admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-27T22:00:17.482108+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-27 22:03:15 +00:00
parent 37a7ba5c1a
commit b1c6a37546
66 changed files with 3153 additions and 338 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2018/CVE-2018-163xx/CVE-2018-16310.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-16310", "id": "CVE-2018-16310",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2018-09-06T23:29:01.350", "published": "2018-09-06T23:29:01.350",
"lastModified": "2024-08-05T11:15:27.340", "lastModified": "2024-08-27T21:35:00.747",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [ "cveTags": [
{ {
@ -23,28 +23,6 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "nvd@nist.gov", "source": "nvd@nist.gov",

10
CVE-2022/CVE-2022-399xx/CVE-2022-39996.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-39996", "id": "CVE-2022-39996",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T18:15:13.197", "published": "2024-08-27T18:15:13.197",
"lastModified": "2024-08-27T19:35:01.613", "lastModified": "2024-08-27T21:35:01.140",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -18,8 +18,8 @@
"type": "Secondary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK", "attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW", "attackComplexity": "LOW",
"privilegesRequired": "LOW", "privilegesRequired": "LOW",
"userInteraction": "REQUIRED", "userInteraction": "REQUIRED",
@ -27,10 +27,10 @@
"confidentialityImpact": "LOW", "confidentialityImpact": "LOW",
"integrityImpact": "LOW", "integrityImpact": "LOW",
"availabilityImpact": "NONE", "availabilityImpact": "NONE",
"baseScore": 5.4, "baseScore": 4.8,
"baseSeverity": "MEDIUM" "baseSeverity": "MEDIUM"
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 1.7,
"impactScore": 2.7 "impactScore": 2.7
} }
] ]

39
CVE-2023/CVE-2023-415xx/CVE-2023-41506.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41506", "id": "CVE-2023-41506",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T02:15:06.267", "published": "2024-02-27T02:15:06.267",
"lastModified": "2024-02-27T14:20:06.637", "lastModified": "2024-08-27T20:35:01.473",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n Actualizar/Editar imagen de perfil del estudiante de Student Enrollment In PHP v1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado." "value": "Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n Actualizar/Editar imagen de perfil del estudiante de Student Enrollment In PHP v1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/ASR511-OO7/CVE-2023-41506/blob/main/CVE-23", "url": "https://github.com/ASR511-OO7/CVE-2023-41506/blob/main/CVE-23",

39
CVE-2023/CVE-2023-429xx/CVE-2023-42954.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42954", "id": "CVE-2023-42954",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-03-21T23:15:09.517", "published": "2024-03-21T23:15:09.517",
"lastModified": "2024-03-22T12:45:36.130", "lastModified": "2024-08-27T20:35:05.607",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Exist\u00eda un problema de escalada de privilegios en FileMaker Server, que potencialmente expon\u00eda informaci\u00f3n confidencial a sitios web front-end al iniciar sesi\u00f3n en la Consola de administraci\u00f3n con una funci\u00f3n de administrador. Este problema se solucion\u00f3 en FileMaker Server 20.3.1 reduciendo la informaci\u00f3n enviada en las solicitudes." "value": "Exist\u00eda un problema de escalada de privilegios en FileMaker Server, que potencialmente expon\u00eda informaci\u00f3n confidencial a sitios web front-end al iniciar sesi\u00f3n en la Consola de administraci\u00f3n con una funci\u00f3n de administrador. Este problema se solucion\u00f3 en FileMaker Server 20.3.1 reduciendo la informaci\u00f3n enviada en las solicitudes."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.claris.com/s/answerview?anum=000041424&language=en_US", "url": "https://support.claris.com/s/answerview?anum=000041424&language=en_US",

14
CVE-2023/CVE-2023-471xx/CVE-2023-47132.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47132", "id": "CVE-2023-47132",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T23:15:09.877", "published": "2024-02-08T23:15:09.877",
"lastModified": "2024-02-15T17:07:31.827", "lastModified": "2024-08-27T21:35:02.060",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,6 +49,16 @@
"value": "NVD-CWE-Other" "value": "NVD-CWE-Other"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2023/CVE-2023-509xx/CVE-2023-50967.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50967", "id": "CVE-2023-50967",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-20T16:15:07.570", "published": "2024-03-20T16:15:07.570",
"lastModified": "2024-04-19T23:15:09.330", "lastModified": "2024-08-27T21:35:03.017",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Latchset jose hasta la versi\u00f3n 11 permite a los atacantes provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un valor grande de p2c (tambi\u00e9n conocido como PBES2 Count)." "value": "Latchset jose hasta la versi\u00f3n 11 permite a los atacantes provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un valor grande de p2c (tambi\u00e9n conocido como PBES2 Count)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md", "url": "https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md",

27
CVE-2023/CVE-2023-509xx/CVE-2023-50969.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50969", "id": "CVE-2023-50969",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T23:15:46.137", "published": "2024-03-28T23:15:46.137",
"lastModified": "2024-03-29T12:45:02.937", "lastModified": "2024-08-27T20:35:06.427",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "Thales Imperva SecureSphere WAF 14.7.0.40 permite a atacantes remotos eludir las reglas WAF mediante una solicitud POST manipulada, una vulnerabilidad diferente a CVE-2021-45468." "value": "Thales Imperva SecureSphere WAF 14.7.0.40 permite a atacantes remotos eludir las reglas WAF mediante una solicitud POST manipulada, una vulnerabilidad diferente a CVE-2021-45468."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [ "references": [
{ {
"url": "https://docs.imperva.com/bundle/v14.7-waf-administration-guide/page/9282.htm", "url": "https://docs.imperva.com/bundle/v14.7-waf-administration-guide/page/9282.htm",

14
CVE-2023/CVE-2023-510xx/CVE-2023-51015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51015", "id": "CVE-2023-51015",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T19:15:09.450", "published": "2023-12-22T19:15:09.450",
"lastModified": "2023-12-27T21:10:05.557", "lastModified": "2024-08-27T20:35:06.640",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
} }
], ],
"configurations": [ "configurations": [

14
CVE-2023/CVE-2023-510xx/CVE-2023-51026.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51026", "id": "CVE-2023-51026",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T18:15:07.907", "published": "2023-12-22T18:15:07.907",
"lastModified": "2023-12-27T21:10:48.950", "lastModified": "2024-08-27T21:35:04.070",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2023/CVE-2023-517xx/CVE-2023-51786.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-51786", "id": "CVE-2023-51786",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-07T01:15:52.180", "published": "2024-03-07T01:15:52.180",
"lastModified": "2024-05-01T18:15:11.990", "lastModified": "2024-08-27T21:35:04.790",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en las versiones 2.13.x, 2.14.x y 2.15.x anteriores a la 2.15.4 de Lustre que permite a los atacantes escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del control de acceso incorrecto." "value": "Se descubri\u00f3 un problema en las versiones 2.13.x, 2.14.x y 2.15.x anteriores a la 2.15.4 de Lustre que permite a los atacantes escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del control de acceso incorrecto."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [ "references": [
{ {
"url": "http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html", "url": "http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html",

32
CVE-2023/CVE-2023-521xx/CVE-2023-52160.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52160", "id": "CVE-2023-52160",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T17:15:08.263", "published": "2024-02-22T17:15:08.263",
"lastModified": "2024-03-10T04:15:06.897", "lastModified": "2024-08-27T20:35:07.373",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-287" "value": "CWE-287"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2023/CVE-2023-72xx/CVE-2023-7203.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-7203", "id": "CVE-2023-7203",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-27T09:15:37.450", "published": "2024-02-27T09:15:37.450",
"lastModified": "2024-02-27T14:20:06.637", "lastModified": "2024-08-27T21:35:05.583",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Smart Forms de WordPress anterior a 2.6.87 no tiene autorizaci\u00f3n en varias acciones AJAX, lo que podr\u00eda permitir a usuarios con un rol tan bajo como suscriptor llamarlos y realizar acciones no autorizadas, como eliminar entradas. El complemento tambi\u00e9n carece de comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF, como eliminar entradas." "value": "El complemento Smart Forms de WordPress anterior a 2.6.87 no tiene autorizaci\u00f3n en varias acciones AJAX, lo que podr\u00eda permitir a usuarios con un rol tan bajo como suscriptor llamarlos y realizar acciones no autorizadas, como eliminar entradas. El complemento tambi\u00e9n carece de comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF, como eliminar entradas."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/b514b631-c3e3-4793-ab5d-35ed0c38b011/", "url": "https://wpscan.com/vulnerability/b514b631-c3e3-4793-ab5d-35ed0c38b011/",

27
CVE-2024/CVE-2024-13xx/CVE-2024-1333.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1333", "id": "CVE-2024-1333",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-03-18T16:15:07.170", "published": "2024-03-18T16:15:07.170",
"lastModified": "2024-03-18T19:40:00.173", "lastModified": "2024-08-27T21:35:07.153",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Responsive Pricing Table de WordPress anterior a 5.1.11 no valida ni escapa algunas de sus opciones de la tabla de precios antes de mostrarlas nuevamente en una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el shortcode relacionado, lo que podr\u00eda permitir a los usuarios con el rol de autor y superior realizar ataque de Cross-Site Scripting Almacenado" "value": "El complemento Responsive Pricing Table de WordPress anterior a 5.1.11 no valida ni escapa algunas de sus opciones de la tabla de precios antes de mostrarlas nuevamente en una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el shortcode relacionado, lo que podr\u00eda permitir a los usuarios con el rol de autor y superior realizar ataque de Cross-Site Scripting Almacenado"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/30546402-03b8-4e18-ad7e-04a6b556ffd7/", "url": "https://wpscan.com/vulnerability/30546402-03b8-4e18-ad7e-04a6b556ffd7/",

39
CVE-2024/CVE-2024-19xx/CVE-2024-1939.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1939", "id": "CVE-2024-1939",
"sourceIdentifier": "chrome-cve-admin@google.com", "sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-29T01:43:57.640", "published": "2024-02-29T01:43:57.640",
"lastModified": "2024-03-07T23:15:07.250", "lastModified": "2024-08-27T21:35:07.627",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Type Confusion en V8 en Google Chrome anterior a 122.0.6261.94 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" "value": "Type Confusion en V8 en Google Chrome anterior a 122.0.6261.94 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html", "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html",

27
CVE-2024/CVE-2024-200xx/CVE-2024-20018.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20018", "id": "CVE-2024-20018",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2024-03-04T03:15:07.017", "published": "2024-03-04T03:15:07.017",
"lastModified": "2024-03-04T13:58:23.447", "lastModified": "2024-08-27T21:35:08.523",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "En el controlador WLAN, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: WCNCR00348479; ID del problema: MSV-1019." "value": "En el controlador WLAN, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: WCNCR00348479; ID del problema: MSV-1019."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [ "references": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/March-2024", "url": "https://corp.mediatek.com/product-security-bulletin/March-2024",

39
CVE-2024/CVE-2024-228xx/CVE-2024-22857.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22857", "id": "CVE-2024-22857",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-07T01:15:52.640", "published": "2024-03-07T01:15:52.640",
"lastModified": "2024-04-19T01:15:06.297", "lastModified": "2024-08-27T20:35:09.263",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "zlog 1.2.16 tiene un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la estructura zlog_rule_s mientras crea una nueva regla que ya est\u00e1 definida en el archivo de configuraci\u00f3n proporcionado. Un usuario normal puede lograr la ejecuci\u00f3n de c\u00f3digo arbitrario." "value": "zlog 1.2.16 tiene un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la estructura zlog_rule_s mientras crea una nueva regla que ya est\u00e1 definida en el archivo de configuraci\u00f3n proporcionado. Un usuario normal puede lograr la ejecuci\u00f3n de c\u00f3digo arbitrario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/HardySimpson/zlog/", "url": "https://github.com/HardySimpson/zlog/",

39
CVE-2024/CVE-2024-230xx/CVE-2024-23052.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23052", "id": "CVE-2024-23052",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:44:07.820", "published": "2024-02-29T01:44:07.820",
"lastModified": "2024-02-29T13:49:29.390", "lastModified": "2024-08-27T20:35:10.667",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n parseObject() en el componente fastjson." "value": "Un problema en WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n parseObject() en el componente fastjson."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md#1remote-code-execution-vulnerability", "url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md#1remote-code-execution-vulnerability",

39
CVE-2024/CVE-2024-232xx/CVE-2024-23285.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23285", "id": "CVE-2024-23285",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:49.930", "published": "2024-03-08T02:15:49.930",
"lastModified": "2024-03-13T21:15:58.280", "lastModified": "2024-08-27T21:35:09.383",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Este problema se solucion\u00f3 mejorando el manejo de los enlaces simb\u00f3licos. Este problema se solucion\u00f3 en macOS Sonoma 14.4. Es posible que una aplicaci\u00f3n pueda crear enlaces simb\u00f3licos a regiones protegidas del disco." "value": "Este problema se solucion\u00f3 mejorando el manejo de los enlaces simb\u00f3licos. Este problema se solucion\u00f3 en macOS Sonoma 14.4. Es posible que una aplicaci\u00f3n pueda crear enlaces simb\u00f3licos a regiones protegidas del disco."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-61"
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "url": "http://seclists.org/fulldisclosure/2024/Mar/21",

39
CVE-2024/CVE-2024-237xx/CVE-2024-23727.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23727", "id": "CVE-2024-23727",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T21:16:01.413", "published": "2024-03-28T21:16:01.413",
"lastModified": "2024-03-29T12:45:02.937", "lastModified": "2024-08-27T20:35:12.230",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "La aplicaci\u00f3n YI Smart Kami Vision com.kamivision.yismart hasta 1.0.0_20231219 para Android permite a un atacante remoto ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s de una intenci\u00f3n impl\u00edcita en el componente com.ants360.yicamera.activity.WebViewActivity." "value": "La aplicaci\u00f3n YI Smart Kami Vision com.kamivision.yismart hasta 1.0.0_20231219 para Android permite a un atacante remoto ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s de una intenci\u00f3n impl\u00edcita en el componente com.ants360.yicamera.activity.WebViewActivity."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/actuator/yi/blob/main/com.kamivision.yismart.V1.0.0_20231219.md", "url": "https://github.com/actuator/yi/blob/main/com.kamivision.yismart.V1.0.0_20231219.md",

14
CVE-2024/CVE-2024-240xx/CVE-2024-24042.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24042", "id": "CVE-2024-24042",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-19T07:15:09.097", "published": "2024-03-19T07:15:09.097",
"lastModified": "2024-03-19T13:26:46.000", "lastModified": "2024-08-27T21:35:10.387",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -39,6 +39,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed", "url": "https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed",

39
CVE-2024/CVE-2024-242xx/CVE-2024-24278.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24278", "id": "CVE-2024-24278",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:07.633", "published": "2024-03-05T23:15:07.633",
"lastModified": "2024-03-06T15:18:08.093", "lastModified": "2024-08-27T21:35:11.103",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en el cliente de escritorio Teamwire Windows v.2.0.1 a v.2.4.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipula para la funci\u00f3n de mensaje." "value": "Un problema en el cliente de escritorio Teamwire Windows v.2.0.1 a v.2.4.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipula para la funci\u00f3n de mensaje."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/", "url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/",

39
CVE-2024/CVE-2024-252xx/CVE-2024-25250.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25250", "id": "CVE-2024-25250",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-13T21:15:58.943", "published": "2024-03-13T21:15:58.943",
"lastModified": "2024-03-14T12:52:16.723", "lastModified": "2024-08-27T20:35:13.350",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en code-projects Agro-School Management System 1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de la p\u00e1gina de inicio de sesi\u00f3n." "value": "Vulnerabilidad de inyecci\u00f3n SQL en code-projects Agro-School Management System 1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de la p\u00e1gina de inicio de sesi\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/ASR511-OO7/CVE-2024-25250./blob/main/CVE-38", "url": "https://github.com/ASR511-OO7/CVE-2024-25250./blob/main/CVE-38",

39
CVE-2024/CVE-2024-253xx/CVE-2024-25398.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25398", "id": "CVE-2024-25398",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T16:15:46.427", "published": "2024-02-27T16:15:46.427",
"lastModified": "2024-02-28T14:07:00.563", "lastModified": "2024-08-27T21:35:12.350",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En Srelay (el proxy y retransmisi\u00f3n SOCKS) v.0.4.8p3, un payload de red especialmente manipulado puede desencadenar una condici\u00f3n de denegaci\u00f3n de servicio e interrumpir el servicio. " "value": "En Srelay (el proxy y retransmisi\u00f3n SOCKS) v.0.4.8p3, un payload de red especialmente manipulado puede desencadenar una condici\u00f3n de denegaci\u00f3n de servicio e interrumpir el servicio. "
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Nivedita-22/SRELAY-exploit-writeup/blob/main/Srelay.md", "url": "https://github.com/Nivedita-22/SRELAY-exploit-writeup/blob/main/Srelay.md",

27
CVE-2024/CVE-2024-255xx/CVE-2024-25501.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25501", "id": "CVE-2024-25501",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-09T08:15:05.973", "published": "2024-03-09T08:15:05.973",
"lastModified": "2024-03-11T01:32:29.610", "lastModified": "2024-08-27T20:35:14.160",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "Un problema con WinMail v.7.1 y v.5.1 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro de correo electr\u00f3nico." "value": "Un problema con WinMail v.7.1 y v.5.1 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el par\u00e1metro de correo electr\u00f3nico."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [ "references": [
{ {
"url": "https://gist.github.com/Drun1baby/8270239bed2952dbd99cc8d4262728e8", "url": "https://gist.github.com/Drun1baby/8270239bed2952dbd99cc8d4262728e8",

39
CVE-2024/CVE-2024-258xx/CVE-2024-25845.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25845", "id": "CVE-2024-25845",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-08T02:15:50.477", "published": "2024-03-08T02:15:50.477",
"lastModified": "2024-03-08T14:02:57.420", "lastModified": "2024-08-27T20:35:14.373",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En el m\u00f3dulo \"CD Custom Fields 4 Orders\" (cdcustomfields4orders) <= 1.0.0 de Cleanpresta.com para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas." "value": "En el m\u00f3dulo \"CD Custom Fields 4 Orders\" (cdcustomfields4orders) <= 1.0.0 de Cleanpresta.com para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://security.friendsofpresta.org/modules/2024/03/05/cdcustomfields4orders.html", "url": "https://security.friendsofpresta.org/modules/2024/03/05/cdcustomfields4orders.html",

39
CVE-2024/CVE-2024-258xx/CVE-2024-25868.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25868", "id": "CVE-2024-25868",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T22:15:26.657", "published": "2024-02-28T22:15:26.657",
"lastModified": "2024-02-29T13:49:47.277", "lastModified": "2024-08-27T20:35:15.173",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en CodeAstro Membership Management System en PHP v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro memberType en el componente add_type.php." "value": "Una vulnerabilidad de Cross Site Scripting (XSS) en CodeAstro Membership Management System en PHP v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro memberType en el componente add_type.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-Stored_XSS_Add_Type.md", "url": "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-Stored_XSS_Add_Type.md",

39
CVE-2024/CVE-2024-259xx/CVE-2024-25986.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25986", "id": "CVE-2024-25986",
"sourceIdentifier": "dsap-vuln-management@google.com", "sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-03-11T19:15:47.560", "published": "2024-03-11T19:15:47.560",
"lastModified": "2024-03-12T12:40:13.500", "lastModified": "2024-08-27T21:35:13.333",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En ppmp_unprotect_buf de drm_fw.c, existe un posible compromiso de la memoria protegida debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda llevar a una escalada local de privilegios a TEE sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." "value": "En ppmp_unprotect_buf de drm_fw.c, existe un posible compromiso de la memoria protegida debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda llevar a una escalada local de privilegios a TEE sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2024-03-01", "url": "https://source.android.com/security/bulletin/pixel/2024-03-01",

39
CVE-2024/CVE-2024-263xx/CVE-2024-26333.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26333", "id": "CVE-2024-26333",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T08:15:39.500", "published": "2024-03-05T08:15:39.500",
"lastModified": "2024-03-05T13:41:01.900", "lastModified": "2024-08-27T20:35:16.533",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que swftools v0.9.2 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n free_lines en swftools/lib/modules/swfshape.c." "value": "Se descubri\u00f3 que swftools v0.9.2 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n free_lines en swftools/lib/modules/swfshape.c."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/matthiaskramm/swftools/issues/219", "url": "https://github.com/matthiaskramm/swftools/issues/219",

39
CVE-2024/CVE-2024-264xx/CVE-2024-26471.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26471", "id": "CVE-2024-26471",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:44:18.963", "published": "2024-02-29T01:44:18.963",
"lastModified": "2024-02-29T13:49:29.390", "lastModified": "2024-08-27T20:35:17.533",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad reflejada de Cross-Site Scripting (XSS) en zhimengzhe iBarn v1.5 permite a los atacantes inyectar JavaScript malicioso en el navegador web de una v\u00edctima a trav\u00e9s del par\u00e1metro de b\u00fasqueda en offer.php." "value": "Una vulnerabilidad reflejada de Cross-Site Scripting (XSS) en zhimengzhe iBarn v1.5 permite a los atacantes inyectar JavaScript malicioso en el navegador web de una v\u00edctima a trav\u00e9s del par\u00e1metro de b\u00fasqueda en offer.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26471", "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26471",

39
CVE-2024/CVE-2024-265xx/CVE-2024-26521.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26521", "id": "CVE-2024-26521",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T05:15:47.653", "published": "2024-03-12T05:15:47.653",
"lastModified": "2024-03-12T12:40:13.500", "lastModified": "2024-08-27T21:35:14.300",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n HTML en CE Phoenix v1.0.8.20 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado para el componente english.php." "value": "Vulnerabilidad de inyecci\u00f3n HTML en CE Phoenix v1.0.8.20 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado para el componente english.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/capture0x/Phoenix", "url": "https://github.com/capture0x/Phoenix",

39
CVE-2024/CVE-2024-272xx/CVE-2024-27206.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27206", "id": "CVE-2024-27206",
"sourceIdentifier": "dsap-vuln-management@google.com", "sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-03-11T19:15:48.020", "published": "2024-03-11T19:15:48.020",
"lastModified": "2024-03-15T20:15:08.743", "lastModified": "2024-08-27T21:35:15.267",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En tbd de tbd, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." "value": "En tbd de tbd, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2024-03-01", "url": "https://source.android.com/security/bulletin/pixel/2024-03-01",

39
CVE-2024/CVE-2024-272xx/CVE-2024-27221.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27221", "id": "CVE-2024-27221",
"sourceIdentifier": "dsap-vuln-management@google.com", "sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-03-11T19:15:48.513", "published": "2024-03-11T19:15:48.513",
"lastModified": "2024-03-15T20:15:09.050", "lastModified": "2024-08-27T21:35:16.047",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En update_policy_data de TBD, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." "value": "En update_policy_data de TBD, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2024-03-01", "url": "https://source.android.com/security/bulletin/pixel/2024-03-01",

39
CVE-2024/CVE-2024-275xx/CVE-2024-27561.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27561", "id": "CVE-2024-27561",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T17:15:06.887", "published": "2024-03-05T17:15:06.887",
"lastModified": "2024-03-05T18:50:18.333", "lastModified": "2024-08-27T20:35:18.613",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Server-Side Request Forgery (SSRF) en la funci\u00f3n installUpdateThemePluginAction de WonderCMS v3.1.3 permite a los atacantes forzar a la aplicaci\u00f3n a realizar solicitudes arbitrarias mediante la inyecci\u00f3n de URL manipuladas en el par\u00e1metro installThemePlugin." "value": "Server-Side Request Forgery (SSRF) en la funci\u00f3n installUpdateThemePluginAction de WonderCMS v3.1.3 permite a los atacantes forzar a la aplicaci\u00f3n a realizar solicitudes arbitrarias mediante la inyecci\u00f3n de URL manipuladas en el par\u00e1metro installThemePlugin."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md", "url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md",

39
CVE-2024/CVE-2024-277xx/CVE-2024-27718.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27718", "id": "CVE-2024-27718",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T00:15:52.507", "published": "2024-03-05T00:15:52.507",
"lastModified": "2024-03-05T13:41:01.900", "lastModified": "2024-08-27T20:35:19.607",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Baizhuo Network Smart s200 Management Platform v.S200 permite a un atacante local obtener informaci\u00f3n confidencial y escalar privilegios a trav\u00e9s del componente /importexport.php." "value": "Vulnerabilidad de inyecci\u00f3n SQL en Baizhuo Network Smart s200 Management Platform v.S200 permite a un atacante local obtener informaci\u00f3n confidencial y escalar privilegios a trav\u00e9s del componente /importexport.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/tldjgggg/cve/blob/main/sql.md", "url": "https://github.com/tldjgggg/cve/blob/main/sql.md",

39
CVE-2024/CVE-2024-277xx/CVE-2024-27757.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27757", "id": "CVE-2024-27757",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-18T04:15:09.667", "published": "2024-03-18T04:15:09.667",
"lastModified": "2024-03-18T12:38:25.490", "lastModified": "2024-08-27T21:35:16.843",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Flusity CMS hasta 2.45 permite herramientas/addons_model.php Nombre de galer\u00eda XSS. El reportero indica que este producto \u201cces\u00f3 su desarrollo a partir de febrero de 2024\u201d." "value": "Flusity CMS hasta 2.45 permite herramientas/addons_model.php Nombre de galer\u00eda XSS. El reportero indica que este producto \u201cces\u00f3 su desarrollo a partir de febrero de 2024\u201d."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/jubilianite/flusity-CMS/security/advisories/GHSA-5843-5m74-7fqh", "url": "https://github.com/jubilianite/flusity-CMS/security/advisories/GHSA-5843-5m74-7fqh",

27
CVE-2024/CVE-2024-280xx/CVE-2024-28012.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28012", "id": "CVE-2024-28012",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com", "sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2024-03-28T01:15:47.620", "published": "2024-03-28T01:15:47.620",
"lastModified": "2024-04-02T06:15:15.263", "lastModified": "2024-08-27T20:35:21.220",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "Vulnerabilidad de autenticaci\u00f3n incorrecta en NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF8 00HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP , WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR41 00N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S , WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN y MR02LN, todas las versiones permiten a un atacante ejecutar un comando arbitrario con privilegios de root a trav\u00e9s de Internet." "value": "Vulnerabilidad de autenticaci\u00f3n incorrecta en NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF8 00HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP , WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR41 00N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S , WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN y MR02LN, todas las versiones permiten a un atacante ejecutar un comando arbitrario con privilegios de root a trav\u00e9s de Internet."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "psirt-info@cyber.jp.nec.com", "source": "psirt-info@cyber.jp.nec.com",

39
CVE-2024/CVE-2024-281xx/CVE-2024-28159.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28159", "id": "CVE-2024-28159",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.987", "published": "2024-03-06T17:15:10.987",
"lastModified": "2024-05-01T18:15:17.100", "lastModified": "2024-08-27T20:35:21.767",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Una verificaci\u00f3n de permiso faltante en el complemento Jenkins Subversion Partial Release Manager 1.0.1 y versiones anteriores permite a atacantes con permiso de elemento/lectura activar una compilaci\u00f3n." "value": "Una verificaci\u00f3n de permiso faltante en el complemento Jenkins Subversion Partial Release Manager 1.0.1 y versiones anteriores permite a atacantes con permiso de elemento/lectura activar una compilaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3", "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3",

39
CVE-2024/CVE-2024-282xx/CVE-2024-28287.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28287", "id": "CVE-2024-28287",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T17:15:46.550", "published": "2024-04-02T17:15:46.550",
"lastModified": "2024-04-02T18:12:16.283", "lastModified": "2024-08-27T20:35:23.683",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Una redirecci\u00f3n abierta basada en DOM en el par\u00e1metro returnUrl de INSTINCT UI Web Client 6.5.0 permite a los atacantes redirigir a los usuarios a sitios maliciosos a trav\u00e9s de una URL manipulada." "value": "Una redirecci\u00f3n abierta basada en DOM en el par\u00e1metro returnUrl de INSTINCT UI Web Client 6.5.0 permite a los atacantes redirigir a los usuarios a sitios maliciosos a trav\u00e9s de una URL manipulada."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://medium.com/%40rajput.thakur/dom-based-malicious-redirection-cve-2024-28287-304ac8e7f992", "url": "https://medium.com/%40rajput.thakur/dom-based-malicious-redirection-cve-2024-28287-304ac8e7f992",

39
CVE-2024/CVE-2024-283xx/CVE-2024-28353.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28353", "id": "CVE-2024-28353",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-15T08:15:06.393", "published": "2024-03-15T08:15:06.393",
"lastModified": "2024-03-15T12:53:06.423", "lastModified": "2024-08-27T20:35:25.153",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el router TRENDnet TEW-827DRU con la versi\u00f3n de firmware 2.10B01. Un atacante puede inyectar comandos en los par\u00e1metros de solicitud posterior usapps.config.smb_admin_name en la interfaz apply.cgi, obteniendo as\u00ed privilegios de root en el shell." "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el router TRENDnet TEW-827DRU con la versi\u00f3n de firmware 2.10B01. Un atacante puede inyectar comandos en los par\u00e1metros de solicitud posterior usapps.config.smb_admin_name en la interfaz apply.cgi, obteniendo as\u00ed privilegios de root en el shell."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791", "url": "https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791",

39
CVE-2024/CVE-2024-283xx/CVE-2024-28392.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28392", "id": "CVE-2024-28392",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-20T14:15:08.523", "published": "2024-03-20T14:15:08.523",
"lastModified": "2024-03-20T17:18:26.603", "lastModified": "2024-08-27T21:35:17.627",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -11,7 +11,42 @@
"value": "SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method." "value": "SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://addons.prestashop.com/en/remarketing-shopping-cart-abandonment/16535-abandoned-cart-reminder-pro.html", "url": "https://addons.prestashop.com/en/remarketing-shopping-cart-abandonment/16535-abandoned-cart-reminder-pro.html",

39
CVE-2024/CVE-2024-283xx/CVE-2024-28393.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28393", "id": "CVE-2024-28393",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-25T14:15:09.663", "published": "2024-03-25T14:15:09.663",
"lastModified": "2024-03-25T16:43:06.137", "lastModified": "2024-08-27T20:35:26.183",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Scalapay v.1.2.41 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del m\u00e9todo ScalapayReturnModuleFrontController::postProcess()." "value": "Vulnerabilidad de inyecci\u00f3n SQL en Scalapay v.1.2.41 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s del m\u00e9todo ScalapayReturnModuleFrontController::postProcess()."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://addons.prestashop.com/fr/paiement-en-plusieurs-fois/87023-scalapay-payez-en-3-fois-sans-frais.html", "url": "https://addons.prestashop.com/fr/paiement-en-plusieurs-fois/87023-scalapay-payez-en-3-fois-sans-frais.html",

39
CVE-2024/CVE-2024-284xx/CVE-2024-28423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28423", "id": "CVE-2024-28423",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-14T19:15:50.877", "published": "2024-03-14T19:15:50.877",
"lastModified": "2024-03-14T20:11:36.180", "lastModified": "2024-08-27T21:35:18.580",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Airflow-Diagrams v2.1.0 conten\u00eda una vulnerabilidad de carga de archivos arbitraria en la funci\u00f3n unsafe_load en cli.py. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo YML manipulado." "value": "Se descubri\u00f3 que Airflow-Diagrams v2.1.0 conten\u00eda una vulnerabilidad de carga de archivos arbitraria en la funci\u00f3n unsafe_load en cli.py. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo YML manipulado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/bayuncao/vul-cve-15", "url": "https://github.com/bayuncao/vul-cve-15",

39
CVE-2024/CVE-2024-287xx/CVE-2024-28713.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28713", "id": "CVE-2024-28713",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T19:15:48.630", "published": "2024-03-28T19:15:48.630",
"lastModified": "2024-03-28T20:53:20.813", "lastModified": "2024-08-27T20:35:27.150",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en Mblog Blog system v.3.5.0 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado en la funci\u00f3n de administraci\u00f3n de temas." "value": "Un problema en Mblog Blog system v.3.5.0 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado en la funci\u00f3n de administraci\u00f3n de temas."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [ "references": [
{ {
"url": "http://mblog.com", "url": "http://mblog.com",

39
CVE-2024/CVE-2024-290xx/CVE-2024-29009.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29009", "id": "CVE-2024-29009",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-25T05:15:50.913", "published": "2024-03-25T05:15:50.913",
"lastModified": "2024-08-02T01:15:54.740", "lastModified": "2024-08-27T21:35:19.367",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [ "cveTags": [
{ {
@ -22,7 +22,42 @@
"value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en easy-popup-show todas las versiones permite a un atacante remoto no autenticado secuestrar la autenticaci\u00f3n del administrador y realizar operaciones no deseadas si el administrador ve una p\u00e1gina maliciosa mientras est\u00e1 conectado." "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en easy-popup-show todas las versiones permite a un atacante remoto no autenticado secuestrar la autenticaci\u00f3n del administrador y realizar operaciones no deseadas si el administrador ve una p\u00e1gina maliciosa mientras est\u00e1 conectado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://jvn.jp/en/jp/JVN86206017/", "url": "https://jvn.jp/en/jp/JVN86206017/",

39
CVE-2024/CVE-2024-292xx/CVE-2024-29273.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29273", "id": "CVE-2024-29273",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-22T04:15:11.857", "published": "2024-03-22T04:15:11.857",
"lastModified": "2024-03-22T12:45:36.130", "lastModified": "2024-08-27T21:35:20.250",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Hay cross-site scripting almacenadas (XSS) en dzzoffice 2.02.1 SC UTF8 en el archivo de carga en index.php, con el payload XSS en un documento SVG." "value": "Hay cross-site scripting almacenadas (XSS) en dzzoffice 2.02.1 SC UTF8 en el archivo de carga en index.php, con el payload XSS en un documento SVG."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/zyx0814/dzzoffice/issues/244", "url": "https://github.com/zyx0814/dzzoffice/issues/244",

39
CVE-2024/CVE-2024-294xx/CVE-2024-29413.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29413", "id": "CVE-2024-29413",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T22:15:07.237", "published": "2024-04-03T22:15:07.237",
"lastModified": "2024-04-04T12:48:41.700", "lastModified": "2024-08-27T20:35:28.013",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de Cross Site Scripting en Webasyst v.2.9.9 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del campo de mensajer\u00eda instant\u00e1nea en la funci\u00f3n de informaci\u00f3n de contacto." "value": "La vulnerabilidad de Cross Site Scripting en Webasyst v.2.9.9 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del campo de mensajer\u00eda instant\u00e1nea en la funci\u00f3n de informaci\u00f3n de contacto."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2024-29413", "url": "https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2024-29413",

39
CVE-2024/CVE-2024-295xx/CVE-2024-29504.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29504", "id": "CVE-2024-29504",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-10T22:15:07.287", "published": "2024-04-10T22:15:07.287",
"lastModified": "2024-04-11T12:47:44.137", "lastModified": "2024-08-27T20:35:28.797",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de Cross Site Scripting en Summernote v.0.8.18 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro codeview." "value": "Vulnerabilidad de Cross Site Scripting en Summernote v.0.8.18 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro codeview."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/phoenix118go/a9192281efcfa518daa709ab7638712b", "url": "https://gist.github.com/phoenix118go/a9192281efcfa518daa709ab7638712b",

39
CVE-2024/CVE-2024-305xx/CVE-2024-30587.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30587", "id": "CVE-2024-30587",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T14:15:15.183", "published": "2024-03-28T14:15:15.183",
"lastModified": "2024-03-28T16:07:30.893", "lastModified": "2024-08-27T20:35:30.073",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1202 v1.2.0.14(408) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro URL de la funci\u00f3n saveParentControlInfo." "value": "Tenda FH1202 v1.2.0.14(408) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro URL de la funci\u00f3n saveParentControlInfo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_urls.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_urls.md",

39
CVE-2024/CVE-2024-305xx/CVE-2024-30596.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30596", "id": "CVE-2024-30596",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T13:15:48.063", "published": "2024-03-28T13:15:48.063",
"lastModified": "2024-03-28T16:07:30.893", "lastModified": "2024-08-27T21:35:21.827",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1202 v1.2.0.14(408) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro deviceId de la funci\u00f3n formSetDeviceName." "value": "Tenda FH1202 v1.2.0.14(408) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro deviceId de la funci\u00f3n formSetDeviceName."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetDeviceName_deviceId.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetDeviceName_deviceId.md",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30604.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30604", "id": "CVE-2024-30604",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T15:15:46.850", "published": "2024-03-28T15:15:46.850",
"lastModified": "2024-03-28T16:07:30.893", "lastModified": "2024-08-27T20:35:30.857",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1203 v2.0.1.6 tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro list1 de la funci\u00f3n fromDhcpListClient." "value": "Tenda FH1203 v2.0.1.6 tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro list1 de la funci\u00f3n fromDhcpListClient."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md",

43
CVE-2024/CVE-2024-338xx/CVE-2024-33854.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-33854", "id": "CVE-2024-33854",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T17:15:06.690", "published": "2024-08-23T17:15:06.690",
"lastModified": "2024-08-23T18:46:51.787", "lastModified": "2024-08-27T20:35:31.627",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23." "value": "A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en el componente Graph Template en Centreon Web 24.04.x anterior a 24.04.3, 23.10.x anterior a 23.10.13, 23.04.x anterior a 23.04.19 y 22.10.x anterior a 22.10.23."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/centreon/centreon/releases", "url": "https://github.com/centreon/centreon/releases",

39
CVE-2024/CVE-2024-365xx/CVE-2024-36534.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36534", "id": "CVE-2024-36534",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-07-24T20:15:03.967", "published": "2024-07-24T20:15:03.967",
"lastModified": "2024-07-25T12:36:39.947", "lastModified": "2024-08-27T20:35:32.427",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Los permisos inseguros en hwameistor v0.14.3 permiten a los atacantes acceder a datos confidenciales y escalar privilegios obteniendo el token de la cuenta de servicio." "value": "Los permisos inseguros en hwameistor v0.14.3 permiten a los atacantes acceder a datos confidenciales y escalar privilegios obteniendo el token de la cuenta de servicio."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/HouqiyuA/0de688e6b874e480ddc1154350368450", "url": "https://gist.github.com/HouqiyuA/0de688e6b874e480ddc1154350368450",

106
CVE-2024/CVE-2024-385xx/CVE-2024-38545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38545", "id": "CVE-2024-38545",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:14.787", "published": "2024-06-19T14:15:14.787",
"lastModified": "2024-06-20T12:44:01.637", "lastModified": "2024-08-27T20:03:02.983",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/hns: corrige UAF para el evento cq async El recuento de CQ no est\u00e1 protegido por bloqueos. Cuando los eventos asincr\u00f3nicos de CQ y la destrucci\u00f3n de CQ son simult\u00e1neos, es posible que se haya liberado CQ, lo que provocar\u00e1 UAF. Utilice xa_lock() para proteger el recuento de CQ." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/hns: corrige UAF para el evento cq async El recuento de CQ no est\u00e1 protegido por bloqueos. Cuando los eventos asincr\u00f3nicos de CQ y la destrucci\u00f3n de CQ son simult\u00e1neos, es posible que se haya liberado CQ, lo que provocar\u00e1 UAF. Utilice xa_lock() para proteger el recuento de CQ."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "558DCAFD-41BB-42C2-AC56-6875391DF830"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/37a7559dc1358a8d300437e99ed8ecdab0671507", "url": "https://git.kernel.org/stable/c/37a7559dc1358a8d300437e99ed8ecdab0671507",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/39d26cf46306bdc7ae809ecfdbfeff5aa1098911", "url": "https://git.kernel.org/stable/c/39d26cf46306bdc7ae809ecfdbfeff5aa1098911",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/63da190eeb5c9d849b71f457b15b308c94cbaf08", "url": "https://git.kernel.org/stable/c/63da190eeb5c9d849b71f457b15b308c94cbaf08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/763780ef0336a973e933e40e919339381732dcaf", "url": "https://git.kernel.org/stable/c/763780ef0336a973e933e40e919339381732dcaf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/a942ec2745ca864cd8512142100e4027dc306a42", "url": "https://git.kernel.org/stable/c/a942ec2745ca864cd8512142100e4027dc306a42",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

130
CVE-2024/CVE-2024-385xx/CVE-2024-38546.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38546", "id": "CVE-2024-38546",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:14.877", "published": "2024-06-19T14:15:14.877",
"lastModified": "2024-06-20T12:44:01.637", "lastModified": "2024-08-27T20:03:18.263",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: vc4: corrige posible desreferencia del puntero nulo En vc4_hdmi_audio_init() of_get_address() puede devolver NULL, que luego se desreferencia. Corrija este error agregando una verificaci\u00f3n NULL. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: vc4: corrige posible desreferencia del puntero nulo En vc4_hdmi_audio_init() of_get_address() puede devolver NULL, que luego se desreferencia. Corrija este error agregando una verificaci\u00f3n NULL. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.12",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "58594503-2699-4CEB-8D05-6DFB3484E37A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/2a345fe928c21de6f3c3c7230ff509d715153a31", "url": "https://git.kernel.org/stable/c/2a345fe928c21de6f3c3c7230ff509d715153a31",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/2d9adecc88ab678785b581ab021f039372c324cb", "url": "https://git.kernel.org/stable/c/2d9adecc88ab678785b581ab021f039372c324cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/42c22b63056cea259d5313bf138a834840af85a5", "url": "https://git.kernel.org/stable/c/42c22b63056cea259d5313bf138a834840af85a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/6cf1874aec42058a5ad621a23b5b2f248def0e96", "url": "https://git.kernel.org/stable/c/6cf1874aec42058a5ad621a23b5b2f248def0e96",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/80431ea3634efb47a3004305d76486db9dd8ed49", "url": "https://git.kernel.org/stable/c/80431ea3634efb47a3004305d76486db9dd8ed49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/bd7827d46d403f8cdb43d16744cb1114e4726b21", "url": "https://git.kernel.org/stable/c/bd7827d46d403f8cdb43d16744cb1114e4726b21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://git.kernel.org/stable/c/c534b63bede6cb987c2946ed4d0b0013a52c5ba7", "url": "https://git.kernel.org/stable/c/c534b63bede6cb987c2946ed4d0b0013a52c5ba7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

43
CVE-2024/CVE-2024-427xx/CVE-2024-42789.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-42789", "id": "CVE-2024-42789",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-26T15:15:08.543", "published": "2024-08-26T15:15:08.543",
"lastModified": "2024-08-26T15:15:23.727", "lastModified": "2024-08-27T20:35:34.673",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in \"/music/controller.php?page=test\" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the \"page\" parameter." "value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in \"/music/controller.php?page=test\" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the \"page\" parameter."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) Reflejado en \"/music/controller.php?page=test\" en Kashipara Music Management System v1.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro \"p\u00e1gina\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Reflected%20XSS%20-%20Controller.pdf", "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Reflected%20XSS%20-%20Controller.pdf",

56
CVE-2024/CVE-2024-450xx/CVE-2024-45038.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45038",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-27T21:15:07.380",
"lastModified": "2024-08-27T21:15:07.380",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic device firmware is subject to a denial of serivce vulnerability in MQTT handling, fixed in version 2.4.1 of the Meshtastic firmware and on the Meshtastic public MQTT Broker. It's strongly suggested that all users of Meshtastic, particularly those that connect to a privately hosted MQTT server, update to this or a more recent stable version right away. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://github.com/meshtastic/firmware/security/advisories/GHSA-3x3r-vw9f-pxq5",
"source": "security-advisories@github.com"
}
]
}

68
CVE-2024/CVE-2024-450xx/CVE-2024-45049.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-45049",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-27T21:15:07.603",
"lastModified": "2024-08-27T21:15:07.603",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5 to any Hydra package. Users are advised to upgrade. Users unable to upgrade should deny the `/api/push` route in a reverse proxy. This also breaks the \"Evaluate jobset\" button in the frontend."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/NixOS/hydra/security/advisories/GHSA-xv29-v93r-2f5v",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/337766",
"source": "security-advisories@github.com"
},
{
"url": "https://mastodon.delroth.net/@delroth/113029832631860419",
"source": "security-advisories@github.com"
}
]
}

14
CVE-2024/CVE-2024-58xx/CVE-2024-5814.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-5814", "id": "CVE-2024-5814",
"sourceIdentifier": "facts@wolfssl.com", "sourceIdentifier": "facts@wolfssl.com",
"published": "2024-08-27T19:15:17.980", "published": "2024-08-27T19:15:17.980",
"lastModified": "2024-08-27T19:15:17.980", "lastModified": "2024-08-27T20:35:37.640",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -57,6 +57,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later", "url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later",

152
CVE-2024/CVE-2024-82xx/CVE-2024-8212.json Normal file
View File

@ -0,0 +1,152 @@
{
"id": "CVE-2024-8212",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T20:15:09.110",
"lastModified": "2024-08-27T20:15:09.110",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_R12R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_2nd_DiskMGR.md",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275921",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275921",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.397276",
"source": "cna@vuldb.com"
},
{
"url": "https://www.dlink.com/",
"source": "cna@vuldb.com"
}
]
}

152
CVE-2024/CVE-2024-82xx/CVE-2024-8213.json Normal file
View File

@ -0,0 +1,152 @@
{
"id": "CVE-2024-8213",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T20:15:09.423",
"lastModified": "2024-08-27T20:15:09.423",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_FMT_R12R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_1st_DiskMGR.md",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275922",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275922",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.397277",
"source": "cna@vuldb.com"
},
{
"url": "https://www.dlink.com/",
"source": "cna@vuldb.com"
}
]
}

152
CVE-2024/CVE-2024-82xx/CVE-2024-8214.json Normal file
View File

@ -0,0 +1,152 @@
{
"id": "CVE-2024-8214",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T20:15:09.703",
"lastModified": "2024-08-27T20:15:09.703",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected by this vulnerability is the function cgi_FMT_Std2R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_2nd_DiskMGR.md",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275923",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275923",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.397278",
"source": "cna@vuldb.com"
},
{
"url": "https://www.dlink.com/",
"source": "cna@vuldb.com"
}
]
}

133
CVE-2024/CVE-2024-82xx/CVE-2024-8216.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2024-8216",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T21:15:07.830",
"lastModified": "2024-08-27T21:15:07.830",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt_no leads to improper access controls. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.275924",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275924",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.393532",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-82xx/CVE-2024-8217.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-8217",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T21:15:08.093",
"lastModified": "2024-08-27T21:15:08.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Online-Art-Gallary-Management-System-onlinadvisory-sqli.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275926",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275926",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.398157",
"source": "cna@vuldb.com"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-82xx/CVE-2024-8218.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-8218",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T21:15:08.350",
"lastModified": "2024-08-27T21:15:08.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Online Quiz Site 1.0 and classified as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument loginid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/t4rrega/cve/issues/7",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275927",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275927",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.398204",
"source": "cna@vuldb.com"
}
]
}

84
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-08-27T20:00:17.835238+00:00 2024-08-27T22:00:17.482108+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-08-27T19:57:48.560000+00:00 2024-08-27T21:35:21.827000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,60 +33,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
261319 261327
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `16` Recently added CVEs: `8`
- [CVE-2022-39996](CVE-2022/CVE-2022-399xx/CVE-2022-39996.json) (`2024-08-27T18:15:13.197`) - [CVE-2024-45038](CVE-2024/CVE-2024-450xx/CVE-2024-45038.json) (`2024-08-27T21:15:07.380`)
- [CVE-2022-39997](CVE-2022/CVE-2022-399xx/CVE-2022-39997.json) (`2024-08-27T19:15:15.953`) - [CVE-2024-45049](CVE-2024/CVE-2024-450xx/CVE-2024-45049.json) (`2024-08-27T21:15:07.603`)
- [CVE-2024-1544](CVE-2024/CVE-2024-15xx/CVE-2024-1544.json) (`2024-08-27T19:15:16.547`) - [CVE-2024-8212](CVE-2024/CVE-2024-82xx/CVE-2024-8212.json) (`2024-08-27T20:15:09.110`)
- [CVE-2024-36068](CVE-2024/CVE-2024-360xx/CVE-2024-36068.json) (`2024-08-27T18:15:14.427`) - [CVE-2024-8213](CVE-2024/CVE-2024-82xx/CVE-2024-8213.json) (`2024-08-27T20:15:09.423`)
- [CVE-2024-42851](CVE-2024/CVE-2024-428xx/CVE-2024-42851.json) (`2024-08-27T18:15:14.993`) - [CVE-2024-8214](CVE-2024/CVE-2024-82xx/CVE-2024-8214.json) (`2024-08-27T20:15:09.703`)
- [CVE-2024-43414](CVE-2024/CVE-2024-434xx/CVE-2024-43414.json) (`2024-08-27T18:15:15.083`) - [CVE-2024-8216](CVE-2024/CVE-2024-82xx/CVE-2024-8216.json) (`2024-08-27T21:15:07.830`)
- [CVE-2024-43783](CVE-2024/CVE-2024-437xx/CVE-2024-43783.json) (`2024-08-27T18:15:15.403`) - [CVE-2024-8217](CVE-2024/CVE-2024-82xx/CVE-2024-8217.json) (`2024-08-27T21:15:08.093`)
- [CVE-2024-45037](CVE-2024/CVE-2024-450xx/CVE-2024-45037.json) (`2024-08-27T19:15:17.583`) - [CVE-2024-8218](CVE-2024/CVE-2024-82xx/CVE-2024-8218.json) (`2024-08-27T21:15:08.350`)
- [CVE-2024-5288](CVE-2024/CVE-2024-52xx/CVE-2024-5288.json) (`2024-08-27T19:15:17.797`)
- [CVE-2024-5814](CVE-2024/CVE-2024-58xx/CVE-2024-5814.json) (`2024-08-27T19:15:17.980`)
- [CVE-2024-5991](CVE-2024/CVE-2024-59xx/CVE-2024-5991.json) (`2024-08-27T19:15:18.080`)
- [CVE-2024-7720](CVE-2024/CVE-2024-77xx/CVE-2024-7720.json) (`2024-08-27T18:15:15.840`)
- [CVE-2024-8208](CVE-2024/CVE-2024-82xx/CVE-2024-8208.json) (`2024-08-27T18:15:15.950`)
- [CVE-2024-8209](CVE-2024/CVE-2024-82xx/CVE-2024-8209.json) (`2024-08-27T18:15:16.617`)
- [CVE-2024-8210](CVE-2024/CVE-2024-82xx/CVE-2024-8210.json) (`2024-08-27T19:15:18.250`)
- [CVE-2024-8211](CVE-2024/CVE-2024-82xx/CVE-2024-8211.json) (`2024-08-27T19:15:18.553`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `75` Recently modified CVEs: `56`
- [CVE-2024-3088](CVE-2024/CVE-2024-30xx/CVE-2024-3088.json) (`2024-08-27T18:35:09.493`) - [CVE-2024-27221](CVE-2024/CVE-2024-272xx/CVE-2024-27221.json) (`2024-08-27T21:35:16.047`)
- [CVE-2024-31033](CVE-2024/CVE-2024-310xx/CVE-2024-31033.json) (`2024-08-27T18:35:09.280`) - [CVE-2024-27561](CVE-2024/CVE-2024-275xx/CVE-2024-27561.json) (`2024-08-27T20:35:18.613`)
- [CVE-2024-31498](CVE-2024/CVE-2024-314xx/CVE-2024-31498.json) (`2024-08-27T19:35:26.363`) - [CVE-2024-27718](CVE-2024/CVE-2024-277xx/CVE-2024-27718.json) (`2024-08-27T20:35:19.607`)
- [CVE-2024-38547](CVE-2024/CVE-2024-385xx/CVE-2024-38547.json) (`2024-08-27T19:56:36.727`) - [CVE-2024-27757](CVE-2024/CVE-2024-277xx/CVE-2024-27757.json) (`2024-08-27T21:35:16.843`)
- [CVE-2024-38549](CVE-2024/CVE-2024-385xx/CVE-2024-38549.json) (`2024-08-27T19:57:48.560`) - [CVE-2024-28012](CVE-2024/CVE-2024-280xx/CVE-2024-28012.json) (`2024-08-27T20:35:21.220`)
- [CVE-2024-38551](CVE-2024/CVE-2024-385xx/CVE-2024-38551.json) (`2024-08-27T19:54:39.717`) - [CVE-2024-28159](CVE-2024/CVE-2024-281xx/CVE-2024-28159.json) (`2024-08-27T20:35:21.767`)
- [CVE-2024-38552](CVE-2024/CVE-2024-385xx/CVE-2024-38552.json) (`2024-08-27T19:55:05.303`) - [CVE-2024-28287](CVE-2024/CVE-2024-282xx/CVE-2024-28287.json) (`2024-08-27T20:35:23.683`)
- [CVE-2024-38553](CVE-2024/CVE-2024-385xx/CVE-2024-38553.json) (`2024-08-27T19:45:18.157`) - [CVE-2024-28353](CVE-2024/CVE-2024-283xx/CVE-2024-28353.json) (`2024-08-27T20:35:25.153`)
- [CVE-2024-38554](CVE-2024/CVE-2024-385xx/CVE-2024-38554.json) (`2024-08-27T19:55:32.897`) - [CVE-2024-28392](CVE-2024/CVE-2024-283xx/CVE-2024-28392.json) (`2024-08-27T21:35:17.627`)
- [CVE-2024-38555](CVE-2024/CVE-2024-385xx/CVE-2024-38555.json) (`2024-08-27T19:54:04.720`) - [CVE-2024-28393](CVE-2024/CVE-2024-283xx/CVE-2024-28393.json) (`2024-08-27T20:35:26.183`)
- [CVE-2024-38591](CVE-2024/CVE-2024-385xx/CVE-2024-38591.json) (`2024-08-27T18:36:09.777`) - [CVE-2024-28423](CVE-2024/CVE-2024-284xx/CVE-2024-28423.json) (`2024-08-27T21:35:18.580`)
- [CVE-2024-38597](CVE-2024/CVE-2024-385xx/CVE-2024-38597.json) (`2024-08-27T18:36:47.313`) - [CVE-2024-28713](CVE-2024/CVE-2024-287xx/CVE-2024-28713.json) (`2024-08-27T20:35:27.150`)
- [CVE-2024-38598](CVE-2024/CVE-2024-385xx/CVE-2024-38598.json) (`2024-08-27T18:36:57.630`) - [CVE-2024-29009](CVE-2024/CVE-2024-290xx/CVE-2024-29009.json) (`2024-08-27T21:35:19.367`)
- [CVE-2024-39248](CVE-2024/CVE-2024-392xx/CVE-2024-39248.json) (`2024-08-27T18:32:45.907`) - [CVE-2024-29273](CVE-2024/CVE-2024-292xx/CVE-2024-29273.json) (`2024-08-27T21:35:20.250`)
- [CVE-2024-39427](CVE-2024/CVE-2024-394xx/CVE-2024-39427.json) (`2024-08-27T18:32:28.710`) - [CVE-2024-29413](CVE-2024/CVE-2024-294xx/CVE-2024-29413.json) (`2024-08-27T20:35:28.013`)
- [CVE-2024-40395](CVE-2024/CVE-2024-403xx/CVE-2024-40395.json) (`2024-08-27T18:33:14.247`) - [CVE-2024-29504](CVE-2024/CVE-2024-295xx/CVE-2024-29504.json) (`2024-08-27T20:35:28.797`)
- [CVE-2024-41622](CVE-2024/CVE-2024-416xx/CVE-2024-41622.json) (`2024-08-27T18:35:10.613`) - [CVE-2024-30587](CVE-2024/CVE-2024-305xx/CVE-2024-30587.json) (`2024-08-27T20:35:30.073`)
- [CVE-2024-43788](CVE-2024/CVE-2024-437xx/CVE-2024-43788.json) (`2024-08-27T18:33:14.247`) - [CVE-2024-30596](CVE-2024/CVE-2024-305xx/CVE-2024-30596.json) (`2024-08-27T21:35:21.827`)
- [CVE-2024-44340](CVE-2024/CVE-2024-443xx/CVE-2024-44340.json) (`2024-08-27T18:35:11.777`) - [CVE-2024-30604](CVE-2024/CVE-2024-306xx/CVE-2024-30604.json) (`2024-08-27T20:35:30.857`)
- [CVE-2024-44341](CVE-2024/CVE-2024-443xx/CVE-2024-44341.json) (`2024-08-27T18:35:12.540`) - [CVE-2024-33854](CVE-2024/CVE-2024-338xx/CVE-2024-33854.json) (`2024-08-27T20:35:31.627`)
- [CVE-2024-44342](CVE-2024/CVE-2024-443xx/CVE-2024-44342.json) (`2024-08-27T18:35:13.327`) - [CVE-2024-36534](CVE-2024/CVE-2024-365xx/CVE-2024-36534.json) (`2024-08-27T20:35:32.427`)
- [CVE-2024-45264](CVE-2024/CVE-2024-452xx/CVE-2024-45264.json) (`2024-08-27T18:33:14.247`) - [CVE-2024-38545](CVE-2024/CVE-2024-385xx/CVE-2024-38545.json) (`2024-08-27T20:03:02.983`)
- [CVE-2024-8033](CVE-2024/CVE-2024-80xx/CVE-2024-8033.json) (`2024-08-27T19:39:04.953`) - [CVE-2024-38546](CVE-2024/CVE-2024-385xx/CVE-2024-38546.json) (`2024-08-27T20:03:18.263`)
- [CVE-2024-8199](CVE-2024/CVE-2024-81xx/CVE-2024-8199.json) (`2024-08-27T18:33:14.247`) - [CVE-2024-42789](CVE-2024/CVE-2024-427xx/CVE-2024-42789.json) (`2024-08-27T20:35:34.673`)
- [CVE-2024-8200](CVE-2024/CVE-2024-82xx/CVE-2024-8200.json) (`2024-08-27T18:33:14.247`) - [CVE-2024-5814](CVE-2024/CVE-2024-58xx/CVE-2024-5814.json) (`2024-08-27T20:35:37.640`)
## Download and Usage ## Download and Usage

298
_state.csv
View File

File diff suppressed because it is too large Load Diff