admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-04-24T14:00:39.725805+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-04-24 14:03:30 +00:00
parent 5177d41ec4
commit c3ec4de9ce
109 changed files with 760 additions and 344 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2017/CVE-2017-180xx/CVE-2017-18017.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-18017",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-01-03T06:29:00.517",
"lastModified": "2023-01-19T16:26:28.863",
"lastModified": "2024-04-24T13:40:09.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -170,8 +170,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B40F638-20F7-4AAF-9DD5-5110512382DE"
"criteria": "cpe:2.3:o:arista:eos:4.20.1fx-virtual-router:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4E30BA-8F44-46F5-B237-8062BCEEF2B3"
}
]
}

4
CVE-2022/CVE-2022-458xx/CVE-2022-45852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45852",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:46.483",
"lastModified": "2024-04-24T11:15:46.483",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-239xx/CVE-2023-23976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23976",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:46.680",
"lastModified": "2024-04-24T11:15:46.680",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-239xx/CVE-2023-23985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23985",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:46.863",
"lastModified": "2024-04-24T11:15:46.863",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-477xx/CVE-2023-47731.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47731",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-23T13:15:46.343",
"lastModified": "2024-04-23T13:15:46.343",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203."
},
{
"lang": "es",
"value": "IBM QRadar Suite Software 1.10.12.0 a 1.10.19.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 son vulnerables a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 272203."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7253.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7253",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-24T05:15:46.863",
"lastModified": "2024-04-24T05:15:46.863",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations."
},
{
"lang": "es",
"value": "El complemento Import WP WordPress anterior a 2.13.1 no impide que los usuarios con funci\u00f3n de administrador hagan ping al realizar ataques SSRF, lo que puede ser un problema en configuraciones multisitio."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-17xx/CVE-2024-1743.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1743",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-24T05:15:46.977",
"lastModified": "2024-04-24T05:15:46.977",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento de WordPress WooCommerce Customers Manager anterior a la versi\u00f3n 29.8 no sanitiza ni escapa de varios par\u00e1metros antes de devolverlos a p\u00e1ginas y atributos, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como administradores."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-17xx/CVE-2024-1756.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1756",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-24T05:15:47.020",
"lastModified": "2024-04-24T05:15:47.020",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name"
},
{
"lang": "es",
"value": "El complemento WooCommerce Customers Manager de WordPress anterior a 29.8 no tiene autorizaci\u00f3n ni CSRF en una acci\u00f3n AJAX, lo que permite a cualquier usuario autenticado, como un suscriptor, llamarlo y recuperar la lista de direcciones de correo electr\u00f3nico de los clientes junto con su identificaci\u00f3n, nombre y apellido."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-219xx/CVE-2024-21972.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21972",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-04-23T17:15:46.657",
"lastModified": "2024-04-23T17:15:46.657",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn out of bounds write vulnerability in the AMD Radeon\u2122 user mode driver for DirectX\u00ae\u00a011 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de escritura fuera de los l\u00edmites en el controlador de modo de usuario AMD Radeon\u2122 para DirectX\u00ae 11 podr\u00eda permitir que un atacante con acceso a un sombreador con formato incorrecto logre potencialmente la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-219xx/CVE-2024-21979.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21979",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-04-23T17:15:46.877",
"lastModified": "2024-04-23T17:15:46.877",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn out of bounds write vulnerability in the AMD Radeon\u2122 user mode driver for DirectX\u00ae\u00a011 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de escritura fuera de los l\u00edmites en el controlador de modo de usuario AMD Radeon\u2122 para DirectX\u00ae 11 podr\u00eda permitir que un atacante con acceso a un sombreador con formato incorrecto logre potencialmente la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-24xx/CVE-2024-2402.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2402",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-24T05:15:47.070",
"lastModified": "2024-04-24T05:15:47.070",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Better Comments de WordPress anterior a 1.5.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-24xx/CVE-2024-2404.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2404",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-24T05:15:47.113",
"lastModified": "2024-04-24T05:15:47.113",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento Better Comments de WordPress anterior a 1.5.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con pocos privilegios, como los suscriptores, realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-24xx/CVE-2024-2477.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2477",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-23T14:15:08.513",
"lastModified": "2024-04-23T14:15:08.513",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento wpDiscuz para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del campo 'Texto alternativo' de una imagen cargada en todas las versiones hasta la 7.6.15 incluido debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de autor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-269xx/CVE-2024-26922.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-26922",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-23T13:15:46.643",
"lastModified": "2024-04-23T13:15:46.643",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate the parameters of bo mapping operations more clearly\n\nVerify the parameters of\namdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: valide los par\u00e1metros de las operaciones de mapeo de bo con mayor claridad. Verifique los par\u00e1metros de amdgpu_vm_bo_(map/replace_map/clearing_mappings) en un lugar com\u00fan."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-281xx/CVE-2024-28130.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28130",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-04-23T15:15:49.390",
"lastModified": "2024-04-23T17:15:47.053",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de conversi\u00f3n de tipo incorrecta en la funcionalidad DVPSSoftcopyVOI_PList::createFromImage de OFFIS DCMTK 3.6.8. Un archivo con formato incorrecto especialmente dise\u00f1ado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-286xx/CVE-2024-28613.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28613",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-24T04:15:18.820",
"lastModified": "2024-04-24T04:15:18.820",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PHP Task Management System v.1.0 permite a un atacante remoto escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro task_id del componente task-details.php y edit-task.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-286xx/CVE-2024-28627.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28627",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T14:15:08.377",
"lastModified": "2024-04-23T14:15:08.377",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file."
},
{
"lang": "es",
"value": "Un problema en Flipsnack v.18/03/2024 permite que un atacante local obtenga informaci\u00f3n confidencial a trav\u00e9s del archivo reader.gz.js."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-288xx/CVE-2024-28825.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-28825",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-04-24T12:15:06.887",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://checkmk.com/werk/15198",
"source": "security@checkmk.com"
}
]
}

8
CVE-2024/CVE-2024-289xx/CVE-2024-28963.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28963",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-04-24T08:15:37.400",
"lastModified": "2024-04-24T08:15:37.400",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information."
},
{
"lang": "es",
"value": "Telemetry Dashboard v1.0.0.7 para Dell ThinOS 2402 contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial. Un usuario no autenticado con acceso local al dispositivo podr\u00eda aprovechar esta vulnerabilidad para leer informaci\u00f3n confidencial de configuraci\u00f3n del proxy."
}
],
"metrics": {

8
CVE-2024/CVE-2024-289xx/CVE-2024-28976.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28976",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-04-24T08:15:37.633",
"lastModified": "2024-04-24T08:15:37.633",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application."
},
{
"lang": "es",
"value": "Dell Repository Manager, versiones anteriores a la 3.4.5, contiene una vulnerabilidad de Path Traversal en el m\u00f3dulo API. Un atacante local con privilegios bajos podr\u00eda explotar esta vulnerabilidad para obtener acceso de escritura no autorizado a los archivos almacenados en el sistema de archivos del servidor con los privilegios de la aplicaci\u00f3n web en ejecuci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-289xx/CVE-2024-28977.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28977",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-04-24T08:15:37.897",
"lastModified": "2024-04-24T08:15:37.897",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application."
},
{
"lang": "es",
"value": "Dell Repository Manager, versiones 3.4.2 a 3.4.4, contiene una vulnerabilidad de path traversal en el m\u00f3dulo de registro. Un atacante local con privilegios bajos podr\u00eda explotar esta vulnerabilidad para obtener acceso de lectura no autorizado a los archivos almacenados en el sistema de archivos del servidor con los privilegios de la aplicaci\u00f3n web en ejecuci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-29xx/CVE-2024-2972.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2972",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-24T05:15:47.160",
"lastModified": "2024-04-24T05:15:47.160",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button de WordPress anterior a 3.1.9 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-308xx/CVE-2024-30800.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30800",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T13:15:46.700",
"lastModified": "2024-04-23T13:15:46.700",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function."
},
{
"lang": "es",
"value": "PX4 Autopilot v.1.14 permite a un atacante volar el dron a zonas de exclusi\u00f3n a\u00e9rea al romper la geocerca utilizando fallas en la funci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-308xx/CVE-2024-30886.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30886",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T22:15:07.140",
"lastModified": "2024-04-23T22:15:07.140",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en la funci\u00f3n de enlace remoto de HadSky v7.6.3 permite a los atacantes ejecutar scripts web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro URL."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-312xx/CVE-2024-31208.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31208",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T18:15:14.457",
"lastModified": "2024-04-23T18:15:14.457",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API."
},
{
"lang": "es",
"value": "Synapse es un servidor dom\u00e9stico Matrix de c\u00f3digo abierto. Un usuario remoto de Matrix con intenciones maliciosas, que comparte una sala con instancias de Synapse anteriores a 1.105.1, puede enviar eventos especialmente dise\u00f1ados para explotar una debilidad en el algoritmo de resoluci\u00f3n de estado V2. Esto puede inducir un alto consumo de CPU y acumular datos excesivos en la base de datos de dichas instancias, lo que resulta en una denegaci\u00f3n de servicio. Los servidores de federaciones privadas, o aquellos que no se federan, no se ven afectados. Los administradores del servidor deben actualizar a 1.105.1 o posterior. Algunas soluciones est\u00e1n disponibles. Se puede prohibir a los usuarios malintencionados o a los servidores de bloqueo ACL de las salas y/o abandonar la sala y purgarla utilizando la API de administraci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-314xx/CVE-2024-31406.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31406",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-24T06:15:13.443",
"lastModified": "2024-04-24T06:15:13.443",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa en RoamWiFi R10 anterior a 4.8.45. Si se explota esta vulnerabilidad, un atacante no autenticado adyacente a la red con acceso al dispositivo puede realizar operaciones no autorizadas."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-316xx/CVE-2024-31616.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31616",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T22:15:07.200",
"lastModified": "2024-04-23T22:15:07.200",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file."
},
{
"lang": "es",
"value": "Un problema descubierto en los routers RG-RSR10-01G-T(W)-S y RG-RSR10-01G-T(WA)-S con la versi\u00f3n de firmware RSR10-01G-T-S_RSR_3.0(1)B9P2, versi\u00f3n (07150910) ) permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del archivo common_quick_config.lua."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-318xx/CVE-2024-31804.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31804",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T15:15:49.750",
"lastModified": "2024-04-23T15:15:49.750",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta de servicio sin comillas en Terratec DMX_6Fire USB v.1.23.0.02 permite a un atacante local escalar privilegios a trav\u00e9s del componente Program.exe."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-320xx/CVE-2024-32051.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32051",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-24T06:15:14.040",
"lastModified": "2024-04-24T06:15:14.040",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information."
},
{
"lang": "es",
"value": "El problema de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro existe en RoamWiFi R10 antes de 4.8.45. Si se explota esta vulnerabilidad, un atacante no autenticado adyacente a la red con acceso al dispositivo puede obtener informaci\u00f3n confidencial."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-322xx/CVE-2024-32258.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32258",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T16:15:07.353",
"lastModified": "2024-04-23T16:15:07.353",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM."
},
{
"lang": "es",
"value": "El servidor de red de fceux 2.7.0 tiene una vulnerabilidad de path traversal, lo que permite a los atacantes sobrescribir cualquier archivo en el servidor sin autenticaci\u00f3n mediante una ROM falsa."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-324xx/CVE-2024-32482.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32482",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T18:15:14.810",
"lastModified": "2024-04-23T18:15:14.810",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey\u2019s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n del dispositivo de firma Tillitis TKey es una herramienta de firma ed25519. Se ha encontrado una vulnerabilidad que permite revelar partes de los datos del TKey en la RAM a trav\u00e9s de la interfaz USB. Para explotar la vulnerabilidad, un atacante necesita utilizar una aplicaci\u00f3n cliente personalizada y tocar la tecla TKey. No se revela ning\u00fan secreto. Todas las aplicaciones cliente que integran tkey-device-signer deben actualizarse a la versi\u00f3n 1.0.0 para recibir una soluci\u00f3n. No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-326xx/CVE-2024-32658.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32658",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T18:15:15.000",
"lastModified": "2024-04-23T18:15:15.000",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available."
},
{
"lang": "es",
"value": "FreeRDP es una implementaci\u00f3n gratuita del protocolo de escritorio remoto. Los clientes basados en FreeRDP anteriores a la versi\u00f3n 3.5.1 son vulnerables a lecturas fuera de los l\u00edmites. La versi\u00f3n 3.5.1 contiene un parche para el problema. No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-326xx/CVE-2024-32659.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32659",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T20:15:07.407",
"lastModified": "2024-04-23T20:15:07.407",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available."
},
{
"lang": "es",
"value": "FreeRDP es una implementaci\u00f3n gratuita del protocolo de escritorio remoto. Los clientes basados en FreeRDP anteriores a la versi\u00f3n 3.5.1 son vulnerables a lecturas fuera de los l\u00edmites si `((nWidth == 0) y (nHeight == 0))`. La versi\u00f3n 3.5.1 contiene un parche para el problema. No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-326xx/CVE-2024-32660.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32660",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T20:15:07.617",
"lastModified": "2024-04-23T20:15:07.617",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available."
},
{
"lang": "es",
"value": "FreeRDP es una implementaci\u00f3n gratuita del protocolo de escritorio remoto. Antes de la versi\u00f3n 3.5.1, un servidor malicioso pod\u00eda bloquear el cliente FreeRDP al enviar un tama\u00f1o de asignaci\u00f3n enorme no v\u00e1lido. La versi\u00f3n 3.5.1 contiene un parche para el problema. No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-326xx/CVE-2024-32661.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32661",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T20:15:07.800",
"lastModified": "2024-04-23T20:15:07.800",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available."
},
{
"lang": "es",
"value": "FreeRDP es una implementaci\u00f3n gratuita del protocolo de escritorio remoto. Los clientes basados en FreeRDP anteriores a la versi\u00f3n 3.5.1 son vulnerables a un posible acceso \"NULL\" y fallas. La versi\u00f3n 3.5.1 contiene un parche para el problema. No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-326xx/CVE-2024-32662.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32662",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T21:15:48.200",
"lastModified": "2024-04-23T21:15:48.200",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available."
},
{
"lang": "es",
"value": "FreeRDP es una implementaci\u00f3n gratuita del protocolo de escritorio remoto. Los clientes basados en FreeRDP anteriores a la versi\u00f3n 3.5.1 son vulnerables a lecturas fuera de los l\u00edmites. Esto ocurre cuando la cadena `WCHAR` se lee con el doble de tama\u00f1o que tiene y se convierte a `UTF-8`, decodificada `base64`. La cadena solo se usa para comparar con el certificado del servidor de redirecci\u00f3n. La versi\u00f3n 3.5.1 contiene un parche para el problema. No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-326xx/CVE-2024-32679.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32679",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-23T15:15:49.823",
"lastModified": "2024-04-23T15:15:49.823",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Shared Files PRO Shared Files. Este problema afecta a Shared Files: desde n/a hasta 1.7.16."
}
],
"metrics": {

4
CVE-2024/CVE-2024-327xx/CVE-2024-32702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32702",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:47.060",
"lastModified": "2024-04-24T11:15:47.060",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-327xx/CVE-2024-32706.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32706",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T09:15:06.690",
"lastModified": "2024-04-24T09:15:06.690",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Repute info systems ARForms. Este problema afecta a ARForms: desde n/a hasta 6.4."
}
],
"metrics": {

4
CVE-2024/CVE-2024-327xx/CVE-2024-32707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32707",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:47.237",
"lastModified": "2024-04-24T11:15:47.237",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-327xx/CVE-2024-32709.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32709",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:38.087",
"lastModified": "2024-04-24T08:15:38.087",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Plechev Andrey WP-Recall. Este problema afecta a WP-Recall: desde n/a hasta 16.26.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-327xx/CVE-2024-32710.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32710",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:38.287",
"lastModified": "2024-04-24T08:15:38.287",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Plechev Andrey WP-Recall. Este problema afecta a WP-Recall: desde n/a hasta 16.26.5."
}
],
"metrics": {

4
CVE-2024/CVE-2024-327xx/CVE-2024-32711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32711",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:47.423",
"lastModified": "2024-04-24T11:15:47.423",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-327xx/CVE-2024-32716.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32716",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:38.463",
"lastModified": "2024-04-24T08:15:38.463",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.8.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en StreamWeasels StreamWeasels Twitch Integration. Este problema afecta la integraci\u00f3n de Twitch de StreamWeasels: desde n/a hasta 1.7.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-327xx/CVE-2024-32718.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32718",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:38.713",
"lastModified": "2024-04-24T08:15:38.713",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Webangon The Pack Elementor. Este problema afecta a los complementos de The Pack Elementor: desde n/a hasta 2.0.8.2."
}
],
"metrics": {

4
CVE-2024/CVE-2024-327xx/CVE-2024-32721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32721",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T10:15:06.527",
"lastModified": "2024-04-24T10:15:06.527",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-327xx/CVE-2024-32722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32722",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T10:15:07.037",
"lastModified": "2024-04-24T10:15:07.037",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-327xx/CVE-2024-32723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32723",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T10:15:07.213",
"lastModified": "2024-04-24T10:15:07.213",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-327xx/CVE-2024-32726.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32726",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:38.913",
"lastModified": "2024-04-24T08:15:38.913",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en vinoth06. Frontend Dashboard. Este problema afecta al Panel frontal: desde n/a hasta 2.2.2."
}
],
"metrics": {

4
CVE-2024/CVE-2024-327xx/CVE-2024-32772.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32772",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:47.603",
"lastModified": "2024-04-24T11:15:47.603",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-327xx/CVE-2024-32775.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32775",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:39.103",
"lastModified": "2024-04-24T08:15:39.103",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Pavex Embed Google Photos album. Este problema afecta al \u00e1lbum Embed Google Photos: desde n/a hasta 2.1.9."
}
],
"metrics": {

8
CVE-2024/CVE-2024-327xx/CVE-2024-32780.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32780",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:39.303",
"lastModified": "2024-04-24T08:15:39.303",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in E4J s.R.L. VikRentCar.This issue affects VikRentCar: from n/a through 1.3.2.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en E4J sRL VikRentCar. Este problema afecta a VikRentCar: desde n/a hasta 1.3.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-327xx/CVE-2024-32781.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32781",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:39.490",
"lastModified": "2024-04-24T08:15:39.490",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en ThemeHigh Email Customizer para WooCommerce. Este problema afecta al Email Customizer para WooCommerce: desde n/a hasta 2.6.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-327xx/CVE-2024-32782.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32782",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:39.673",
"lastModified": "2024-04-24T08:15:39.673",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en HasThemes HT Mega. Este problema afecta a HT Mega: desde n/a hasta 2.4.7."
}
],
"metrics": {

4
CVE-2024/CVE-2024-327xx/CVE-2024-32785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32785",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:47.793",
"lastModified": "2024-04-24T11:15:47.793",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-327xx/CVE-2024-32788.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32788",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:39.857",
"lastModified": "2024-04-24T08:15:39.857",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2.\n\n"
},
{
"lang": "es",
"value": "Inserci\u00f3n de informaci\u00f3n confidencial en la vulnerabilidad del archivo de registro en Fr\u00e9d\u00e9ric GILLES FG Joomla a WordPress. Este problema afecta a FG Joomla a WordPress: desde n/a hasta 4.20.2."
}
],
"metrics": {

4
CVE-2024/CVE-2024-327xx/CVE-2024-32789.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32789",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:47.967",
"lastModified": "2024-04-24T11:15:47.967",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-327xx/CVE-2024-32791.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32791",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T09:15:06.910",
"lastModified": "2024-04-24T09:15:06.910",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Leap13 Premium Addons for Elementor permite almacenar XSS. Este problema afecta a los complementos premium para Elementor: desde n/a hasta 4.10.25."
}
],
"metrics": {

8
CVE-2024/CVE-2024-327xx/CVE-2024-32796.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32796",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:40.047",
"lastModified": "2024-04-24T08:15:40.047",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through 3.42.10.\n\n"
},
{
"lang": "es",
"value": "Inserci\u00f3n de informaci\u00f3n confidencial en la vulnerabilidad del archivo de registro en Very Good Plugins WP Fusion Lite. Este problema afecta a WP Fusion Lite: desde n/a hasta 3.42.10."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32801.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32801",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T09:15:07.167",
"lastModified": "2024-04-24T09:15:07.167",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin Widget Post Slider allows Stored XSS.This issue affects Widget Post Slider: from n/a through 1.3.5.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ShapedPlugin Widget Post Slider permite almacenar XSS. Este problema afecta al Widget Post Slider: desde n/a hasta 1.3.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32803.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32803",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:40.233",
"lastModified": "2024-04-24T08:15:40.233",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.This issue affects SuperFaktura WooCommerce: from n/a through 1.40.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en 2day.Sk, Webikon SuperFaktura WooCommerce. Este problema afecta a SuperFaktura WooCommerce: desde n/a hasta 1.40.3."
}
],
"metrics": {

4
CVE-2024/CVE-2024-328xx/CVE-2024-32808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32808",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:48.140",
"lastModified": "2024-04-24T11:15:48.140",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-328xx/CVE-2024-32812.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32812",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:40.457",
"lastModified": "2024-04-24T08:15:40.457",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Podlove Podlove Podcast Publisher. Este problema afecta a Podlove Podcast Publisher: desde n/a hasta 4.0.11."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32815.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32815",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T09:15:07.580",
"lastModified": "2024-04-24T09:15:07.580",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters All-in-one Like Widget allows Stored XSS.This issue affects All-in-one Like Widget: from n/a through 2.2.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Jeroen Peters All-in-one Like Widget permite almacenar XSS. Este problema afecta el widget Me gusta todo en uno: desde n/a hasta 2.2.7 ."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32816.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32816",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:40.653",
"lastModified": "2024-04-24T08:15:40.653",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en PickPlugins Post Grid. Este problema afecta a Post Grid: desde n/a hasta 2.2.78."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32817.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32817",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:40.840",
"lastModified": "2024-04-24T08:15:40.840",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Import and export users and customers. Este problema afecta a los usuarios y clientes de importaci\u00f3n y exportaci\u00f3n: desde n/a hasta 1.26.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32819.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32819",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T07:15:47.900",
"lastModified": "2024-04-24T07:15:47.900",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Culqi. Este problema afecta a Culqi: desde n/a hasta 3.0.14."
}
],
"metrics": {

4
CVE-2024/CVE-2024-328xx/CVE-2024-32823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32823",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:48.320",
"lastModified": "2024-04-24T11:15:48.320",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-328xx/CVE-2024-32825.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32825",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:41.030",
"lastModified": "2024-04-24T08:15:41.030",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in Patrick Posner Simply Static.This issue affects Simply Static: from n/a through 3.1.3.\n\n"
},
{
"lang": "es",
"value": "Inserci\u00f3n de informaci\u00f3n confidencial en la vulnerabilidad del archivo de registro en Patrick Posner Simply Static. Este problema afecta a Simply Static: desde n/a hasta 3.1.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32833.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32833",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T09:15:07.887",
"lastModified": "2024-04-24T09:15:07.887",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Halsey List Custom Taxonomy Widget allows Stored XSS.This issue affects List Custom Taxonomy Widget: from n/a through 4.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Nick Halsey List Custom Taxonomy Widget permite almacenar XSS. Este problema afecta el widget de taxonom\u00eda personalizada de lista: desde n/a hasta 4.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32834.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T09:15:08.177",
"lastModified": "2024-04-24T09:15:08.177",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce Shipping Label allows Stored XSS.This issue affects WooCommerce Shipping Label: from n/a through 2.3.8.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en WebToffee WooCommerce Shipping Label permite almacenar XSS. Este problema afecta a WooCommerce Shipping Label: desde n/a hasta 2.3.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32835.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32835",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:41.213",
"lastModified": "2024-04-24T08:15:41.213",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32836.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32836",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:41.443",
"lastModified": "2024-04-24T08:15:41.443",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WP Lab WP-Lister Lite para eBay. Este problema afecta a WP-Lister Lite para eBay: desde n/a hasta 3.5.11."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32866.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32866",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T21:15:48.407",
"lastModified": "2024-04-23T21:15:48.407",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue.\n"
},
{
"lang": "es",
"value": "Conform, una librer\u00eda de validaci\u00f3n de formularios con seguridad de tipos, permite el an\u00e1lisis de objetos anidados en forma de `object.property`. Debido a una implementaci\u00f3n incorrecta de esta caracter\u00edstica en versiones anteriores a la 1.1.1, un atacante puede explotar la caracter\u00edstica para desencadenar la contaminaci\u00f3n del prototipo pasando una entrada manipulada a las funciones `parseWith...`. Esta vulnerabilidad afecta a las aplicaciones que utilizan conform para la validaci\u00f3n del lado del servidor de datos de formulario o par\u00e1metros de URL. La versi\u00f3n 1.1.1 contiene un parche para el problema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32869.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32869",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T21:15:48.623",
"lastModified": "2024-04-23T21:15:48.623",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue."
},
{
"lang": "es",
"value": "Hono es un framework de aplicaci\u00f3n web que brinda soporte para cualquier tiempo de ejecuci\u00f3n de JavaScript. Antes de la versi\u00f3n 4.2.7, cuando se usabaserveStatic con deno, era posible recorrer el directorio donde se encontraba `main.ts`. Esto puede resultar en la recuperaci\u00f3n de archivos inesperados. La versi\u00f3n 4.2.7 contiene un parche para el problema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32875.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32875",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-23T21:15:48.837",
"lastModified": "2024-04-23T21:15:48.837",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The issue is patched in v0.125.3. As a workaround, replace the templates with user defined templates or disable the internal templates."
},
{
"lang": "es",
"value": "Hugo es un generador de sitios est\u00e1ticos. A partir de la versi\u00f3n 0.123.0 y antes de la versi\u00f3n 0.125.3, los argumentos de t\u00edtulo en Markdown para enlaces e im\u00e1genes no escaparon en ganchos de renderizado internos. Los usuarios de Hugo que se ven afectados son aquellos que tienen estos enlaces habilitados y no conf\u00edan en sus archivos de contenido de Markdown. El problema se solucion\u00f3 en v0.125.3. Como workaround, reemplace las plantillas con plantillas definidas por el usuario o desactive las plantillas internas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-329xx/CVE-2024-32948.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32948",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T07:15:48.320",
"lastModified": "2024-04-24T07:15:48.320",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Repute Infosystems ARMember. Este problema afecta a ARMember: desde n/a hasta 4.0.28."
}
],
"metrics": {

8
CVE-2024/CVE-2024-329xx/CVE-2024-32950.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32950",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T09:15:08.480",
"lastModified": "2024-04-24T09:15:08.480",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.This issue affects WP Media Category Management: from n/a through 2.2.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en DeBAAT WP Media Category Management permite Reflected XSS. Este problema afecta a WP Media Category Management: desde n/a hasta 2.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-329xx/CVE-2024-32951.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32951",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T07:15:48.727",
"lastModified": "2024-04-24T07:15:48.727",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en BloomPixel Max Addons Pro for Bricks. Este problema afecta a Max Addons Pro for Bricks: desde n/a hasta 1.6.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-329xx/CVE-2024-32952.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32952",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T09:15:08.780",
"lastModified": "2024-04-24T09:15:08.780",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en BloomPixel Max Addons Pro for Bricks permite Reflected XSS. Este problema afecta a Max Addons Pro for Bricks: desde n/a hasta 1.6.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-329xx/CVE-2024-32953.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32953",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T08:15:41.640",
"lastModified": "2024-04-24T08:15:41.640",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en un archivo de registro en Newsletters. Este problema afecta a Newsletters: desde n/a hasta 4.9.5."
}
],
"metrics": {

4
CVE-2024/CVE-2024-329xx/CVE-2024-32954.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32954",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T11:15:48.500",
"lastModified": "2024-04-24T11:15:48.500",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-329xx/CVE-2024-32955.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32955",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T07:15:49.020",
"lastModified": "2024-04-24T07:15:49.020",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Foliovision FV Flowplayer Video Player. Este problema afecta al FV Flowplayer Video Player: desde n/a hasta 7.5.43.7212."
}
],
"metrics": {

4
CVE-2024/CVE-2024-329xx/CVE-2024-32956.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32956",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T09:15:08.990",
"lastModified": "2024-04-24T09:15:08.990",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-32xx/CVE-2024-3261.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3261",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-24T05:15:47.207",
"lastModified": "2024-04-24T05:15:47.207",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed"
},
{
"lang": "es",
"value": "El complemento Strong Testimonials de WordPress anterior a 3.1.12 no valida ni escapa algunos de sus campos de testimonios antes de devolverlos a una p\u00e1gina/publicaci\u00f3n, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross-Site Scripting Almacenado. El ataque requiere que se realice una vista espec\u00edfica."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-332xx/CVE-2024-33211.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33211",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T15:15:50.030",
"lastModified": "2024-04-23T15:15:50.030",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda FH1206 V1.2.0.8(8155)_EN contiene una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro PPPOEPassword en ip/goform/QuickIndex."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-332xx/CVE-2024-33212.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33212",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T15:15:50.090",
"lastModified": "2024-04-23T15:15:50.090",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda FH1206 V1.2.0.8(8155)_EN contiene una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro funcpara1 en ip/goform/setcfm."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-332xx/CVE-2024-33213.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33213",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T15:15:50.150",
"lastModified": "2024-04-23T15:15:50.150",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda FH1206 V1.2.0.8(8155)_EN contiene una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro mitInterface en ip/goform/RouteStatic."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-332xx/CVE-2024-33214.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33214",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T15:15:50.197",
"lastModified": "2024-04-23T15:15:50.197",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda FH1206 V1.2.0.8(8155)_EN contiene una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro de entradas en ip/goform/RouteStatic."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-332xx/CVE-2024-33215.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33215",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T15:15:50.250",
"lastModified": "2024-04-23T15:15:50.250",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda FH1206 V1.2.0.8(8155)_EN contiene una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro mitInterface en ip/goform/addressNat."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-332xx/CVE-2024-33217.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33217",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-23T15:15:50.300",
"lastModified": "2024-04-23T15:15:50.300",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda FH1206 V1.2.0.8(8155)_EN contiene una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro de p\u00e1gina en ip/goform/addressNat."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-335xx/CVE-2024-33531.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33531",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-24T06:15:14.210",
"lastModified": "2024-04-24T06:15:14.210",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM."
},
{
"lang": "es",
"value": "cdbattags lua-resty-jwt 0.2.3 permite a los atacantes eludir todas las comprobaciones de firmas de an\u00e1lisis JWT creando un JWT con un encabezado enc con el valor A256GCM."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-33xx/CVE-2024-3367.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-3367",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-04-16T12:15:10.463",
"lastModified": "2024-04-16T13:24:07.103",
"lastModified": "2024-04-24T12:15:07.093",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p25 and <2.3.0b5 allows local attacker to inject one argument to runmqsc"
"value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc"
},
{
"lang": "es",

8
CVE-2024/CVE-2024-39xx/CVE-2024-3911.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3911",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-04-23T13:15:46.770",
"lastModified": "2024-04-23T13:15:46.770",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can\u00a0deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames.\u00a0\n"
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede enga\u00f1ar a los usuarios para que realicen acciones no deseadas debido a una restricci\u00f3n inadecuada de las capas o frameworks de la interfaz de usuario renderizados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-40xx/CVE-2024-4062.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4062",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-23T19:15:46.553",
"lastModified": "2024-04-23T19:15:46.553",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Hualai Xiaofang iSC5 3.2.2_112 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida es afectada por este problema. La manipulaci\u00f3n conduce a una validaci\u00f3n incorrecta del certificado. El ataque puede lanzarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El identificador de esta vulnerabilidad es VDB-261788. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-40xx/CVE-2024-4063.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4063",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-23T19:15:46.870",
"lastModified": "2024-04-23T19:15:46.870",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-261789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628 y clasificada como problem\u00e1tica. Una parte desconocida del componente Davinci Application afecta a una parte desconocida. La manipulaci\u00f3n conduce a una validaci\u00f3n incorrecta del certificado. Es posible iniciar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-261789. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-40xx/CVE-2024-4064.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4064",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-23T20:15:07.997",
"lastModified": "2024-04-23T20:15:07.997",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tenda AC8 16.03.34.09. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n R7WebsSecurityHandler del archivo /goform/execCommand. La manipulaci\u00f3n del argumento contrase\u00f1a provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-261790 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-40xx/CVE-2024-4065.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4065",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-23T20:15:08.223",
"lastModified": "2024-04-23T20:15:08.223",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tenda AC8 16.03.34.09. Ha sido calificada como cr\u00edtica. Este problema afecta a la funci\u00f3n formSetRebootTimer del archivo /goform/SetRebootTimer. La manipulaci\u00f3n del argumento rebootTime provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-261791. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-40xx/CVE-2024-4066.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4066",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-23T21:15:49.040",
"lastModified": "2024-04-23T21:15:49.040",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Tenda AC8 16.03.34.09 y clasificada como cr\u00edtica. La funci\u00f3n fromAdvSetMacMtuWan del fichero /goform/AdvSetMacMtuWan es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento wanMTU/wanSpeed/cloneType/mac/serviceName/serverName provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-261792. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-40xx/CVE-2024-4069.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-4069",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-23T22:15:07.257",
"lastModified": "2024-04-23T22:15:07.257",
"vulnStatus": "Received",
"lastModified": "2024-04-24T13:39:42.883",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Online Furniture Shopping Ecommerce Website 1.0 y clasificada como cr\u00edtica. Una parte desconocida del archivo search.php afecta a esta vulnerabilidad. La manipulaci\u00f3n del argumento txtSearch conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-261795."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More