:1000projects:beauty_parlour_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC5BB9B-86BF-4DDC-9A70-B48A4707A48E"
}
]
}
]
}
],
"references": [
{
"url": "https://1000projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Hacker0xone/CVE/issues/11",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.284716",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.284716",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.443386",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

83
CVE-2024/CVE-2024-112xx/CVE-2024-11259.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11259",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T20:15:18.797",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:47:38.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -110,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -124,26 +154,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:farmacia:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "306E7920-8B20-4E60-B0C3-5555D0C0C196"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/13u11erFly/cve/blob/main/xss.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.284717",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.284717",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.443398",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

39
CVE-2024/CVE-2024-113xx/CVE-2024-11395.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11395",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-11-19T20:15:29.917",
"lastModified": "2024-11-19T20:15:29.917",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,30 @@
"value": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
@ -22,6 +45,16 @@
"value": "CWE-843"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [

60
CVE-2024/CVE-2024-114xx/CVE-2024-11400.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11400",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T22:15:19.740",
"lastModified": "2024-11-19T22:15:19.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3186438/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3158e77-39b3-4151-8f10-5824000a585a?source=cve",
"source": "security@wordfence.com"
}
]
}

39
CVE-2024/CVE-2024-15xx/CVE-2024-1551.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1551",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.790",
"lastModified": "2024-03-04T09:15:37.913",
"lastModified": "2024-11-19T22:35:04.583",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Los encabezados de respuesta Set-Cookie se respetaban incorrectamente en las respuestas HTTP de varias partes. Si un atacante pudiera controlar el encabezado de respuesta Content-Type, as\u00ed como controlar parte del cuerpo de la respuesta, podr\u00eda inyectar encabezados de respuesta Set-Cookie que el navegador habr\u00eda respetado. Esta vulnerabilidad afecta a Firefox < 123, Firefox ESR < 115.8 y Thunderbird < 115.8."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-565"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864385",

22
CVE-2024/CVE-2024-210xx/CVE-2024-21058.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21058",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:23.570",
"lastModified": "2024-04-17T12:48:31.863",
"lastModified": "2024-11-19T21:35:04.083",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},

4
CVE-2024/CVE-2024-212xx/CVE-2024-21287.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21287",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-11-18T22:15:05.897",
"lastModified": "2024-11-19T16:35:10.963",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-215xx/CVE-2024-21539.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21539",
"sourceIdentifier": "report@snyk.io",
"published": "2024-11-19T05:15:16.453",
"lastModified": "2024-11-19T16:35:11.720",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-216xx/CVE-2024-21697.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21697",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-11-19T19:15:07.937",
"lastModified": "2024-11-19T19:15:07.937",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

24
CVE-2024/CVE-2024-241xx/CVE-2024-24198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24198",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.480",
"lastModified": "2024-10-29T18:45:47.057",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-19T21:35:04.337",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

39
CVE-2024/CVE-2024-251xx/CVE-2024-25170.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25170",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.770",
"lastModified": "2024-02-29T13:49:47.277",
"lastModified": "2024-11-19T21:35:04.593",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en Mezzanine v6.0.0 permite a los atacantes eludir los controles de acceso manipulando el encabezado del Host."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0",

27
CVE-2024/CVE-2024-259xx/CVE-2024-25941.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25941",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2024-02-15T05:15:11.200",
"lastModified": "2024-06-10T19:15:53.077",
"lastModified": "2024-11-19T22:35:05.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La llamada al sistema jail(2) no ha limitado la visibilidad de los TTY asignados (el sysctl kern.ttys). Esto da lugar a una filtraci\u00f3n de informaci\u00f3n sobre procesos fuera de la actual c\u00e1rcel. El atacante puede obtener informaci\u00f3n sobre los TTY asignados en el host o en otras c\u00e1rceles. Efectivamente, la informaci\u00f3n impresa por \"pstat -t\" puede filtrarse."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc",

39
CVE-2024/CVE-2024-275xx/CVE-2024-27532.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27532",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T22:15:15.603",
"lastModified": "2024-11-12T13:56:54.483",
"lastModified": "2024-11-19T21:35:05.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "wasm-micro-runtime (tambi\u00e9n conocido como WebAssembly Micro Runtime o WAMR) 06df58f es vulnerable a la desreferencia de puntero NULL en la funci\u00f3n `block_type_get_result_types."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/haruki3hhh/e468ac3b3234f9bc42a9cc367457119a",

39
CVE-2024/CVE-2024-276xx/CVE-2024-27660.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27660",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.730",
"lastModified": "2024-03-01T14:04:26.010",
"lastModified": "2024-11-19T22:35:06.103",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda desreferencias de puntero nulo en sub_41C488(). Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x41C708-e46f864c48114f45894f4563588d7968?pvs=4",

56
CVE-2024/CVE-2024-304xx/CVE-2024-30424.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30424",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T22:15:20.103",
"lastModified": "2024-11-19T22:15:20.103",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Stored XSS.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpzoom-addons-for-beaver-builder/wordpress-beaver-builder-addons-by-wpzoom-plugin-1-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2024/CVE-2024-311xx/CVE-2024-31141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31141",
"sourceIdentifier": "security@apache.org",
"published": "2024-11-19T09:15:03.860",
"lastModified": "2024-11-19T15:35:06.263",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-332xx/CVE-2024-33231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33231",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-18T23:15:04.783",
"lastModified": "2024-11-19T15:35:06.980",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

39
CVE-2024/CVE-2024-338xx/CVE-2024-33859.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33859",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-07T17:15:09.200",
"lastModified": "2024-05-07T20:07:58.737",
"lastModified": "2024-11-19T22:35:07.000",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en Logpoint antes de 7.4.0. El c\u00f3digo HTML enviado a trav\u00e9s de registros no se escapaba en la interfaz de usuario web \"Campo interesante\", lo que generaba XSS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/18533927651357-XSS-in-Interesting-Fields-in-Logpoint-Web-UI",

14
CVE-2024/CVE-2024-345xx/CVE-2024-34510.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34510",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-05T20:15:07.417",
"lastModified": "2024-05-06T12:44:56.377",
"lastModified": "2024-11-19T22:35:07.850",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [
{
"url": "https://github.com/gradio-app/gradio/",

39
CVE-2024/CVE-2024-363xx/CVE-2024-36384.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36384",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T04:15:09.143",
"lastModified": "2024-05-28T12:39:28.377",
"lastModified": "2024-11-19T22:35:08.610",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Pointsharp Cryptshare Server anterior a 7.0.0 tiene un problema XSS relacionado con los mensajes de notificaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://documentation.cryptshare.com/w/CSSCurrent_en:Version_7.0.0#Additional_Changes",

39
CVE-2024/CVE-2024-364xx/CVE-2024-36472.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36472",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T16:15:17.033",
"lastModified": "2024-05-28T17:11:47.007",
"lastModified": "2024-11-19T22:35:09.457",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En GNOME Shell hasta la versi\u00f3n 45.7, se puede iniciar autom\u00e1ticamente un asistente de portal (sin confirmaci\u00f3n del usuario) en funci\u00f3n de las respuestas de red proporcionadas por un adversario (por ejemplo, un adversario que controla la red Wi-Fi local) y, posteriormente, carga c\u00f3digo JavaScript que no es de confianza, lo que puede conducir al consumo de recursos u otros impactos dependiendo del comportamiento del c\u00f3digo JavaScript."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688",

4
CVE-2024/CVE-2024-370xx/CVE-2024-37070.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37070",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-11-19T20:15:30.693",
"lastModified": "2024-11-19T20:15:30.693",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

48
CVE-2024/CVE-2024-397xx/CVE-2024-39726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39726",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-11-15T17:15:19.983",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:51:40.093",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,52 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F4CC3C28-FF12-4B65-AEE4-1F54E3A0B11F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "5E6ECEDA-A440-4085-867C-B42D6B439F58"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7176208",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-398xx/CVE-2024-39884.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39884",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-04T09:15:04.237",
"lastModified": "2024-07-17T21:15:11.743",
"lastModified": "2024-11-19T21:35:06.303",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Una regresi\u00f3n en el n\u00facleo de Apache HTTP Server 2.4.60 ignora parte del uso de la configuraci\u00f3n de controladores heredada basada en el tipo de contenido. \"AddType\" y configuraciones similares, en algunas circunstancias en las que los archivos se solicitan indirectamente, dan como resultado la divulgaci\u00f3n del c\u00f3digo fuente del contenido local. Por ejemplo, los scripts PHP pueden servirse en lugar de interpretarse. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.4.61, que soluciona este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/17/6",

4
CVE-2024/CVE-2024-424xx/CVE-2024-42450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42450",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-11-19T18:15:20.560",
"lastModified": "2024-11-19T20:35:23.447",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-433xx/CVE-2024-43338.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43338",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:09.013",
"lastModified": "2024-11-19T17:15:09.013",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-434xx/CVE-2024-43416.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43416",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-18T17:15:11.220",
"lastModified": "2024-11-18T17:15:11.220",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:56.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue."
},
{
"lang": "es",
"value": "GLPI es un paquete de software gratuito de gesti\u00f3n de activos y TI. A partir de la versi\u00f3n 0.80 y antes de la versi\u00f3n 10.0.17, un usuario no autenticado puede usar un endpoint de la aplicaci\u00f3n para verificar si una direcci\u00f3n de correo electr\u00f3nico corresponde a un usuario v\u00e1lido de GLPI. La versi\u00f3n 10.0.17 soluciona el problema."
}
],
"metrics": {

70
CVE-2024/CVE-2024-446xx/CVE-2024-44625.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44625",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T17:15:20.260",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:51:19.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "Gogs <=0.13.0 es vulnerable a la navegaci\u00f3n de Directory Traversal de la funci\u00f3n editFilePost de internal/route/repo/editor.go."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.13.0",
"matchCriteriaId": "5634A605-49DE-459E-ADE6-2E65D89321BD"
}
]
}
]
}
],
"references": [
{
"url": "https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://gogs.io/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

8
CVE-2024/CVE-2024-447xx/CVE-2024-44756.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44756",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-18T17:15:11.450",
"lastModified": "2024-11-18T17:15:11.450",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:56.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que NUS-M9 ERP Management Software v3.0.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de c\u00f3digo de usuario en /UserWH/checkLogin."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-447xx/CVE-2024-44757.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44757",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-18T17:15:11.510",
"lastModified": "2024-11-18T17:15:11.510",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:57:56.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de descarga de archivos arbitrarios en el componente /Basics/DownloadInpFile de NUS-M9 ERP Management Software v3.0.0 permite a los atacantes descargar archivos arbitrarios y acceder a informaci\u00f3n confidencial a trav\u00e9s de una solicitud de interfaz manipulada espec\u00edficamente."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-454xx/CVE-2024-45419.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45419",
"sourceIdentifier": "security@zoom.us",
"published": "2024-11-19T20:15:30.973",
"lastModified": "2024-11-19T20:15:30.973",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-454xx/CVE-2024-45420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45420",
"sourceIdentifier": "security@zoom.us",
"published": "2024-11-19T20:15:31.200",
"lastModified": "2024-11-19T20:15:31.200",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-454xx/CVE-2024-45422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45422",
"sourceIdentifier": "security@zoom.us",
"published": "2024-11-19T20:15:31.430",
"lastModified": "2024-11-19T20:15:31.430",
"vulnStatus": "Received",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

48
CVE-2024/CVE-2024-456xx/CVE-2024-45609.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45609",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T20:15:20.410",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T21:22:06.043",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,10 +71,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.70",
"versionEndExcluding": "10.0.17",
"matchCriteriaId": "F0AB7130-09DA-49A3-8D17-C218BD5A0DC9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3j2f-3j4v-hppr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More