admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-15T15:00:31.902868+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-15 15:03:34 +00:00
parent 95d8eb8325
commit b32216df61
330 changed files with 2688 additions and 1063 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
CVE-2013/CVE-2013-39xx/CVE-2013-3900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2013-3900",
"sourceIdentifier": "secure@microsoft.com",
"published": "2013-12-11T00:55:03.693",
"lastModified": "2024-11-14T21:15:06.097",
"vulnStatus": "Modified",
"lastModified": "2024-11-15T14:34:02.340",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2022-01-10",
"cisaActionDue": "2022-07-10",
@ -22,8 +22,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
@ -75,7 +95,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-347"
}
]
}
@ -89,48 +109,63 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*",
"matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A"
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730"
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*",
"matchCriteriaId": "71E65CB9-6DC2-4A90-8C6A-103BEDC99823"
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1"
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372"
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B570A8-ED1A-46B6-B8AB-064445F8FC4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B9F64296-66BF-4F1D-A11C-0C44C347E2AC"
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD13A6-A390-4400-9029-2F4058CA17E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D7F7DDB-440E-42CD-82F4-B2C13F3CC462"
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FED4C9-B680-4F44-ADC0-AC43D6B5F184"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F513002-D8C1-4D3A-9F79-4B52498F67E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805"
},
{
"vulnerable": true,
@ -147,16 +182,6 @@
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*",
"matchCriteriaId": "9F98AE07-3995-4501-9804-FEA5A87ADFAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "A7371547-290D-4D0D-B98D-CA28B4D2E8B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
@ -191,21 +216,6 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:-:*:x64:*",
"matchCriteriaId": "08627673-D381-4481-BD04-F56599C43105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
"matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9"
}
]
}

8
CVE-2017/CVE-2017-132xx/CVE-2017-13227.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2017-13227",
"sourceIdentifier": "security@android.com",
"published": "2024-11-14T23:15:05.013",
"lastModified": "2024-11-14T23:15:05.013",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the autofill service, the package name that is provided by the app process is trusted inappropriately. \u00a0This could lead to information disclosure with no additional execution privileges needed. \u00a0User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En el servicio de autocompletar, el nombre del paquete que proporciona el proceso de la aplicaci\u00f3n se considera de confianza de forma inapropiada. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-37xx/CVE-2021-3740.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3740",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:04.987",
"lastModified": "2024-11-15T11:15:04.987",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en las versiones de chatwoot/chatwoot anteriores a la 2.4.0. La aplicaci\u00f3n no invalida las sesiones existentes en otros dispositivos cuando un usuario cambia su contrase\u00f1a, lo que permite que las sesiones antiguas persistan. Esto puede provocar un acceso no autorizado si un atacante ha obtenido un token de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2021/CVE-2021-37xx/CVE-2021-3741.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3741",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:05.327",
"lastModified": "2024-11-15T11:15:05.327",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de cross-site scripting (XSS) almacenado en chatwoot/chatwoot, que afecta a todas las versiones anteriores a la 2.6. La vulnerabilidad se produce cuando un usuario carga un archivo SVG que contiene un payload XSS malicioso en la configuraci\u00f3n del perfil. Cuando se abre el avatar en una p\u00e1gina nueva, se ejecuta el c\u00f3digo JavaScript personalizado, lo que genera posibles riesgos de seguridad."
}
],
"metrics": {

8
CVE-2021/CVE-2021-37xx/CVE-2021-3742.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3742",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:05.547",
"lastModified": "2024-11-15T11:15:05.547",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de Server-Side Request Forgery (SSRF) en chatwoot/chatwoot, que afecta a todas las versiones anteriores a la 2.5.0. La vulnerabilidad permite a un atacante cargar un archivo SVG que contiene un payload SSRF malicioso. Cuando el archivo SVG se utiliza como avatar y se abre en una nueva pesta\u00f1a, puede activar la SSRF, lo que puede provocar una redirecci\u00f3n del host."
}
],
"metrics": {

8
CVE-2021/CVE-2021-38xx/CVE-2021-3838.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3838",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:05.763",
"lastModified": "2024-11-15T11:15:05.763",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code."
},
{
"lang": "es",
"value": "DomPDF anterior a la versi\u00f3n 2.0.0 es vulnerable a la deserializaci\u00f3n de PHAR debido a la falta de verificaci\u00f3n del protocolo antes de pasarlo a la funci\u00f3n file_get_contents(). Un atacante que pueda cargar archivos de cualquier tipo al servidor puede pasar el protocolo phar:// para deserializar el archivo cargado y crear instancias de objetos PHP arbitrarios. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo, especialmente cuando DOMPdf se utiliza con marcos con cadenas POP documentadas como Laravel o c\u00f3digo de desarrollador vulnerable."
}
],
"metrics": {

8
CVE-2021/CVE-2021-38xx/CVE-2021-3841.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3841",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:05.980",
"lastModified": "2024-11-15T11:15:05.980",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser."
},
{
"lang": "es",
"value": "Las versiones de sylius/sylius anteriores a 1.9.10, 1.10.11 y 1.11.2 son vulnerables a cross-site scripting (XSS) almacenado a trav\u00e9s de archivos SVG. Esta vulnerabilidad permite a los atacantes inyectar secuencias de comandos maliciosas que pueden ejecutarse en el contexto del navegador del usuario."
}
],
"metrics": {

8
CVE-2021/CVE-2021-39xx/CVE-2021-3902.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3902",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:06.190",
"lastModified": "2024-11-15T11:15:06.190",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks."
},
{
"lang": "es",
"value": "Una vulnerabilidad de restricci\u00f3n indebida de entidades externas (XXE) en el analizador SVG de dompdf/dompdf permite ataques de deserializaci\u00f3n y Server-Side Request Forgery (SSRF). Este problema afecta a todas las versiones anteriores a la 2.0.0. La vulnerabilidad se puede explotar incluso si la opci\u00f3n isRemoteEnabled est\u00e1 configurada como falsa. Permite a los atacantes realizar SSRF, divulgar archivos de im\u00e1genes internos y provocar ataques de deserializaci\u00f3n PHAR."
}
],
"metrics": {

8
CVE-2021/CVE-2021-39xx/CVE-2021-3986.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3986",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:06.400",
"lastModified": "2024-11-15T11:15:06.400",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix."
},
{
"lang": "es",
"value": "Una vulnerabilidad en janeczku/calibre-web permite a usuarios no autorizados ver los nombres de los estantes privados que pertenecen a otros usuarios. Este problema se produce en el archivo shelf.py en la l\u00ednea 221, donde el nombre del estante se expone en un mensaje de error cuando un usuario intenta eliminar un libro de un estante que no es de su propiedad. Esta vulnerabilidad revela informaci\u00f3n privada y afecta a todas las versiones anteriores a la correcci\u00f3n."
}
],
"metrics": {

8
CVE-2021/CVE-2021-39xx/CVE-2021-3987.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3987",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:06.610",
"lastModified": "2024-11-15T11:15:06.610",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de control de acceso indebido en janeczku/calibre-web. La versi\u00f3n afectada permite a los usuarios sin permisos de estanter\u00eda p\u00fablica crear estanter\u00edas p\u00fablicas. La vulnerabilidad se debe a que el m\u00e9todo `create_shelf` en `shelf.py` no verifica si el usuario tiene los permisos necesarios para crear una estanter\u00eda p\u00fablica. Este problema puede provocar que los usuarios realicen acciones no autorizadas."
}
],
"metrics": {

8
CVE-2021/CVE-2021-39xx/CVE-2021-3988.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3988",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:06.877",
"lastModified": "2024-11-15T11:15:06.877",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-site Scripting (XSS) en janeczku/calibre-web, espec\u00edficamente en el archivo `edit_books.js`. La vulnerabilidad se produce al editar las propiedades de un libro, como cargar una portada o un formato. El c\u00f3digo afectado inserta directamente la entrada del usuario en el DOM sin la limpieza adecuada, lo que permite a los atacantes ejecutar c\u00f3digo JavaScript arbitrario. Esto puede dar lugar a varios ataques, incluido el robo de cookies. El problema est\u00e1 presente en el c\u00f3digo que maneja el evento de cambio `#btn-upload-cover`."
}
],
"metrics": {

8
CVE-2021/CVE-2021-39xx/CVE-2021-3991.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-3991",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:07.173",
"lastModified": "2024-11-15T11:15:07.173",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de autorizaci\u00f3n incorrecta en las versiones de Dolibarr anteriores a la rama \"develop\". Un usuario con permisos restringidos en la secci\u00f3n \"Recepci\u00f3n\" puede acceder a detalles espec\u00edficos de la recepci\u00f3n a trav\u00e9s del acceso directo a la URL, eludiendo las restricciones de permisos previstas."
}
],
"metrics": {

8
CVE-2022/CVE-2022-12xx/CVE-2022-1226.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-1226",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:07.527",
"lastModified": "2024-11-15T11:15:07.527",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en las versiones de phpipam/phpipam anteriores a la 1.4.7 permite a los atacantes ejecutar c\u00f3digo JavaScript arbitrario en el navegador de una v\u00edctima. Esta vulnerabilidad afecta a la funci\u00f3n de importaci\u00f3n de conjuntos de datos mediante la carga de un archivo de hoja de c\u00e1lculo. Los endpoints afectados incluyen import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php e import-l2dom-preview.php. La vulnerabilidad se puede explotar cargando un archivo de hoja de c\u00e1lculo especialmente manipulado que contenga payloads de JavaScript maliciosaos, que luego se ejecutan en el contexto del navegador de la v\u00edctima. Esto puede provocar la desfiguraci\u00f3n de sitios web, la ejecuci\u00f3n de c\u00f3digo JavaScript malicioso, el robo de cookies de usuario y el acceso no autorizado a las cuentas de usuario."
}
],
"metrics": {

8
CVE-2022/CVE-2022-18xx/CVE-2022-1884.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-1884",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:07.803",
"lastModified": "2024-11-15T11:15:07.803",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de comandos en las versiones de gogs/gogs &lt;=0.12.7 cuando se implementan en un servidor Windows. La vulnerabilidad surge debido a una validaci\u00f3n incorrecta del par\u00e1metro `tree_path` durante la carga de archivos. Un atacante puede configurar `tree_path=.git.` para cargar un archivo en el directorio .git, lo que le permite escribir o reescribir el archivo `.git/config`. Si se configura `core.sshCommand`, esto puede provocar la ejecuci\u00f3n remota de comandos."
}
],
"metrics": {

20
CVE-2022/CVE-2022-218xx/CVE-2022-21882.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21882",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-01-11T21:15:11.507",
"lastModified": "2024-11-14T21:15:13.590",
"vulnStatus": "Modified",
"lastModified": "2024-11-15T14:35:03.910",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2022-02-04",
"cisaActionDue": "2022-02-18",
@ -109,9 +109,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.2452",
"matchCriteriaId": "86E8ADB6-8720-454D-AAFE-C5B4C65EB462"
"matchCriteriaId": "79A35DBE-C34D-464D-B037-AADB63B221AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.2452",
"matchCriteriaId": "54A85F24-AB36-4A04-B420-F19D1A9DE26C"
},
{
"vulnerable": true,
@ -169,7 +175,11 @@
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21882",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

40
CVE-2022/CVE-2022-219xx/CVE-2022-21919.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21919",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-01-11T21:15:13.463",
"lastModified": "2024-11-14T21:15:18.723",
"vulnStatus": "Modified",
"lastModified": "2024-11-15T14:35:32.303",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2022-04-25",
"cisaActionDue": "2022-05-16",
@ -89,21 +89,39 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.19177",
"matchCriteriaId": "E35D1476-A761-432E-9105-3C57929D75D3"
"matchCriteriaId": "BCF9D462-E6B6-45D3-8E9F-788F2E646817"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.19177",
"matchCriteriaId": "9B6CEFAB-4D29-4427-8294-203A4A98F1AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.4886",
"matchCriteriaId": "D197C143-21B8-4024-AF78-818DAA10D9F2"
"matchCriteriaId": "010F22B5-38B1-4176-B7E8-BB8875B9787C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.4886",
"matchCriteriaId": "4D852EB5-2456-429B-B1D8-DD57710DFE49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.2452",
"matchCriteriaId": "86E8ADB6-8720-454D-AAFE-C5B4C65EB462"
"matchCriteriaId": "79A35DBE-C34D-464D-B037-AADB63B221AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.2452",
"matchCriteriaId": "54A85F24-AB36-4A04-B420-F19D1A9DE26C"
},
{
"vulnerable": true,
@ -202,7 +220,11 @@
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21919",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-22xx/CVE-2022-2232.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-2232",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-11-14T15:15:06.527",
"lastModified": "2024-11-14T15:15:06.527",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el paquete Keycloak que permite a un atacante utilizar una inyecci\u00f3n LDAP para eludir la b\u00fasqueda de nombre de usuario o potencialmente realizar otras acciones maliciosas."
}
],
"metrics": {

8
CVE-2022/CVE-2022-316xx/CVE-2022-31666.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-31666",
"sourceIdentifier": "security@vmware.com",
"published": "2024-11-14T12:15:16.083",
"lastModified": "2024-11-14T12:15:16.083",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.\u00a0\u00a0The attacker could modify Webhook policies configured in other projects."
},
{
"lang": "es",
"value": "Harbor no puede validar los permisos de los usuarios al eliminar pol\u00edticas de Webhook, lo que permite que usuarios malintencionados vean, actualicen y eliminen pol\u00edticas de Webhook de otros usuarios. El atacante podr\u00eda modificar pol\u00edticas de Webhook configuradas en otros proyectos."
}
],
"metrics": {

8
CVE-2022/CVE-2022-316xx/CVE-2022-31667.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-31667",
"sourceIdentifier": "security@vmware.com",
"published": "2024-11-14T12:15:16.390",
"lastModified": "2024-11-14T12:15:16.390",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Harbor fails to validate the user permissions when updating a robot account that\u00a0belongs to a project that the authenticated user doesn\u2019t have access to.\u00a0\n\nBy sending a request that attempts to update a robot account, and specifying a robot\u00a0account id and robot account name that belongs to a different project that the user\u00a0doesn\u2019t have access to, it was possible to revoke the robot account permissions."
},
{
"lang": "es",
"value": "Harbor no puede validar los permisos de usuario al actualizar una cuenta de robot que pertenece a un proyecto al que el usuario autenticado no tiene acceso. Al enviar una solicitud que intenta actualizar una cuenta de robot y especificar un ID y un nombre de cuenta de robot que pertenecen a un proyecto diferente al que el usuario no tiene acceso, fue posible revocar los permisos de la cuenta de robot."
}
],
"metrics": {

8
CVE-2022/CVE-2022-316xx/CVE-2022-31668.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-31668",
"sourceIdentifier": "security@vmware.com",
"published": "2024-11-14T12:15:16.607",
"lastModified": "2024-11-14T12:15:16.607",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Harbor fails to validate the user permissions when updating p2p preheat policies.\u00a0By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects."
},
{
"lang": "es",
"value": "Harbor no puede validar los permisos de usuario al actualizar las pol\u00edticas de precalentamiento P2P. Al enviar una solicitud para actualizar una pol\u00edtica de precalentamiento P2P con un ID que pertenece a un proyecto al que el usuario autenticado actualmente no tiene acceso, el atacante podr\u00eda modificar las pol\u00edticas de precalentamiento P2P configuradas en otros proyectos."
}
],
"metrics": {

8
CVE-2022/CVE-2022-316xx/CVE-2022-31669.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-31669",
"sourceIdentifier": "security@vmware.com",
"published": "2024-11-14T12:15:16.817",
"lastModified": "2024-11-14T12:15:16.817",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Harbor fails to validate the user permissions when updating tag immutability policies.\u00a0\n\nBy sending a request to update a tag immutability policy with an id that belongs to a\nproject that the currently authenticated user doesn\u2019t have access to, the attacker could\nmodify tag immutability policies configured in other projects."
},
{
"lang": "es",
"value": "Harbor no puede validar los permisos de usuario al actualizar las pol\u00edticas de inmutabilidad de etiquetas. Al enviar una solicitud para actualizar una pol\u00edtica de inmutabilidad de etiquetas con un ID que pertenece a un proyecto al que el usuario autenticado actualmente no tiene acceso, el atacante podr\u00eda modificar las pol\u00edticas de inmutabilidad de etiquetas configuradas en otros proyectos."
}
],
"metrics": {

8
CVE-2022/CVE-2022-316xx/CVE-2022-31670.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-31670",
"sourceIdentifier": "security@vmware.com",
"published": "2024-11-14T12:15:17.040",
"lastModified": "2024-11-14T12:15:17.040",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Harbor fails to validate the user permissions when updating tag retention policies.\u00a0\n\nBy sending a request to update a tag retention policy with an id that belongs to a project\u00a0that the currently authenticated user doesn\u2019t have access to, the attacker could modify\ntag retention policies configured in other projects."
},
{
"lang": "es",
"value": "Harbor no puede validar los permisos de usuario al actualizar las pol\u00edticas de retenci\u00f3n de etiquetas. Al enviar una solicitud para actualizar una pol\u00edtica de retenci\u00f3n de etiquetas con un ID que pertenece a un proyecto al que el usuario autenticado actualmente no tiene acceso, el atacante podr\u00eda modificar las pol\u00edticas de retenci\u00f3n de etiquetas configuradas en otros proyectos."
}
],
"metrics": {

8
CVE-2022/CVE-2022-316xx/CVE-2022-31671.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-31671",
"sourceIdentifier": "security@vmware.com",
"published": "2024-11-14T12:15:17.250",
"lastModified": "2024-11-14T12:15:17.250",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users\u00a0could read all the job logs stored in the Harbor database."
},
{
"lang": "es",
"value": "Harbor no puede validar los permisos de usuario al leer y actualizar los registros de ejecuci\u00f3n de trabajos a trav\u00e9s de los registros de ejecuci\u00f3n de precalentamiento P2P. Al enviar una solicitud que intenta leer o actualizar los registros de ejecuci\u00f3n de precalentamiento P2P y especificar diferentes identificadores de trabajo, los usuarios autenticados malintencionados podr\u00edan leer todos los registros de trabajo almacenados en la base de datos de Harbor."
}
],
"metrics": {

8
CVE-2023/CVE-2023-01xx/CVE-2023-0109.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-0109",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:08.097",
"lastModified": "2024-11-15T11:15:08.097",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de cross-site scripting (XSS) almacenado en la versi\u00f3n 0.9.1 de usememos/memos. Esta vulnerabilidad permite a un atacante cargar un archivo JavaScript que contiene una secuencia de comandos maliciosa y hacer referencia a ella en un archivo HTML. Cuando se accede al archivo HTML, se ejecuta la secuencia de comandos maliciosa. Esto puede provocar el robo de informaci\u00f3n confidencial, como las credenciales de inicio de sesi\u00f3n, de los usuarios que visitan el sitio web afectado. El problema se ha solucionado en la versi\u00f3n 0.10.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-07xx/CVE-2023-0737.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-0737",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:08.363",
"lastModified": "2024-11-15T11:15:08.363",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4."
},
{
"lang": "es",
"value": "La versi\u00f3n 2.5.2 de wallabag contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) que permite a los atacantes eliminar arbitrariamente cuentas de usuario a trav\u00e9s del endpoint /account/delete. Este problema se solucion\u00f3 en la versi\u00f3n 2.5.4."
}
],
"metrics": {

8
CVE-2023/CVE-2023-23xx/CVE-2023-2332.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-2332",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:08.643",
"lastModified": "2024-11-15T11:15:08.643",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-site Scripting (XSS) almacenado en Conditions tab of Pricing Rules in pimcore/pimcore en las versiones 10.5.19. La vulnerabilidad est\u00e1 presente en los campos Desde y Hasta de la secci\u00f3n Intervalo de fechas, lo que permite a un atacante inyectar secuencias de comandos maliciosas. Esto puede provocar la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en el contexto del navegador del usuario, lo que podr\u00eda robar cookies o redirigir a los usuarios a sitios maliciosos. El problema se solucion\u00f3 en la versi\u00f3n 10.5.21."
}
],
"metrics": {

8
CVE-2023/CVE-2023-340xx/CVE-2023-34049.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-34049",
"sourceIdentifier": "security@vmware.com",
"published": "2024-11-14T05:15:28.260",
"lastModified": "2024-11-14T05:15:28.260",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails."
},
{
"lang": "es",
"value": "La opci\u00f3n de pre-vuelo de Salt-SSH copia el script al destino en una ruta predecible, lo que permite a un atacante forzar a Salt-SSH a ejecutar su script. Si un atacante tiene acceso a la m\u00e1quina virtual de destino y conoce la ruta al script de pre-vuelo antes de que se ejecute, puede asegurarse de que Salt-SSH ejecute su script con los privilegios del usuario que ejecuta Salt-SSH. No haga que la ruta de copia en el destino sea predecible y aseg\u00farese de verificar los c\u00f3digos de retorno del comando scp si la copia falla."
}
],
"metrics": {

8
CVE-2023/CVE-2023-356xx/CVE-2023-35659.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-35659",
"sourceIdentifier": "security@android.com",
"published": "2024-11-13T18:15:19.763",
"lastModified": "2024-11-13T18:15:19.763",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En DevmemIntChangeSparse de devicemem_server.c, existe la posibilidad de que se ejecute un c\u00f3digo arbitrario debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-356xx/CVE-2023-35686.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-35686",
"sourceIdentifier": "security@android.com",
"published": "2024-11-13T18:15:19.860",
"lastModified": "2024-11-13T18:15:19.860",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En PVRSRVRGXKickTA3DKM de rgxta3d.c, existe la posibilidad de ejecuci\u00f3n de c\u00f3digo arbitrario debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-389xx/CVE-2023-38920.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-38920",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-13T20:15:16.840",
"lastModified": "2024-11-13T20:15:16.840",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the adminname parameter."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross-Site Scripting en Cyber Cafe Management System v.1.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de una secuencia de comandos dise\u00f1ada espec\u00edficamente para el par\u00e1metro adminname."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-41xx/CVE-2023-4134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4134",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-14T11:15:03.730",
"lastModified": "2024-11-14T11:15:03.730",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-44xx/CVE-2023-4458.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-4458",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-14T12:15:17.487",
"lastModified": "2024-11-14T12:15:17.487",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el an\u00e1lisis de atributos extendidos en el m\u00f3dulo ksmbd del kernel. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto para divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas de Linux. Solo los sistemas con ksmbd habilitado son vulnerables a esta CVE."
}
],
"metrics": {

8
CVE-2023/CVE-2023-46xx/CVE-2023-4679.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-4679",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:08.917",
"lastModified": "2024-11-15T11:15:08.917",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de use after free en la versi\u00f3n 2.3-DEV-revrelease de GPAC, espec\u00edficamente en la funci\u00f3n gf_filterpacket_del en filter_core/filter.c en la l\u00ednea 38. Esta vulnerabilidad puede generar una condici\u00f3n de doble liberaci\u00f3n, que puede provocar que la aplicaci\u00f3n se bloquee."
}
],
"metrics": {

8
CVE-2024/CVE-2024-07xx/CVE-2024-0787.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-0787",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:09.213",
"lastModified": "2024-11-15T11:15:09.213",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0."
},
{
"lang": "es",
"value": "La versi\u00f3n 1.5.1 de phpIPAM contiene una vulnerabilidad que permite a un atacante eludir el mecanismo de bloqueo de direcciones IP para obtener por fuerza bruta las contrase\u00f1as de los usuarios mediante el encabezado 'X-Forwarded-For'. El problema se encuentra en la funci\u00f3n 'get_user_ip()' de 'class.Common.php' en las l\u00edneas 1044 y 1045, donde se comprueba la presencia del encabezado 'X-Forwarded-For' y se utiliza en lugar de 'REMOTE_ADDR'. Esta vulnerabilidad permite a los atacantes realizar ataques por fuerza bruta en las cuentas de usuario, incluida la cuenta de administrador. El problema se ha corregido en la versi\u00f3n 1.7.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-08xx/CVE-2024-0875.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-0875",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:09.490",
"lastModified": "2024-11-15T11:15:09.490",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en la versi\u00f3n 7.0.1 de openemr/openemr. Un atacante puede inyectar payloads maliciosos en el campo 'inputBody' de la funci\u00f3n de mensajer\u00eda segura, que luego se pueden enviar a otros usuarios. Cuando el destinatario ve el mensaje malicioso, se ejecuta el payload, lo que puede comprometer su cuenta. Este problema se solucion\u00f3 en la versi\u00f3n 7.0.2.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10104.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10104",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-15T07:15:17.063",
"lastModified": "2024-11-15T07:15:17.063",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento Jobs para WordPress anterior a la versi\u00f3n 2.7.8 no desinfecta ni escapa a algunas de sus configuraciones de Job, lo que podr\u00eda permitir que usuarios con privilegios elevados, como los colaboradores, realicen ataques de Cross Site Scripting almacenado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-101xx/CVE-2024-10113.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10113",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T06:15:03.340",
"lastModified": "2024-11-15T06:15:03.340",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WP AdCenter \u2013 Ad Manager &amp; Adsense Ads para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto wpadcenter_ad del complemento en todas las versiones hasta la 2.5.7 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2024/CVE-2024-101xx/CVE-2024-10146.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10146",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-14T06:15:07.080",
"lastModified": "2024-11-14T19:35:05.160",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-102xx/CVE-2024-10260.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10260",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T06:15:03.753",
"lastModified": "2024-11-15T06:15:03.753",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file."
},
{
"lang": "es",
"value": "El complemento Tripetto para WordPress es vulnerable a Cross Site Scripting almacenado mediante cargas de archivos en todas las versiones hasta la 8.0.3 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-103xx/CVE-2024-10311.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10311",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T10:15:03.980",
"lastModified": "2024-11-15T10:15:03.980",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator."
},
{
"lang": "es",
"value": "El complemento External Database Based Actions para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en versiones hasta la 0.1 incluida. Esto se debe a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n 'edba_admin_handle'. Esto permite que atacantes autenticados, con permisos de nivel de suscriptor y superiores, actualicen la configuraci\u00f3n del complemento e inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador."
}
],
"metrics": {

8
CVE-2024/CVE-2024-103xx/CVE-2024-10394.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10394",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-14T20:15:20.777",
"lastModified": "2024-11-14T20:15:20.777",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local user can bypass the OpenAFS PAG (Process Authentication Group)\nthrottling mechanism in Unix clients, allowing the user to create a PAG using\nan existing id number, effectively joining the PAG and letting the user steal\nthe credentials in that PAG."
},
{
"lang": "es",
"value": "Un usuario local puede eludir el mecanismo de limitaci\u00f3n de PAG (grupo de autenticaci\u00f3n de procesos) de OpenAFS en clientes Unix, lo que le permite crear un PAG utilizando un n\u00famero de identificaci\u00f3n existente, uni\u00e9ndose efectivamente al PAG y permitiendo al usuario robar las credenciales en ese PAG."
}
],
"metrics": {

8
CVE-2024/CVE-2024-103xx/CVE-2024-10396.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10396",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-14T20:15:20.917",
"lastModified": "2024-11-14T20:15:20.917",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can provide a malformed ACL to the fileserver's StoreACL\nRPC, causing the fileserver to crash, possibly expose uninitialized memory, and\npossibly store garbage data in the audit log.\nMalformed ACLs provided in responses to client FetchACL RPCs can cause client\nprocesses to crash and possibly expose uninitialized memory into other ACLs\nstored on the server."
},
{
"lang": "es",
"value": "Un usuario autenticado puede proporcionar una ACL mal formada a la RPC StoreACL del servidor de archivos, lo que provocar\u00e1 que el servidor de archivos se bloquee, posiblemente exponga memoria no inicializada y posiblemente almacene datos basura en el registro de auditor\u00eda. Las ACL mal formadas proporcionadas en respuestas a las RPC FetchACL del cliente pueden provocar que los procesos del cliente se bloqueen y posiblemente expongan memoria no inicializada en otras ACL almacenadas en el servidor."
}
],
"metrics": {

8
CVE-2024/CVE-2024-103xx/CVE-2024-10397.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10397",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-14T20:15:21.057",
"lastModified": "2024-11-14T20:15:21.057",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious server can crash the OpenAFS cache manager and other client\nutilities, and possibly execute arbitrary code."
},
{
"lang": "es",
"value": "Un servidor malintencionado puede bloquear el administrador de cach\u00e9 OpenAFS y otras utilidades del cliente y posiblemente ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-104xx/CVE-2024-10443.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10443",
"sourceIdentifier": "security@synology.com",
"published": "2024-11-15T11:15:09.750",
"lastModified": "2024-11-15T11:15:09.750",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando ('Inyecci\u00f3n de comando') en Task Manager component in Synology BeePhotos anteriores a 1.0.2-10026 y 1.1.0-10053 y Synology Photos anteriores a 1.6.2-0720 y 1.7.0-0795 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10534.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10534",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-11-15T11:15:10.100",
"lastModified": "2024-11-15T11:15:10.100",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024."
},
{
"lang": "es",
"value": "La vulnerabilidad de error de validaci\u00f3n de origen en Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) permite la inyecci\u00f3n de tr\u00e1fico. Este problema afecta a los sistemas de control de asistencia de personal (PACS) / sistemas de seguridad de control de acceso (ACSS): antes de 2024."
}
],
"metrics": {

4
CVE-2024/CVE-2024-105xx/CVE-2024-10571.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10571",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-14T11:15:04.630",
"lastModified": "2024-11-14T11:15:04.630",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-105xx/CVE-2024-10582.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10582",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T06:15:04.077",
"lastModified": "2024-11-15T06:15:04.077",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Music Player for Elementor \u2013 Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import templates."
},
{
"lang": "es",
"value": "El complemento Music Player for Elementor \u2013 Audio Player &amp; Podcast Player para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n import_mpfe_template() en todas las versiones hasta la 2.4.1 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, importen plantillas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-107xx/CVE-2024-10793.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10793",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T06:15:04.370",
"lastModified": "2024-11-15T06:15:04.370",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WP Activity Log para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del par\u00e1metro user_id en todas las versiones hasta la 5.2.1 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario administrativo acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-108xx/CVE-2024-10825.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10825",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T07:15:17.237",
"lastModified": "2024-11-15T07:15:17.237",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hide My WP Ghost \u2013 Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Hide My WP Ghost \u2013 Security &amp; Firewall para WordPress es vulnerable a ataques de Cross-Site Scripting Reflejado a trav\u00e9s de la URL en todas las versiones hasta la 5.3.01 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario administrativo para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-108xx/CVE-2024-10897.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10897",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T05:15:05.177",
"lastModified": "2024-11-15T05:15:05.177",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install Elementor or Tutor LMS. Please note the impact of this issue is incredibly limited due to the fact that these two plugins will likely already be installed as a dependency of the plugin."
},
{
"lang": "es",
"value": "El complemento Tutor LMS Elementor Addons para WordPress es vulnerable a la instalaci\u00f3n no autorizada de complementos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n install_etlms_dependency_plugin() en todas las versiones hasta la 2.1.5 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, instalen Elementor o Tutor LMS. Tenga en cuenta que el impacto de este problema es incre\u00edblemente limitado debido al hecho de que estos dos complementos probablemente ya est\u00e9n instalados como una dependencia del complemento."
}
],
"metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10921.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10921",
"sourceIdentifier": "cna@mongodb.com",
"published": "2024-11-14T16:15:18.030",
"lastModified": "2024-11-14T16:15:18.030",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2."
},
{
"lang": "es",
"value": "Un usuario autorizado puede provocar fallas o recibir el contenido de lecturas excesivas del b\u00fafer de la memoria del servidor al emitir solicitudes especialmente manipuladas que construyen un BSON mal formado en MongoDB Server. Este problema afecta a las versiones de MongoDB Server v5.0 anteriores a la 5.0.30, a las versiones de MongoDB Server v6.0 anteriores a la 6.0.19, a las versiones de MongoDB Server v7.0 anteriores a la 7.0.15 y a las versiones de MongoDB Server v8.0 anteriores a la 8.0.2 incluida."
}
],
"metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10924.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10924",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T04:15:03.613",
"lastModified": "2024-11-15T04:15:03.613",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the \"Two-Factor Authentication\" setting is enabled (disabled by default)."
},
{
"lang": "es",
"value": "Los complementos Really Simple Security (Free, Pro y Pro Multisite) para WordPress son vulnerables a la omisi\u00f3n de la autenticaci\u00f3n en las versiones 9.0.0 a 9.1.1.1. Esto se debe a un manejo inadecuado de errores de verificaci\u00f3n de usuario en las acciones de la API REST de dos factores con la funci\u00f3n 'check_login_and_get_user'. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, cuando la configuraci\u00f3n \"Autenticaci\u00f3n de dos factores\" est\u00e1 habilitada (deshabilitada de forma predeterminada)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10962.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10962",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-14T14:15:17.533",
"lastModified": "2024-11-14T14:15:17.533",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site to trigger the exploit."
},
{
"lang": "es",
"value": "El complemento Migration, Backup, Staging \u2013 WPvivid para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 0.9.107 incluida, a trav\u00e9s de la deserializaci\u00f3n de entradas no confiables en las funciones 'replace_row_data' y 'replace_serialize_data'. Esto hace posible que atacantes no autenticados inyecten un objeto PHP. No hay ninguna cadena POP presente en el software vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo. Un administrador debe crear un sitio de prueba para activar el exploit."
}
],
"metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10976.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10976",
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"published": "2024-11-14T13:15:03.793",
"lastModified": "2024-11-14T13:15:03.793",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."
},
{
"lang": "es",
"value": "El seguimiento incompleto en PostgreSQL de tablas con seguridad de filas permite que una consulta reutilizada vea o cambie filas diferentes a las previstas. CVE-2023-2455 y CVE-2016-2193 solucionaron la mayor\u00eda de las interacciones entre la seguridad de filas y los cambios de ID de usuario. Pasaron por alto los casos en los que una subconsulta, una consulta WITH, una vista de invocador de seguridad o una funci\u00f3n de lenguaje SQL hace referencia a una tabla con una pol\u00edtica de seguridad a nivel de fila. Esto tiene las mismas consecuencias que las dos CVE anteriores. Es decir, conduce a la aplicaci\u00f3n de pol\u00edticas potencialmente incorrectas en los casos en los que se utilizan pol\u00edticas espec\u00edficas de roles y se planifica una consulta determinada bajo un rol y luego se ejecuta bajo otros roles. Este escenario puede ocurrir bajo funciones de definidor de seguridad o cuando se planifica inicialmente un usuario y una consulta comunes y luego se reutilizan en varios SET ROLE. La aplicaci\u00f3n de una pol\u00edtica incorrecta puede permitir que un usuario complete lecturas y modificaciones que de otro modo estar\u00edan prohibidas. Esto afecta solo a las bases de datos que han utilizado CREATE POLICY para definir una pol\u00edtica de seguridad de filas. Un atacante debe adaptar un ataque al patr\u00f3n de reutilizaci\u00f3n de planes de consulta, cambios de ID de usuario y pol\u00edticas de seguridad de filas espec\u00edficas de roles de una aplicaci\u00f3n en particular. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10977.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10977",
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"published": "2024-11-14T13:15:04.023",
"lastModified": "2024-11-14T13:15:04.023",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."
},
{
"lang": "es",
"value": "El uso del mensaje de error del servidor por parte del cliente en PostgreSQL permite que un servidor que no es de confianza seg\u00fan la configuraci\u00f3n actual de SSL o GSS proporcione bytes arbitrarios que no sean NUL a la aplicaci\u00f3n libpq. Por ejemplo, un atacante intermediario podr\u00eda enviar un mensaje de error largo que un usuario humano o un usuario de psql que rastree la pantalla confunda con resultados de consulta v\u00e1lidos. Probablemente esto no sea un problema para los clientes en los que la interfaz de usuario indica de forma inequ\u00edvoca el l\u00edmite entre un mensaje de error y otro texto. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10978.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10978",
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"published": "2024-11-14T13:15:04.217",
"lastModified": "2024-11-14T13:15:04.217",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."
},
{
"lang": "es",
"value": "La asignaci\u00f3n incorrecta de privilegios en PostgreSQL permite que un usuario de la aplicaci\u00f3n con menos privilegios vea o cambie filas distintas a las previstas. Un ataque requiere que la aplicaci\u00f3n utilice SET ROLE, SET SESSION AUTHORIZATION o una funci\u00f3n equivalente. El problema surge cuando una consulta de la aplicaci\u00f3n utiliza par\u00e1metros del atacante o transmite los resultados de la consulta al atacante. Si esa consulta reacciona a current_setting('role') o al ID de usuario actual, puede modificar o devolver datos como si la sesi\u00f3n no hubiera utilizado SET ROLE o SET SESSION AUTHORIZATION. El atacante no controla qu\u00e9 ID de usuario incorrecto se aplica. El texto de la consulta de fuentes con menos privilegios no es un problema aqu\u00ed, porque SET ROLE y SET SESSION AUTHORIZATION no son entornos aislados para consultas no verificadas. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10979.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10979",
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"published": "2024-11-14T13:15:04.407",
"lastModified": "2024-11-14T13:15:04.407",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."
},
{
"lang": "es",
"value": "El control incorrecto de las variables de entorno en PostgreSQL PL/Perl permite que un usuario de base de datos sin privilegios modifique variables de entorno de proceso sensibles (por ejemplo, PATH). Esto suele ser suficiente para permitir la ejecuci\u00f3n de c\u00f3digo arbitrario, incluso si el atacante no tiene un usuario del sistema operativo del servidor de base de datos. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1097.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1097",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:10.550",
"lastModified": "2024-11-15T11:15:10.550",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report, potentially leading to the theft of user accounts and cookies."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en la versi\u00f3n 1.3.0 de craigk5n/webcalendar. La vulnerabilidad se produce en el campo de entrada \"Nombre del informe\" al crear un nuevo informe. Un atacante puede inyectar secuencias de comandos maliciosas, que luego se ejecutan en el contexto de otros usuarios que ven el informe, lo que puede provocar el robo de cuentas de usuario y cookies."
}
],
"metrics": {

8
CVE-2024/CVE-2024-111xx/CVE-2024-11120.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11120",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-11-15T02:15:17.757",
"lastModified": "2024-11-15T02:15:17.757",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "twcert@cert.org.tw",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
},
{
"lang": "es",
"value": "Algunos dispositivos GeoVision al final de su vida \u00fatil tienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Los atacantes remotos no autenticados pueden aprovechar esta vulnerabilidad para inyectar y ejecutar comandos arbitrarios del sistema en el dispositivo. Adem\u00e1s, esta vulnerabilidad ya ha sido explotada por atacantes y hemos recibido informes relacionados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-111xx/CVE-2024-11136.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11136",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-11-14T16:15:18.273",
"lastModified": "2024-11-14T16:15:18.273",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user\u2019s external storage."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n predeterminada de la c\u00e1mara TCL expone a un proveedor vulnerable a una vulnerabilidad de path traversal. La aplicaci\u00f3n maliciosa puede proporcionar una ruta URI maliciosa y eliminar archivos arbitrarios del almacenamiento externo del usuario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-111xx/CVE-2024-11182.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11182",
"sourceIdentifier": "security@eset.com",
"published": "2024-11-15T11:15:10.410",
"lastModified": "2024-11-15T11:15:10.410",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS issue was discovered in \n\nMDaemon Email Server before version\u00a024.5.1c. An attacker can send an HTML e-mail message \nwith \nJavaScript in an img tag. This could\n allow a remote attacker\n\nto load arbitrary JavaScript code in the context of a webmail user's browser window."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de XSS en MDaemon Email Server anterior a la versi\u00f3n 24.5.1c. Un atacante puede enviar un mensaje de correo electr\u00f3nico HTML con JavaScript en una etiqueta img. Esto podr\u00eda permitir que un atacante remoto cargue c\u00f3digo JavaScript arbitrario en el contexto de la ventana del navegador de un usuario de correo web."
}
],
"metrics": {

4
CVE-2024/CVE-2024-111xx/CVE-2024-11193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11193",
"sourceIdentifier": "security@yugabyte.com",
"published": "2024-11-13T21:15:08.730",
"lastModified": "2024-11-14T15:35:06.770",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-112xx/CVE-2024-11206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11206",
"sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"published": "2024-11-14T07:15:17.203",
"lastModified": "2024-11-14T22:35:02.177",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-112xx/CVE-2024-11207.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11207",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T13:15:04.603",
"lastModified": "2024-11-14T13:15:04.603",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Apereo CAS 6.6 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /login. La manipulaci\u00f3n del argumento redirect_uri provoca una redirecci\u00f3n abierta. El ataque se puede ejecutar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11208.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11208",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T14:15:17.787",
"lastModified": "2024-11-14T14:15:17.787",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Apereo CAS 6.6 y se ha clasificado como problem\u00e1tica. Este problema afecta a una funcionalidad desconocida del archivo /login?service. La manipulaci\u00f3n provoca la caducidad de la sesi\u00f3n. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. La explotaci\u00f3n se ha hecho p\u00fablica y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11209.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11209",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T14:15:18.090",
"lastModified": "2024-11-14T14:15:18.090",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Apereo CAS 6.6. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo /login?service del componente 2FA. La manipulaci\u00f3n conduce a una autenticaci\u00f3n incorrecta. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11210.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11210",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T15:15:07.800",
"lastModified": "2024-11-14T15:15:07.800",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en EyouCMS 1.51. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n editFile del archivo application/admin/logic/FilemanagerLogic.php. La manipulaci\u00f3n del argumento activepath provoca un Path Traversal. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11211.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11211",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T15:15:08.077",
"lastModified": "2024-11-15T09:15:14.600",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en EyouCMS hasta la versi\u00f3n 1.6.7. Se trata de una funci\u00f3n desconocida del componente Website Logo Handler. La manipulaci\u00f3n permite la carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11212.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11212",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T15:15:08.360",
"lastModified": "2024-11-14T15:15:08.360",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument barcode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Best Employee Management System 1.0. Este problema afecta a una funcionalidad desconocida del archivo /admin/fetch_product_details.php. La manipulaci\u00f3n del argumento barcode provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11213.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11213",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T16:15:18.450",
"lastModified": "2024-11-14T16:15:18.450",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Best Employee Management System 1.0. Afecta a una parte desconocida del archivo /admin/edit_role.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11214.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11214",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T16:15:18.707",
"lastModified": "2024-11-14T16:15:18.707",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en SourceCodester Best Employee Management System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/profile.php. La manipulaci\u00f3n del argumento website_image permite la carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. La divulgaci\u00f3n inicial del investigador contiene clases de vulnerabilidad confusas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11215.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11215",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-11-14T14:15:18.367",
"lastModified": "2024-11-14T14:15:18.367",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings \u2018/...%5c\u2019."
},
{
"lang": "es",
"value": "Vulnerabilidad de path traversal absoluto (restricci\u00f3n incorrecta de una ruta a un directorio restringido) en el servidor web EasyPHP, que afecta a la versi\u00f3n 14.1. Esta vulnerabilidad podr\u00eda permitir a usuarios remotos eludir las restricciones de SecurityManager y recuperar cualquier archivo almacenado en el servidor estableciendo \u00fanicamente cadenas consecutivas '/...%5c'."
}
],
"metrics": {

8
CVE-2024/CVE-2024-112xx/CVE-2024-11237.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11237",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T12:15:14.670",
"lastModified": "2024-11-15T12:15:14.670",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en TP-Link VN020 F3v(T) TT_V6.2.1021. Este problema afecta a algunas funciones desconocidas del componente DHCP DISCOVER Packet Parser. La manipulaci\u00f3n del argumento hostname provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

137
CVE-2024/CVE-2024-112xx/CVE-2024-11238.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-11238",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T13:15:03.753",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/CoinIsMoney/TempGuide/blob/main/LL-exp-02.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.284673",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.284673",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.438291",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-112xx/CVE-2024-11239.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-11239",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T14:15:19.693",
"lastModified": "2024-11-15T14:23:55.747",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/CoinIsMoney/TempGuide/blob/main/LL-exp-03.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.284674",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.284674",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.438784",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-112xx/CVE-2024-11240.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-11240",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T14:15:19.953",
"lastModified": "2024-11-15T14:23:55.747",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db_login_role leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://docs.google.com/document/d/1_kk14QhqJuqMGzAD_SUlOSvCGwYdeF4gI8m7mVTPBAQ/edit?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.284675",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.284675",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.438471",
"source": "cna@vuldb.com"
}
]
}

8
CVE-2024/CVE-2024-12xx/CVE-2024-1240.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1240",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:10.773",
"lastModified": "2024-11-15T11:15:10.773",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de redirecci\u00f3n abierta en la versi\u00f3n 0.5.0 de pyload/pyload. La vulnerabilidad se debe a un manejo inadecuado del par\u00e1metro 'next' en la funci\u00f3n de inicio de sesi\u00f3n. Un atacante puede aprovechar esta vulnerabilidad para redirigir a los usuarios a sitios maliciosos, que pueden usarse para suplantaci\u00f3n de identidad u otras actividades maliciosas. El problema se solucion\u00f3 en pyload-ng 0.5.0b3.dev79."
}
],
"metrics": {

8
CVE-2024/CVE-2024-16xx/CVE-2024-1682.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1682",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-14T18:15:18.193",
"lastModified": "2024-11-14T18:15:18.193",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks."
},
{
"lang": "es",
"value": "En el archivo de documentaci\u00f3n .rst se hace referencia a un dep\u00f3sito de Amazon S3 no reclamado, \"codeconf\", en un enlace de archivo de audio. Este dep\u00f3sito ha sido reclamado por un tercero. El uso de este dep\u00f3sito de S3 no reclamado podr\u00eda generar problemas de integridad de los datos, fuga de datos, problemas de disponibilidad, p\u00e9rdida de confiabilidad y posibles ataques adicionales si el dep\u00f3sito se utiliza para alojar contenido malicioso o como punto de pivote para ataques adicionales."
}
],
"metrics": {

8
CVE-2024/CVE-2024-217xx/CVE-2024-21783.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21783",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:08.890",
"lastModified": "2024-11-13T21:15:08.890",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El desbordamiento de enteros en algunos programas Intel(R) VPL anteriores a la versi\u00f3n 24.1.4 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-217xx/CVE-2024-21799.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21799",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:09.170",
"lastModified": "2024-11-13T21:15:09.170",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El path traversal para alg\u00fan software Intel(R) Extension for Transformers anterior a la versi\u00f3n 1.5 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-218xx/CVE-2024-21808.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21808",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:09.403",
"lastModified": "2024-11-13T21:15:09.403",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Restricciones de b\u00fafer inadecuadas en algunos programas Intel(R) VPL anteriores a la versi\u00f3n 24.1.4 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-218xx/CVE-2024-21820.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21820",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:09.653",
"lastModified": "2024-11-13T21:15:09.653",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permisos predeterminados incorrectos en algunas configuraciones de controlador de memoria del procesador Intel(R) Xeon(R) al utilizar Intel(R) SGX pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-218xx/CVE-2024-21850.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21850",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:09.910",
"lastModified": "2024-11-13T21:15:09.910",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La informaci\u00f3n confidencial de un recurso no eliminado antes de su reutilizaci\u00f3n en alg\u00fan software del m\u00f3dulo Intel(R) TDX Seamldr anterior a la versi\u00f3n 1.5.02.00 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-218xx/CVE-2024-21853.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21853",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:10.150",
"lastModified": "2024-11-13T21:15:10.150",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "Las m\u00e1quinas de estados finitos (FSM) inadecuadas en la l\u00f3gica de hardware de algunos procesadores Intel\u00ae Xeon\u00ae de cuarta y quinta generaci\u00f3n pueden permitir que un usuario autorizado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-221xx/CVE-2024-22185.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-22185",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:10.460",
"lastModified": "2024-11-13T21:15:10.460",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La condici\u00f3n de ejecuci\u00f3n de tiempo de uso y tiempo de verificaci\u00f3n en algunos procesadores Intel(R) con Intel(R) ACTM puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-231xx/CVE-2024-23198.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23198",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:10.733",
"lastModified": "2024-11-13T21:15:10.733",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el firmware de algunos productos Intel(R) PROSet/Wireless Software e Intel(R) Killer(TM) Wi-Fi anteriores a la versi\u00f3n 23.40 puede permitir que un usuario no autenticado habilite la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."
}
],
"metrics": {

8
CVE-2024/CVE-2024-233xx/CVE-2024-23312.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23312",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:10.980",
"lastModified": "2024-11-13T21:15:10.980",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La ruta de b\u00fasqueda no controlada para alg\u00fan software de la herramienta de configuraci\u00f3n binaria Intel(R) para Windows anterior a la versi\u00f3n 3.4.5 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23715.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23715",
"sourceIdentifier": "security@android.com",
"published": "2024-11-13T18:15:20.080",
"lastModified": "2024-11-13T18:15:20.080",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En PMRWritePMPageList de pmr.c, existe una posible escritura fuera de los l\u00edmites debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-239xx/CVE-2024-23918.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23918",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:11.227",
"lastModified": "2024-11-13T21:15:11.227",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La verificaci\u00f3n de condiciones inadecuadas en algunas configuraciones del controlador de memoria del procesador Intel(R) Xeon(R) al utilizar Intel(R) SGX puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23919.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23919",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:11.457",
"lastModified": "2024-11-13T21:15:11.457",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Restricciones de b\u00fafer inadecuadas en algunos programas de gr\u00e1ficos Intel(R) pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-249xx/CVE-2024-24984.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-24984",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:11.703",
"lastModified": "2024-11-13T21:15:11.703",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta para algunos productos Intel(R) Wireless Bluetooth(R) para Windows anteriores a la versi\u00f3n 23.40 puede permitir que un usuario no autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."
}
],
"metrics": {

8
CVE-2024/CVE-2024-249xx/CVE-2024-24985.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-24985",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:11.940",
"lastModified": "2024-11-13T21:15:11.940",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La exposici\u00f3n de recursos a una esfera incorrecta en algunos procesadores Intel(R) con Intel(R) ACTM puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-255xx/CVE-2024-25563.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25563",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:12.193",
"lastModified": "2024-11-13T21:15:12.193",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "La inicializaci\u00f3n incorrecta del firmware para algunos programas Intel(R) PROSet/Wireless e Intel(R) Killer(TM) Wi-Fi anteriores a la versi\u00f3n 23.40 puede permitir que un usuario privilegiado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-255xx/CVE-2024-25565.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25565",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:12.430",
"lastModified": "2024-11-13T21:15:12.430",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access."
},
{
"lang": "es",
"value": "La gesti\u00f3n insuficiente del flujo de control en el firmware UEFI para algunos procesadores Intel(R) Xeon(R) puede permitir que un usuario autenticado habilite la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-256xx/CVE-2024-25647.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25647",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:12.683",
"lastModified": "2024-11-13T21:15:12.683",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permisos predeterminados incorrectos para alg\u00fan software de la herramienta de configuraci\u00f3n binaria Intel(R) para Windows anterior a la versi\u00f3n 3.4.5 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-25xx/CVE-2024-2550.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2550",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-11-14T10:15:04.137",
"lastModified": "2024-11-14T10:15:04.137",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desreferencia de puntero nulo en la puerta de enlace GlobalProtect del software PAN-OS de Palo Alto Networks permite que un atacante no autenticado detenga el servicio GlobalProtect en el firewall mediante el env\u00edo de un paquete especialmente manipulado que provoca una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Los intentos repetidos de activar esta condici\u00f3n hacen que el firewall entre en modo de mantenimiento."
}
],
"metrics": {

8
CVE-2024/CVE-2024-25xx/CVE-2024-2551.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2551",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-11-14T10:15:04.547",
"lastModified": "2024-11-14T10:15:04.547",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks permite a un atacante no autenticado detener un servicio central del sistema en el firewall mediante el env\u00edo de un paquete manipulado a trav\u00e9s del plano de datos que provoca una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Los intentos repetidos de activar esta condici\u00f3n hacen que el firewall entre en modo de mantenimiento."
}
],
"metrics": {

8
CVE-2024/CVE-2024-25xx/CVE-2024-2552.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2552",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-11-14T10:15:04.957",
"lastModified": "2024-11-14T10:15:04.957",
"vulnStatus": "Received",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado eludir las restricciones del sistema en el plano de administraci\u00f3n y eliminar archivos en el firewall."
}
],
"metrics": {

8
CVE-2024/CVE-2024-260xx/CVE-2024-26017.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-26017",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:12.910",
"lastModified": "2024-11-13T21:15:12.910",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La ruta de b\u00fasqueda no controlada en algunos programas Intel(R) Rendering Toolkit anteriores a la versi\u00f3n 2024.1.0 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-272xx/CVE-2024-27200.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27200",
"sourceIdentifier": "secure@intel.com",
"published": "2024-11-13T21:15:13.140",
"lastModified": "2024-11-13T21:15:13.140",
"vulnStatus": "Received",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en algunos programas Intel(R) Granulate(TM) anteriores a la versi\u00f3n 4.30.1 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More