admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-07T16:00:18.905202+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-07 16:03:12 +00:00
parent 087e033742
commit c53caff8e2
194 changed files with 1681 additions and 577 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-49xx/CVE-2022-4968.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-4968",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-06-07T01:15:49.463",
"lastModified": "2024-06-07T01:15:49.463",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "netplan leaks the private key of wireguard to local users. A security fix will be released soon."
},
{
"lang": "es",
"value": "netplan filtra la clave privada de wireguard a los usuarios locales. Pronto se publicar\u00e1 una soluci\u00f3n de seguridad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-324xx/CVE-2023-32475.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32475",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-07T03:15:08.950",
"lastModified": "2024-06-07T03:15:08.950",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
},
{
"lang": "es",
"value": "El BIOS de Dell contiene una falta de soporte para la vulnerabilidad de verificaci\u00f3n de integridad. Un atacante con acceso f\u00edsico al sistema podr\u00eda potencialmente eludir los mecanismos de seguridad para ejecutar c\u00f3digo arbitrario en el sistema."
}
],
"metrics": {

20
CVE-2023/CVE-2023-334xx/CVE-2023-33461.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33461",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.547",
"lastModified": "2023-11-07T04:14:55.163",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-07T14:11:55.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iniparser_project:iniparser:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26DCED98-868B-4A1E-8659-0A4AAD370E89"
"criteria": "cpe:2.3:a:ndevilla:iniparser:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90A0D9C2-3EC9-42A8-A01F-1D90B64994EC"
}
]
}
@ -79,11 +79,19 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASV7SEDHGCP63GYAFEW3CTTVQDZM5RIK/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAIP5AURSTWIQOOP7G4CXYJ5IIGPY3Q/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-375xx/CVE-2023-37539.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37539",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-06-06T23:15:48.720",
"lastModified": "2024-06-06T23:15:48.720",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it."
},
{
"lang": "es",
"value": "The Domino Catalog template es susceptible a una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Un atacante con la capacidad de editar documentos en la aplicaci\u00f3n/base de datos del cat\u00e1logo creada a partir de esta plantilla puede incrustar un ataque de Cross-site Scripting. El ataque se activar\u00eda si un usuario final hiciera clic en \u00e9l."
}
],
"metrics": {

8
CVE-2023/CVE-2023-451xx/CVE-2023-45192.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45192",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-06T19:15:50.730",
"lastModified": "2024-06-06T19:15:50.730",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758."
},
{
"lang": "es",
"value": "IBM Engineering Requisitos Management DOORS Next 7.0.2 y 7.0.3 es vulnerable a un ataque de inyecci\u00f3n de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria. ID de IBM X-Force: 268758."
}
],
"metrics": {

8
CVE-2023/CVE-2023-494xx/CVE-2023-49441.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49441",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:09.843",
"lastModified": "2024-06-06T22:15:09.843",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query."
},
{
"lang": "es",
"value": "dnsmasq 2.9 es vulnerable al desbordamiento de enteros a trav\u00e9s de forward_query."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-500xx/CVE-2023-50026.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50026",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T08:15:08.460",
"lastModified": "2024-02-15T19:32:40.610",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-07T14:12:14.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -59,9 +59,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:presta_monster:multi_accessories_pro:*:*:*:*:*:prestashop:*:*",
"criteria": "cpe:2.3:a:prestamonster:multi_accessories_pro:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "5.3.0",
"matchCriteriaId": "2DBE08C3-40E8-45D0-ACDE-D2CB868ABD12"
"matchCriteriaId": "BCD2D724-CE66-49E3-9FBD-81BD076E654C"
}
]
}

8
CVE-2023/CVE-2023-518xx/CVE-2023-51847.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51847",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:09.950",
"lastModified": "2024-06-06T22:15:09.950",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component."
},
{
"lang": "es",
"value": "Un problema en obgm y Libcoap v.a3ed466 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n coap_context_t en el componente src/coap_threadsafe.c:297:3."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-54xx/CVE-2023-5424.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5424",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T10:15:10.150",
"lastModified": "2024-06-07T10:15:10.150",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."
},
{
"lang": "es",
"value": "El complemento WS Form LITE para WordPress es vulnerable a la inyecci\u00f3n CSV en versiones hasta la 1.9.217 incluida. Esto permite a atacantes no autenticados incrustar entradas que no son de confianza en archivos CSV exportados, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo cuando estos archivos se descargan y abren en un sistema local con una configuraci\u00f3n vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-61xx/CVE-2023-6199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6199",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-11-20T23:15:06.877",
"lastModified": "2023-11-29T17:28:30.710",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-07T14:12:05.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -89,8 +89,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bookstackapp:book_stack:23.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A210C8C1-0AAD-47FE-8138-EFBB82D919C8"
"criteria": "cpe:2.3:a:bookstackapp:bookstack:23.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD6112A9-D59F-486E-9551-F5FB1434E4E3"
}
]
}

8
CVE-2023/CVE-2023-64xx/CVE-2023-6491.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6491",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T06:15:09.320",
"lastModified": "2024-06-07T06:15:09.320",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views."
},
{
"lang": "es",
"value": "El complemento Strong Testimonials para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una verificaci\u00f3n de capacidad incorrecta en la funci\u00f3n wpmtst_save_view_sticky en todas las versiones hasta la 3.1.12 incluida. Esto hace posible que los atacantes autenticados, con acceso de colaborador y superior, modifiquen las vistas favoritas."
}
],
"metrics": {

8
CVE-2023/CVE-2023-68xx/CVE-2023-6876.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6876",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T02:15:08.933",
"lastModified": "2024-06-07T02:15:08.933",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Clever Fox \u2013 One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site."
},
{
"lang": "es",
"value": "El complemento Clever Fox \u2013 One Click Website Importer de Nayra Themes para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'clever-fox-activate-theme' en todas las versiones hasta la 25.2.0 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor y superior, modifiquen el tema activo, incluso a un valor no v\u00e1lido que puede hacer caer el sitio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-05xx/CVE-2024-0520.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0520",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:51.187",
"lastModified": "2024-06-06T19:15:51.187",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad en mlflow/mlflow versi\u00f3n 8.2.1 permite la ejecuci\u00f3n remota de c\u00f3digo debido a la neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo (\"Inyecci\u00f3n de comandos\") dentro del m\u00f3dulo `mlflow.data.http_dataset_source.py`. Espec\u00edficamente, cuando se carga un conjunto de datos desde una URL de origen con un esquema HTTP, el nombre de archivo extra\u00eddo del encabezado `Content-Disposition` o la ruta URL se utiliza para generar la ruta final del archivo sin una sanitizaci\u00f3n adecuada. Esta falla permite a un atacante controlar completamente la ruta del archivo mediante el uso de t\u00e9cnicas de path traversal o de ruta absoluta, como '../../tmp/poc.txt' o '/tmp/poc.txt', lo que lleva a la escritura arbitraria de archivos. Explotar esta vulnerabilidad podr\u00eda permitir que un usuario malintencionado ejecute comandos en la m\u00e1quina vulnerable, obteniendo potencialmente acceso a datos e informaci\u00f3n del modelo. El problema se solucion\u00f3 en la versi\u00f3n 2.9.0. "
}
],
"metrics": {

8
CVE-2024/CVE-2024-16xx/CVE-2024-1689.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1689",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T02:15:09.203",
"lastModified": "2024-06-07T02:15:09.203",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules."
},
{
"lang": "es",
"value": "El complemento WooCommerce Tools para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n woocommerce_tool_toggle_module() en todas las versiones hasta la 1.2.9 incluida. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, desactiven m\u00f3dulos de complementos arbitrarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-17xx/CVE-2024-1768.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1768",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T03:15:09.237",
"lastModified": "2024-06-07T03:15:09.237",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Clever Fox para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del bloque de cuadro de informaci\u00f3n del complemento en todas las versiones hasta la 25.2.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-18xx/CVE-2024-1873.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1873",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:51.460",
"lastModified": "2024-06-06T19:15:51.460",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the `DiscussionsDB` instance. This flaw enables attackers to create directories anywhere on the system where the application has permissions, potentially leading to denial of service by creating directories with names of critical files, such as HTTPS certificate files, causing server startup failures. Additionally, attackers can manipulate the database path, resulting in the loss of client data by constantly changing the file location to an attacker-controlled location, scattering the data across the filesystem and making recovery difficult."
},
{
"lang": "es",
"value": "parisneo/lollms-webui es vulnerable a ataques de path traversal y denegaci\u00f3n de servicio debido a un endpoint `/select_database` expuesto en la versi\u00f3n a9d16b0. El endpoint maneja incorrectamente las rutas de los archivos, lo que permite a los atacantes especificar rutas absolutas al interactuar con la instancia `DiscussionsDB`. Esta falla permite a los atacantes crear directorios en cualquier parte del sistema donde la aplicaci\u00f3n tenga permisos, lo que podr\u00eda provocar una denegaci\u00f3n de servicio al crear directorios con nombres de archivos cr\u00edticos, como archivos de certificados HTTPS, lo que provoca fallas en el inicio del servidor. Adem\u00e1s, los atacantes pueden manipular la ruta de la base de datos, lo que resulta en la p\u00e9rdida de datos del cliente al cambiar constantemente la ubicaci\u00f3n del archivo a una ubicaci\u00f3n controlada por el atacante, dispersando los datos por todo el sistema de archivos y dificultando la recuperaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-18xx/CVE-2024-1879.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1879",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:12.827",
"lastModified": "2024-06-06T18:15:12.827",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for arbitrary origins by default, allowing the attacker to read the response of all cross-site queries. This vulnerability was addressed in version 5.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la versi\u00f3n v0.5.0 de significant-gravitas/autogpt permite a los atacantes ejecutar comandos arbitrarios en el servidor AutoGPT. La vulnerabilidad se debe a la falta de protecci\u00f3n en el endpoint API que recibe instrucciones, lo que permite a un atacante dirigir a un usuario que ejecuta AutoGPT en su red local a un sitio web malicioso. Luego, este sitio puede enviar solicitudes manipuladas al servidor AutoGPT, lo que lleva a la ejecuci\u00f3n del comando. El problema se ve agravado por el hecho de que CORS est\u00e1 habilitado para or\u00edgenes arbitrarios de forma predeterminada, lo que permite al atacante leer la respuesta de todas las consultas entre sitios. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 5.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-18xx/CVE-2024-1880.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1880",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:51.703",
"lastModified": "2024-06-06T19:15:51.703",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the `_speech` method of the MacOSTTS class. Specifically, the use of `os.system` to execute the `say` command with user-supplied text allows for arbitrary code execution if an attacker can inject shell commands. This issue is triggered when the AutoGPT instance is run with the `--speak` option enabled and configured with `TEXT_TO_SPEECH_PROVIDER=macos`, reflecting back a shell injection snippet. The impact of this vulnerability is the potential execution of arbitrary code on the instance running AutoGPT. The issue was addressed in version 5.1.0."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la clase MacOSTTS Text-To-Speech de MacOS del proyecto significant-gravitas/autogpt, que afecta a las versiones hasta la v0.5.0. La vulnerabilidad surge de la neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo dentro del m\u00e9todo `_speech` de la clase MacOSTTS. Espec\u00edficamente, el uso de `os.system` para ejecutar el comando `say` con texto proporcionado por el usuario permite la ejecuci\u00f3n de c\u00f3digo arbitrario si un atacante puede inyectar comandos de shell. Este problema se activa cuando la instancia de AutoGPT se ejecuta con la opci\u00f3n `--speak` habilitada y configurada con `TEXT_TO_SPEECH_PROVIDER=macos`, lo que refleja un fragmento de inyecci\u00f3n de shell. El impacto de esta vulnerabilidad es la posible ejecuci\u00f3n de c\u00f3digo arbitrario en la instancia que ejecuta AutoGPT. El problema se solucion\u00f3 en la versi\u00f3n 5.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-18xx/CVE-2024-1881.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1881",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:51.920",
"lastModified": "2024-06-06T19:15:51.920",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands."
},
{
"lang": "es",
"value": "AutoGPT, un componente de significant-gravitas/autogpt, es vulnerable a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comando del sistema operativo') debido a una falla en su funci\u00f3n de validaci\u00f3n del comando de shell. Espec\u00edficamente, la vulnerabilidad existe en las versiones v0.5.0 hasta la 5.1.0, pero no incluida. El problema surge del m\u00e9todo de la aplicaci\u00f3n para validar los comandos del shell con una lista de permitidos o de denegados, donde solo verifica la primera palabra del comando. Esto permite a un atacante eludir las restricciones previstas creando comandos que se ejecutan a pesar de no estar en la lista de permitidos o incluyendo comandos maliciosos que no est\u00e1n presentes en la lista de prohibidos. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar comandos de shell arbitrarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-19xx/CVE-2024-1988.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1988",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T04:15:25.850",
"lastModified": "2024-06-07T04:15:25.850",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo 'etiqueta' en bloques en todas las versiones hasta la 2.2.80 incluida por insuficiente sanitizaci\u00f3n de insumos y escape de salida. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-20xx/CVE-2024-2032.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2032",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:53.060",
"lastModified": "2024-06-06T19:15:53.060",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en las versiones de zenml-io/zenml hasta la 0.55.3 incluida, que permite la creaci\u00f3n de m\u00faltiples usuarios con el mismo nombre de usuario cuando las solicitudes se env\u00edan en paralelo. Este problema se solucion\u00f3 en la versi\u00f3n 0.55.5. La vulnerabilidad surge debido al manejo insuficiente de solicitudes simult\u00e1neas de creaci\u00f3n de usuarios, lo que genera inconsistencias en los datos y posibles problemas de autenticaci\u00f3n. Espec\u00edficamente, los procesos simult\u00e1neos pueden sobrescribir o da\u00f1ar los datos del usuario, complicando la identificaci\u00f3n del usuario y planteando riesgos de seguridad. Este problema es particularmente preocupante para las API que dependen de nombres de usuario como par\u00e1metros de entrada, como PUT /api/v1/users/test_race, donde podr\u00eda generar m\u00e1s complicaciones."
}
],
"metrics": {

8
CVE-2024/CVE-2024-20xx/CVE-2024-2035.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2035",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:53.313",
"lastModified": "2024-06-06T19:15:53.313",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de autorizaci\u00f3n incorrecta en el repositorio zenml-io/zenml, espec\u00edficamente dentro del endpoint API PUT /api/v1/users/id. Esta vulnerabilidad permite que cualquier usuario autenticado modifique la informaci\u00f3n de otros usuarios, incluido cambiar el estado \"activo\" de las cuentas de usuario a falso, desactiv\u00e1ndolas efectivamente. Este problema afecta a la versi\u00f3n 0.55.3 y se solucion\u00f3 en la versi\u00f3n 0.56.2. El impacto de esta vulnerabilidad es significativo ya que permite la desactivaci\u00f3n de cuentas de administrador, lo que potencialmente altera la funcionalidad y seguridad de la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-21xx/CVE-2024-2171.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2171",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:53.647",
"lastModified": "2024-06-06T19:15:53.647",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el repositorio zenml-io/zenml, espec\u00edficamente dentro del campo 'logo_url'. Al inyectar cargas maliciosas en este campo, un atacante podr\u00eda enviar mensajes da\u00f1inos a otros usuarios, comprometiendo potencialmente sus cuentas. La vulnerabilidad afecta a la versi\u00f3n 0.55.3 y se solucion\u00f3 en la versi\u00f3n 0.56.2. El impacto de explotar esta vulnerabilidad podr\u00eda comprometer la cuenta del usuario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-220xx/CVE-2024-22074.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22074",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T21:15:48.180",
"lastModified": "2024-06-06T21:15:48.180",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212."
},
{
"lang": "es",
"value": "Dynamsoft Service 1.8.1025 a 1.8.2013, 1.7.0330 a 1.7.2531, 1.6.0428 a 1.6.1112, 1.5.0625 a 1.5.3116, 1.4.0618 a 1.4.1230 y 1.0.516 a 1.3.0115 tiene control de acceso incorrecto. Esto se solucion\u00f3 en 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212 y 1.3.3212."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-223xx/CVE-2024-22326.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22326",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-06T19:15:52.137",
"lastModified": "2024-06-06T19:15:52.137",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. \u00a0 IBM X-Force ID: 279518."
},
{
"lang": "es",
"value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0 y 89.40.93.0 podr\u00edan permitir a un usuario remoto crear una conexi\u00f3n LDAP con un nombre de usuario v\u00e1lido y una contrase\u00f1a vac\u00eda para establecer una conexi\u00f3n an\u00f3nima. ID de IBM X-Force: 279518."
}
],
"metrics": {

8
CVE-2024/CVE-2024-225xx/CVE-2024-22524.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22524",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.043",
"lastModified": "2024-06-06T22:15:10.043",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "dnspod-sr 0dfbd37 is vulnerable to buffer overflow."
},
{
"lang": "es",
"value": "dnspod-sr 0dfbd37 es vulnerable al desbordamiento del b\u00fafer."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-225xx/CVE-2024-22525.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22525",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.127",
"lastModified": "2024-06-06T22:15:10.127",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "dnspod-sr 0dfbd37 contains a SEGV."
},
{
"lang": "es",
"value": "dnspod-sr 0dfbd37 contiene un SEGV."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-22xx/CVE-2024-2213.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2213",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:53.890",
"lastModified": "2024-06-06T19:15:53.890",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en las versiones de zenml-io/zenml hasta la 0.55.4 incluida. Debido a mecanismos de autenticaci\u00f3n inadecuados, un atacante con acceso a una sesi\u00f3n de usuario activa puede cambiar la contrase\u00f1a de la cuenta sin necesidad de conocer la contrase\u00f1a actual. Esta vulnerabilidad permite la apropiaci\u00f3n no autorizada de cuentas al pasar por alto el proceso est\u00e1ndar de verificaci\u00f3n de cambio de contrase\u00f1a. El problema se solucion\u00f3 en la versi\u00f3n 0.56.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-22xx/CVE-2024-2288.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2288",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.137",
"lastModified": "2024-06-06T19:15:54.137",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without their consent, potentially leading to a denial of service by overloading the filesystem with files. Additionally, this flaw can be exploited to perform a stored cross-site scripting (XSS) attack, enabling attackers to execute arbitrary JavaScript in the context of the victim's browser session. The issue is resolved in version 9.3."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la funcionalidad de carga de im\u00e1genes de perfil de la aplicaci\u00f3n Lollms, espec\u00edficamente en el repositorio parisneo/lollms-webui, que afecta a las versiones hasta 7.3.0. Esta vulnerabilidad permite a los atacantes cambiar la imagen de perfil de una v\u00edctima sin su consentimiento, lo que podr\u00eda provocar una denegaci\u00f3n de servicio al sobrecargar el sistema de archivos con archivos. Adem\u00e1s, esta falla se puede aprovechar para realizar un ataque de Cross-site Scripting (XSS) almacenado, lo que permite a los atacantes ejecutar JavaScript arbitrario en el contexto de la sesi\u00f3n del navegador de la v\u00edctima. El problema se resuelve en la versi\u00f3n 9.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23793.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23793",
"sourceIdentifier": "security@otrs.com",
"published": "2024-06-06T19:15:52.373",
"lastModified": "2024-06-06T19:15:52.373",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts.\nThis issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"
},
{
"lang": "es",
"value": "La funci\u00f3n de carga de archivos en OTRS y ((OTRS)) Community Edition tiene una vulnerabilidad de path traversal. Este problema permite que agentes autenticados o usuarios de clientes carguen archivos potencialmente da\u00f1inos en directorios a los que puede acceder el servidor web, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo local como scripts Perl. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.49, 8.0.X, 2023.X, desde 2024.X hasta 2024.3.2; ((OTRS)) Edici\u00f3n comunitaria: desde 6.0.1 hasta 6.0.34."
}
],
"metrics": {

8
CVE-2024/CVE-2024-23xx/CVE-2024-2359.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2359",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.353",
"lastModified": "2024-06-06T19:15:54.353",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blocked from external access by default. However, attackers can exploit the `/update_setting` endpoint, which lacks proper access control, to modify the `host` configuration at runtime. By changing the `host` setting to an attacker-controlled value, the restriction on the `/execute_code` endpoint can be bypassed, leading to remote code execution. This vulnerability is due to improper neutralization of special elements used in an OS command (`Improper Neutralization of Special Elements used in an OS Command`)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la versi\u00f3n 9.3 de parisneo/lollms-webui permite a los atacantes eludir las restricciones de acceso previstas y ejecutar c\u00f3digo arbitrario. El problema surge del manejo por parte de la aplicaci\u00f3n del endpoint `/execute_code`, que est\u00e1 manipulado para bloquear el acceso externo de forma predeterminada. Sin embargo, los atacantes pueden aprovechar el endpoint `/update_setting`, que carece de control de acceso adecuado, para modificar la configuraci\u00f3n del `host` en tiempo de ejecuci\u00f3n. Al cambiar la configuraci\u00f3n de `host` a un valor controlado por el atacante, se puede eludir la restricci\u00f3n en el endpoint `/execute_code`, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad se debe a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo (\"Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo\")."
}
],
"metrics": {

8
CVE-2024/CVE-2024-23xx/CVE-2024-2360.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2360",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.570",
"lastModified": "2024-06-06T19:15:54.570",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the 'discussion_db_name' parameter."
},
{
"lang": "es",
"value": "parisneo/lollms-webui es vulnerable a ataques de path traversal que pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo debido a una sanitizaci\u00f3n insuficiente de la entrada proporcionada por el usuario en las configuraciones de 'Ruta de la base de datos' y 'Ruta PDF LaTeX'. Un atacante puede aprovechar esta vulnerabilidad manipulando esta configuraci\u00f3n para ejecutar c\u00f3digo arbitrario en el servidor objetivo. El problema afecta a la \u00faltima versi\u00f3n del software. La vulnerabilidad surge del manejo que hace la aplicaci\u00f3n de los par\u00e1metros 'discussion_db_name' y 'pdf_latex_path', que no validan adecuadamente las rutas de los archivos, lo que permite directory traversal. Esta vulnerabilidad tambi\u00e9n puede provocar una mayor exposici\u00f3n de archivos y otros vectores de ataque al manipular el par\u00e1metro 'discussion_db_name'."
}
],
"metrics": {

8
CVE-2024/CVE-2024-23xx/CVE-2024-2362.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2362",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.767",
"lastModified": "2024-06-06T19:15:54.767",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en parisneo/lollms-webui versi\u00f3n 9.3 en la plataforma Windows. Debido a una validaci\u00f3n inadecuada de las rutas de los archivos entre los entornos Windows y Linux, un atacante puede aprovechar esta vulnerabilidad para eliminar cualquier archivo del sistema. El problema surge de la falta de una sanitizaci\u00f3n adecuada de la entrada proporcionada por el usuario en el endpoint 'del_preset', donde la aplicaci\u00f3n no logra evitar el uso de rutas absolutas o secuencias de directory traversal ('..'). Como resultado, un atacante puede enviar una solicitud especialmente manipulada al endpoint 'del_preset' para eliminar archivos fuera del directorio deseado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-23xx/CVE-2024-2383.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2383",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.970",
"lastModified": "2024-06-06T19:15:54.970",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de clickjacking en las versiones de zenml-io/zenml hasta la 0.55.5 incluida debido a que la aplicaci\u00f3n no configura los encabezados HTTP X-Frame-Options o Content-Security-Policy adecuados. Esta vulnerabilidad permite a un atacante incrustar la interfaz de usuario de la aplicaci\u00f3n dentro de un iframe en una p\u00e1gina maliciosa, lo que podr\u00eda provocar acciones no autorizadas al enga\u00f1ar a los usuarios para que interact\u00faen con la interfaz bajo el control del atacante. El problema se solucion\u00f3 en la versi\u00f3n 0.56.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-241xx/CVE-2024-24192.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24192",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.213",
"lastModified": "2024-06-06T22:15:10.213",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que robdns commit d76d2e6 conten\u00eda un desbordamiento de mont\u00f3n a trav\u00e9s del bloque de componentes->nombre de archivo en /src/zonefile-insertion.c."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24194.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24194",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.303",
"lastModified": "2024-06-06T22:15:10.303",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que robdns commit d76d2e6 conten\u00eda una desreferencia de puntero NULL a trav\u00e9s del componente item->tokens en /src/conf-parse.c."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24195.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24195",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.390",
"lastModified": "2024-06-06T22:15:10.390",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit de robdns d76d2e6 conten\u00eda una direcci\u00f3n desalineada en /src/zonefile-insertion.c."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24198.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24198",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.480",
"lastModified": "2024-06-06T22:15:10.480",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit de smartdns 54b4dc conten\u00eda una direcci\u00f3n desalineada en smartdns/src/util.c."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24199.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24199",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.567",
"lastModified": "2024-06-06T22:15:10.567",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit 54b4dc de smartdns conten\u00eda una direcci\u00f3n desalineada en smartdns/src/dns.c."
}
],
"metrics": {},

6
CVE-2024/CVE-2024-243xx/CVE-2024-24393.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24393",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:09.130",
"lastModified": "2024-02-15T18:13:59.327",
"lastModified": "2024-06-07T14:11:50.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zyx0814:pichome:1.1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E01B058F-EABC-472B-AA5C-9D4F940787E6"
"criteria": "cpe:2.3:a:oaooa:pichome:1.1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DCF0D4-601E-4D83-B57A-2C925B6FFA20"
}
]
}

14
CVE-2024/CVE-2024-245xx/CVE-2024-24520.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24520",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-21T02:52:10.787",
"lastModified": "2024-03-21T12:58:51.093",
"lastModified": "2024-06-07T15:15:49.760",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,9 +20,21 @@
"url": "http://lepton.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/capture0x/leptoncms",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/xF9979/LEPTON-CMS",
"source": "cve@mitre.org"
},
{
"url": "https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/51949",
"source": "cve@mitre.org"
}
]
}

6
CVE-2024/CVE-2024-254xx/CVE-2024-25415.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25415",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T02:15:51.443",
"lastModified": "2024-02-16T13:37:51.433",
"lastModified": "2024-06-07T15:15:49.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -27,6 +27,10 @@
{
"url": "https://vulners.com/zdt/1337DAY-ID-39172",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/51957",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-25xx/CVE-2024-2548.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2548",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:55.217",
"lastModified": "2024-06-06T19:15:55.217",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit this flaw to read any file on the system. This issue affects the latest version of LoLLMs running on the Windows platform. The vulnerability is triggered when an attacker sends a specially crafted request to the `/user_infos/{path:path}` endpoint, allowing the reading of arbitrary files, as demonstrated with the `win.ini` file. The issue has been addressed in version 9.5 of the software."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en la aplicaci\u00f3n parisneo/lollms-webui, espec\u00edficamente dentro de los archivos `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` y `lollms_core/lollms/security.py`. Debido a la validaci\u00f3n inadecuada de las rutas de los archivos entre los entornos Windows y Linux utilizando `Path(path).is_absolute()`, los atacantes pueden aprovechar esta falla para leer cualquier archivo en el sistema. Este problema afecta a la \u00faltima versi\u00f3n de LoLLM que se ejecuta en la plataforma Windows. La vulnerabilidad se activa cuando un atacante env\u00eda una solicitud especialmente manipulada al endpoint `/user_infos/{path:path}`, permitiendo la lectura de archivos arbitrarios, como se demuestra con el archivo `win.ini`. El problema se solucion\u00f3 en la versi\u00f3n 9.5 del software."
}
],
"metrics": {

8
CVE-2024/CVE-2024-26xx/CVE-2024-2624.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2624",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:55.437",
"lastModified": "2024-06-06T19:15:55.437",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get(\"/switch_personal_path\")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient sanitization of user-supplied input for the `path` parameter, allowing an attacker to specify arbitrary file system paths. This flaw enables direct arbitrary file uploads, leakage of `personal_data`, and overwriting of configurations in `lollms-webui`->`configs` by exploiting the same named directory in `personal_data`. The issue affects the latest version of the application and is fixed in version 9.4. Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal y carga de archivos arbitrarios en la aplicaci\u00f3n parisneo/lollms-webui, espec\u00edficamente dentro del endpoint `@router.get(\"/switch_personal_path\")` en `./lollms-webui/lollms_core/lollms/server/endpoints/ lollms_user.py`. La vulnerabilidad surge debido a una sanitizaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro \"ruta\", lo que permite a un atacante especificar rutas arbitrarias del sistema de archivos. Esta falla permite la carga directa de archivos arbitrarios, la fuga de `personal_data` y la sobrescritura de configuraciones en `lollms-webui`->`configs` al explotar el mismo directorio con el mismo nombre en `personal_data`. El problema afecta a la \u00faltima versi\u00f3n de la aplicaci\u00f3n y se solucion\u00f3 en la versi\u00f3n 9.4. Una explotaci\u00f3n exitosa podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n confidencial, cargas de archivos no autorizadas y ejecuci\u00f3n potencialmente remota de c\u00f3digo al sobrescribir archivos de configuraci\u00f3n cr\u00edticos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-29xx/CVE-2024-2914.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2914",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:13.227",
"lastModified": "2024-06-06T18:15:13.227",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. The vulnerability is due to improper validation of file paths during the extraction of tar files, as demonstrated in multiple occurrences within the library's codebase, including but not limited to the files_util.py and extract_imagenet.py scripts."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad Tarslip en deepjavalibrary/djl, que afecta a la versi\u00f3n 0.26.0 y se corrigi\u00f3 en la versi\u00f3n 0.27.0. Esta vulnerabilidad permite a un atacante manipular rutas de archivos dentro de archivos tar para sobrescribir archivos arbitrarios en el sistema de destino. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo, escalada de privilegios, robo o manipulaci\u00f3n de datos y denegaci\u00f3n de servicio. La vulnerabilidad se debe a una validaci\u00f3n inadecuada de las rutas de los archivos durante la extracci\u00f3n de archivos tar, como se demuestra en m\u00faltiples apariciones dentro del c\u00f3digo base de la librer\u00eda, incluidos, entre otros, los scripts files_util.py y extract_imagenet.py."
}
],
"metrics": {

8
CVE-2024/CVE-2024-29xx/CVE-2024-2928.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2928",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:55.680",
"lastModified": "2024-06-06T19:15:55.680",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inclusi\u00f3n de archivos locales (LFI) en mlflow/mlflow, espec\u00edficamente en la versi\u00f3n 2.9.2, que se solucion\u00f3 en la versi\u00f3n 2.11.3. Esta vulnerabilidad surge de la falla de la aplicaci\u00f3n al validar adecuadamente los fragmentos de URI para secuencias de directory traversal como '../'. Un atacante puede aprovechar esta falla manipulando la parte del fragmento del URI para leer archivos arbitrarios en el sistema de archivos local, incluidos archivos confidenciales como '/etc/passwd'. La vulnerabilidad es una omisi\u00f3n de un parche anterior que solo abordaba una manipulaci\u00f3n similar dentro de la cadena de consulta del URI, destacando la necesidad de una validaci\u00f3n integral de todas las partes de un URI para prevenir ataques LFI."
}
],
"metrics": {

8
CVE-2024/CVE-2024-29xx/CVE-2024-2965.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2965",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:55.897",
"lastModified": "2024-06-06T19:15:55.897",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la clase `SitemapLoader` del repositorio `langchain-ai/langchain`, que afecta a todas las versiones. El m\u00e9todo `parse_sitemap`, responsable de analizar mapas de sitio y extraer URL, carece de un mecanismo para evitar la recursividad infinita cuando la URL de un mapa de sitio hace referencia al propio mapa de sitio actual. Este descuido permite la posibilidad de que se produzca un bucle infinito, lo que provocar\u00e1 un bloqueo al exceder la profundidad m\u00e1xima de recursividad en Python. Esta vulnerabilidad se puede aprovechar para ocupar recursos de puerto/socket del servidor y bloquear el proceso de Python, lo que afecta la disponibilidad de los servicios que dependen de esta funcionalidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30368.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30368",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:13.443",
"lastModified": "2024-06-06T18:15:13.443",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de inyecci\u00f3n de comando en A10 Thunder ADC CsrRequestView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de A10 Thunder ADC. Se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la clase CsrRequestView. El problema se debe a la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de un usuario. Era ZDI-CAN-22517."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30369.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30369",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:13.720",
"lastModified": "2024-06-06T18:15:13.720",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalada de privilegios locales de asignaci\u00f3n de permisos incorrecta en A10 Thunder ADC. Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de A10 Thunder ADC. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del instalador. El problema se debe a permisos incorrectos en un archivo. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-22754."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30373.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30373",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T19:15:56.167",
"lastModified": "2024-06-06T19:15:56.167",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22092."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el an\u00e1lisis de archivos JPF de Kofax Power PDF. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Kofax Power PDF. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JPF. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22092."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30374.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30374",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:13.953",
"lastModified": "2024-06-06T18:15:13.953",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22449."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de l\u00edmites en el an\u00e1lisis de archivos KSP de Luxion KeyShot Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Luxion KeyShot Viewer. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos KSP. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22449."
}
],
"metrics": {

8
CVE-2024/CVE-2024-303xx/CVE-2024-30375.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-30375",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:14.153",
"lastModified": "2024-06-06T18:15:14.153",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22515."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de uso posterior al an\u00e1lisis de archivos KSP de Luxion KeyShot Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Luxion KeyShot Viewer. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos KSP. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22515."
}
],
"metrics": {

8
CVE-2024/CVE-2024-30xx/CVE-2024-3033.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3033",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:17.040",
"lastModified": "2024-06-06T18:15:17.040",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific namespaces, without requiring any authorization or permissions. The issue affects all versions up to and including the latest version, with a fix introduced in version 1.0.0. Exploitation of this vulnerability can lead to complete data loss of document embeddings across all workspaces, rendering workspace chats and embeddable chat widgets non-functional. Additionally, attackers can list all namespaces, potentially exposing private workspace names."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de autorizaci\u00f3n inadecuada en la aplicaci\u00f3n mintplex-labs/anything-llm, espec\u00edficamente dentro del endpoint '/api/v/' y sus subrutas. Esta falla permite a usuarios no autenticados realizar acciones destructivas en VectorDB, incluido restablecer la base de datos y eliminar espacios de nombres espec\u00edficos, sin requerir autorizaci\u00f3n ni permisos. El problema afecta a todas las versiones hasta la \u00faltima versi\u00f3n incluida, con una soluci\u00f3n introducida en la versi\u00f3n 1.0.0. La explotaci\u00f3n de esta vulnerabilidad puede provocar la p\u00e9rdida completa de datos de documentos incrustados en todos los espacios de trabajo, lo que hace que los chats del espacio de trabajo y los widgets de chat incrustados no funcionen. Adem\u00e1s, los atacantes pueden enumerar todos los espacios de nombres, lo que podr\u00eda exponer los nombres de los espacios de trabajo privados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-30xx/CVE-2024-3095.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3095",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:59.160",
"lastModified": "2024-06-06T19:15:59.160",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en el componente Web Research Retriever de langchain-ai/langchain versi\u00f3n 0.1.5. La vulnerabilidad surge porque Web Research Retriever no restringe las solicitudes a direcciones de Internet remotas, lo que le permite llegar a direcciones locales. Esta falla permite a los atacantes ejecutar escaneos de puertos, acceder a servicios locales y, en algunos escenarios, leer metadatos de instancias de entornos de nube. La vulnerabilidad es particularmente preocupante ya que puede explotarse para abusar del servidor Web Explorer como proxy para ataques web a terceros e interactuar con servidores en la red local, incluida la lectura de sus datos de respuesta. Esto podr\u00eda conducir potencialmente a la ejecuci\u00f3n de c\u00f3digo arbitrario, dependiendo de la naturaleza de los servicios locales. La vulnerabilidad se limita a las solicitudes GET, ya que las solicitudes POST no son posibles, pero el impacto en la confidencialidad, la integridad y la disponibilidad es significativo debido al potencial de robo de credenciales e interacciones de cambio de estado con las API internas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-30xx/CVE-2024-3099.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3099",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:59.393",
"lastModified": "2024-06-06T19:15:59.393",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts."
},
{
"lang": "es",
"value": "Una vulnerabilidad en mlflow/mlflow versi\u00f3n 2.11.1 permite a los atacantes crear m\u00faltiples modelos con el mismo nombre explotando la codificaci\u00f3n URL. Esta falla puede provocar una denegaci\u00f3n de servicio (DoS), ya que es posible que un usuario autenticado no pueda utilizar el modelo deseado, ya que abrir\u00e1 un modelo diferente cada vez. Adem\u00e1s, un atacante puede aprovechar esta vulnerabilidad para envenenar el modelo de datos creando un modelo con el mismo nombre, lo que podr\u00eda provocar que un usuario autenticado se convierta en v\u00edctima al utilizar el modelo envenenado. El problema surge de una validaci\u00f3n inadecuada de los nombres de los modelos, lo que permite la creaci\u00f3n de modelos con nombres codificados en URL que se tratan como distintos de sus hom\u00f3logos decodificados en URL."
}
],
"metrics": {

59
CVE-2024/CVE-2024-318xx/CVE-2024-31878.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-31878",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-07T14:15:10.017",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287538",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7156725",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2024/CVE-2024-31xx/CVE-2024-3102.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3102",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:59.667",
"lastModified": "2024-06-06T19:15:59.667",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n JSON en la aplicaci\u00f3n `mintplex-labs/anything-llm`, espec\u00edficamente dentro del par\u00e1metro de nombre de usuario durante el proceso de inicio de sesi\u00f3n en el endpoint `/api/request-token`. La vulnerabilidad surge del manejo inadecuado de los valores, lo que permite a los atacantes realizar ataques de fuerza bruta sin conocimiento previo del nombre de usuario. Una vez conocida la contrase\u00f1a, los atacantes pueden realizar ataques ciegos para determinar el nombre de usuario completo, comprometiendo significativamente la seguridad del sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3104.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3104",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:17.260",
"lastModified": "2024-06-06T18:15:17.260",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the `POST /api/system/update-env` endpoint, which allows for the execution of arbitrary code on the host running anything-llm. The vulnerability is present in the latest version of anything-llm, with the latest commit identified as fde905aac1812b84066ff72e5f2f90b56d4c3a59. This issue has been fixed in version 1.0.0. Successful exploitation could lead to code execution on the host, enabling attackers to read and modify data accessible to the user running the service, potentially leading to a denial of service. "
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en mintplex-labs/anything-llm debido al manejo inadecuado de las variables de entorno. Los atacantes pueden explotar esta vulnerabilidad inyectando variables de entorno arbitrarias a trav\u00e9s del endpoint `POST /api/system/update-env`, que permite la ejecuci\u00f3n de c\u00f3digo arbitrario en el host que ejecuta cualquier cosa-llm. La vulnerabilidad est\u00e1 presente en la \u00faltima versi\u00f3n de everything-llm, con el ultimo commit identificada como fde905aac1812b84066ff72e5f2f90b56d4c3a59. Este problema se solucion\u00f3 en la versi\u00f3n 1.0.0. Una explotaci\u00f3n exitosa podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo en el host, lo que permitir\u00eda a los atacantes leer y modificar datos accesibles para el usuario que ejecuta el servicio, lo que podr\u00eda conducir a una denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3110.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3110",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:59.900",
"lastModified": "2024-06-06T19:15:59.900",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them into the application UI as external links with custom icons. Specifically, the application does not prevent the inclusion of 'javascript:' protocol payloads in URLs, which can be exploited by a user with manager role to execute arbitrary JavaScript code in the context of another user's session. This flaw can be leveraged to steal the admin's authorization token by crafting malicious URLs that, when clicked by the admin, send the token to an attacker-controlled server. The attacker can then use this token to perform unauthorized actions, escalate privileges to admin, or directly take over the admin account. The vulnerability is triggered when the malicious link is opened in a new tab using either the CTRL + left mouse button click or the mouse scroll wheel click, or in some non-updated versions of modern browsers, by directly clicking on the link."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-site Scripting (XSS) almacenado en la aplicaci\u00f3n mintplex-labs/anything-llm, que afecta a las versiones hasta la \u00faltima anterior a la 1.0.0 incluida. La vulnerabilidad surge de la falla de la aplicaci\u00f3n al sanitizar y validar adecuadamente las URL proporcionadas por el usuario antes de incrustarlas en la interfaz de usuario de la aplicaci\u00f3n como enlaces externos con \u00edconos personalizados. Espec\u00edficamente, la aplicaci\u00f3n no impide la inclusi\u00f3n de payloads del protocolo 'javascript:' en las URL, que pueden ser explotadas por un usuario con rol de administrador para ejecutar c\u00f3digo JavaScript arbitrario en el contexto de la sesi\u00f3n de otro usuario. Esta falla se puede aprovechar para robar el token de autorizaci\u00f3n del administrador mediante la creaci\u00f3n de URL maliciosas que, cuando el administrador hace clic en ellas, env\u00edan el token a un servidor controlado por el atacante. Luego, el atacante puede usar este token para realizar acciones no autorizadas, escalar privilegios al administrador o tomar directamente el control de la cuenta de administrador. La vulnerabilidad se activa cuando el enlace malicioso se abre en una nueva pesta\u00f1a usando CTRL + clic con el bot\u00f3n izquierdo del mouse o clic con la rueda de desplazamiento del mouse, o en algunas versiones no actualizadas de los navegadores modernos, al hacer clic directamente en el enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3149.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3149",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.130",
"lastModified": "2024-06-06T19:16:00.130",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead to unauthorized actions such as arbitrary file deletion and limited Local File Inclusion (LFI), including accessing NGINX access logs which may contain sensitive information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en la funci\u00f3n de enlace de carga de mintplex-labs/anything-llm. Esta funci\u00f3n, destinada a usuarios con funciones de administrador o administrador, procesa los enlaces cargados a trav\u00e9s de una API interna de Collector mediante un navegador sin cabeza. Un atacante puede aprovechar esto alojando un sitio web malicioso y us\u00e1ndolo para realizar acciones como escaneo de puertos internos, acceder a aplicaciones web internas no expuestas externamente e interactuar con la API de Collector. Esta interacci\u00f3n puede dar lugar a acciones no autorizadas, como la eliminaci\u00f3n arbitraria de archivos y la inclusi\u00f3n de archivos locales (LFI) limitada, incluido el acceso a los registros de acceso de NGINX que pueden contener informaci\u00f3n confidencial."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3150.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3150",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.350",
"lastModified": "2024-06-06T19:16:00.350",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint `/workspace/:slug/thread/:threadSlug/update`. Specifically, the application fails to validate or check user input before passing it to the `workspace_thread` Prisma model for execution. This oversight allows attackers to craft a Prisma relation query operation that manipulates the `users` model to change a user's role to admin. Successful exploitation grants attackers the highest level of user privileges, enabling them to see and perform all actions within the system."
},
{
"lang": "es",
"value": "En mintplex-labs/anything-llm, existe una vulnerabilidad en el proceso de actualizaci\u00f3n de subprocesos que permite a los usuarios con roles predeterminados o de administrador escalar sus privilegios a administrador. El problema surge de una validaci\u00f3n de entrada incorrecta al manejar solicitudes HTTP POST al endpoint `/workspace/:slug/thread/:threadSlug/update`. Espec\u00edficamente, la aplicaci\u00f3n no puede validar o verificar la entrada del usuario antes de pasarla al modelo Prisma `workspace_thread` para su ejecuci\u00f3n. Esta supervisi\u00f3n permite a los atacantes crear una operaci\u00f3n de consulta de relaci\u00f3n Prisma que manipula el modelo de \"usuarios\" para cambiar la funci\u00f3n de un usuario a administrador. La explotaci\u00f3n exitosa otorga a los atacantes el nivel m\u00e1s alto de privilegios de usuario, permiti\u00e9ndoles ver y realizar todas las acciones dentro del sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3152.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3152",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:17.490",
"lastModified": "2024-06-06T18:15:17.490",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. The vulnerabilities are present in the `/request-token`, `/workspace/:slug/thread/:threadSlug/update`, `/system/remove-logo`, `/system/logo`, and collector's `/process` endpoints. These issues are due to the application's failure to properly validate user input before passing it to `prisma` functions and other critical operations. Affected versions include the latest version prior to 1.0.0."
},
{
"lang": "es",
"value": "mintplex-labs/anything-llm es vulnerable a m\u00faltiples problemas de seguridad debido a una validaci\u00f3n de entrada incorrecta en varios endpoints. Un atacante puede aprovechar estas vulnerabilidades para escalar privilegios de una funci\u00f3n de usuario predeterminada a una funci\u00f3n de administrador, leer y eliminar archivos arbitrarios en el sistema y realizar ataques de Server-Side Request Forgery (SSRF). Las vulnerabilidades est\u00e1n presentes en `/request-token`, `/workspace/:slug/thread/:threadSlug/update`, `/system/remove-logo`, `/system/logo`, and collector's `/process` endpoints. Estos problemas se deben a que la aplicaci\u00f3n no valida adecuadamente la entrada del usuario antes de pasarla a las funciones \"prisma\" y otras operaciones cr\u00edticas. Las versiones afectadas incluyen la \u00faltima versi\u00f3n anterior a 1.0.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3153.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3153",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.600",
"lastModified": "2024-06-06T19:16:00.600",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request."
},
{
"lang": "es",
"value": "mintplex-labs/anything-llm se ve afectado por una vulnerabilidad de consumo de recursos incontrolado en su endpoint de carga de archivos, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio (DOS). Espec\u00edficamente, el servidor se puede cerrar enviando una solicitud de carga no v\u00e1lida. Un atacante con la capacidad de cargar documentos puede aprovechar esta vulnerabilidad para provocar una condici\u00f3n de DOS manipulando la solicitud de carga."
}
],
"metrics": {

8
CVE-2024/CVE-2024-31xx/CVE-2024-3166.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3166",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.817",
"lastModified": "2024-06-06T19:16:00.817",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, which can be exploited to execute arbitrary JavaScript code. In the desktop application, this flaw can be escalated to Remote Code Execution (RCE) due to insecure application settings, specifically the enabling of 'nodeIntegration' and the disabling of 'contextIsolation' in Electron's webPreferences. The issue has been addressed in version 1.4.2 of the desktop application."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-site Scripting (XSS) en mintplex-labs/anything-llm, que afecta tanto a la versi\u00f3n 1.2.0 de la aplicaci\u00f3n de escritorio como a la \u00faltima versi\u00f3n de la aplicaci\u00f3n web. La vulnerabilidad surge de la funci\u00f3n de la aplicaci\u00f3n para buscar e incrustar contenido de sitios web en espacios de trabajo, que pueden explotarse para ejecutar c\u00f3digo JavaScript arbitrario. En la aplicaci\u00f3n de escritorio, esta falla se puede escalar a ejecuci\u00f3n remota de c\u00f3digo (RCE) debido a configuraciones inseguras de la aplicaci\u00f3n, espec\u00edficamente la habilitaci\u00f3n de 'nodeIntegration' y la deshabilitaci\u00f3n de 'contextIsolation' en las preferencias web de Electron. El problema se solucion\u00f3 en la versi\u00f3n 1.4.2 de la aplicaci\u00f3n de escritorio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-327xx/CVE-2024-32752.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32752",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-06-06T21:15:48.523",
"lastModified": "2024-06-06T21:15:48.523",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration."
},
{
"lang": "es",
"value": "En determinadas circunstancias, las comunicaciones entre la herramienta ICU y un controlador de puerta iSTAR Pro son susceptibles a ataques Machine-in-the-Middle que podr\u00edan afectar el control y la configuraci\u00f3n de la puerta."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-328xx/CVE-2024-32873.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32873",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-06T19:15:56.390",
"lastModified": "2024-06-06T19:15:56.390",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0."
},
{
"lang": "es",
"value": "Evmos es el centro de m\u00e1quinas virtuales Ethereum (EVM) en Cosmos Network. El saldo gastable no se actualiza correctamente al delegar tokens adquiridos. El problema permite que una cuenta de recuperaci\u00f3n de derechos anticipe la liberaci\u00f3n de tokens no adquiridos. Esta vulnerabilidad se solucion\u00f3 en 18.0.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3234.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3234",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.040",
"lastModified": "2024-06-06T19:16:01.040",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n gaizhenbiao/chuanhuchatgpt es vulnerable a un ataque de path traversal debido al uso de un componente gradio obsoleto. La aplicaci\u00f3n est\u00e1 manipulada para restringir el acceso de los usuarios a los recursos dentro de la carpeta `web_assets`. Sin embargo, la versi\u00f3n obsoleta de gradio que emplea es susceptible de atravesar rutas, como se identifica en CVE-2023-51449. Esta vulnerabilidad permite a usuarios no autorizados eludir las restricciones previstas y acceder a archivos confidenciales, como `config.json`, que contiene claves API. El problema afecta a la \u00faltima versi\u00f3n de chuanhuchatgpt anterior a la versi\u00f3n corregida publicada el 20240305."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3288.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3288",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-07T06:15:10.837",
"lastModified": "2024-06-07T06:15:10.837",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento Logo Slider de WordPress anterior a 4.0.0 no valida ni escapa algunas de sus configuraciones del control deslizante antes de devolverlas en atributos, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-336xx/CVE-2024-33655.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33655",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T17:15:51.040",
"lastModified": "2024-06-06T17:15:51.040",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the \"DNSBomb\" issue."
},
{
"lang": "es",
"value": "El protocolo DNS en RFC 1035 y sus actualizaciones permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de recursos) organizando que las consultas DNS se acumulen durante segundos, de modo que las respuestas se env\u00eden posteriormente en una r\u00e1faga pulsante (que puede considerarse amplificaci\u00f3n del tr\u00e1fico en algunos casos), tambi\u00e9n conocido como el problema \"DNSBomb\"."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-33xx/CVE-2024-3322.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3322",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.247",
"lastModified": "2024-06-06T19:16:01.247",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'process_folder' function within 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Specifically, the function fails to properly sanitize user-supplied input for the 'code_folder_path', allowing an attacker to specify arbitrary paths using '../' or absolute paths. This flaw leads to arbitrary file read and overwrite capabilities in specified directories without limitations, posing a significant risk of sensitive information disclosure and unauthorized file manipulation."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en la personalidad nativa 'cyber_security/codeguard' de parisneo/lollms-webui, que afecta a las versiones hasta la 9.5. La vulnerabilidad surge de la limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido en la funci\u00f3n 'process_folder' dentro de 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Espec\u00edficamente, la funci\u00f3n no sanitiza adecuadamente la entrada proporcionada por el usuario para 'code_folder_path', lo que permite a un atacante especificar rutas arbitrarias usando '../' o rutas absolutas. Esta falla genera capacidades arbitrarias de lectura y sobrescritura de archivos en directorios espec\u00edficos sin limitaciones, lo que plantea un riesgo significativo de divulgaci\u00f3n de informaci\u00f3n confidencial y manipulaci\u00f3n no autorizada de archivos. "
}
],
"metrics": {

6
CVE-2024/CVE-2024-344xx/CVE-2024-34477.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34477",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-27T14:15:09.470",
"lastModified": "2024-05-28T12:39:28.377",
"lastModified": "2024-06-07T14:15:10.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html",
"source": "cve@mitre.org"
},
{
"url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability",
"source": "cve@mitre.org"

8
CVE-2024/CVE-2024-348xx/CVE-2024-34832.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-34832",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T15:15:44.873",
"lastModified": "2024-06-06T15:15:44.873",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en CubeCart v.6.5.5 y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado cargado en los par\u00e1metros _g y nodo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-34xx/CVE-2024-3402.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3402",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.450",
"lastModified": "2024-06-06T19:16:01.450",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers."
},
{
"lang": "es",
"value": "Exist\u00eda una vulnerabilidad de Cross-site Scripting (XSS) almacenado en la versi\u00f3n (20240121) de gaizhenbiao/chuanhuchatgpt debido a una sanitizaci\u00f3n y validaci\u00f3n inadecuadas de los datos de salida del modelo. A pesar de los esfuerzos de validaci\u00f3n de las entradas del usuario, la aplicaci\u00f3n no sanitiza ni valida adecuadamente la salida del modelo, lo que permite la inyecci\u00f3n y ejecuci\u00f3n de c\u00f3digo JavaScript malicioso dentro del contexto del navegador de un usuario. Esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en el contexto de los navegadores de otros usuarios, lo que podr\u00eda provocar el secuestro de los navegadores de las v\u00edctimas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-34xx/CVE-2024-3404.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3404",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.673",
"lastModified": "2024-06-06T19:16:01.673",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users."
},
{
"lang": "es",
"value": "En gaizhenbiao/chuanhuchatgpt, espec\u00edficamente en la versi\u00f3n etiquetada como 20240121, existe una vulnerabilidad debido a mecanismos de control de acceso inadecuados. Esta falla permite a un atacante autenticado eludir las restricciones de acceso previstas y leer los archivos \"historiales\" de otros usuarios, lo que podr\u00eda conducir a un acceso no autorizado a informaci\u00f3n confidencial. La vulnerabilidad est\u00e1 presente en el manejo del control de acceso de la aplicaci\u00f3n para la ruta del \"historial\", donde no existe ning\u00fan mecanismo adecuado para evitar que un usuario autenticado acceda a los archivos del historial de chat de otro usuario. Este problema plantea un riesgo importante, ya que podr\u00eda permitir a los atacantes obtener informaci\u00f3n confidencial del historial de chat de otros usuarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-34xx/CVE-2024-3408.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3408",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.890",
"lastModified": "2024-06-06T19:16:01.890",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server."
},
{
"lang": "es",
"value": "man-group/dtale versi\u00f3n 3.10.0 es vulnerable a una omisi\u00f3n de autenticaci\u00f3n y ejecuci\u00f3n remota de c\u00f3digo (RCE) debido a una validaci\u00f3n de entrada incorrecta. La vulnerabilidad surge de una `SECRET_KEY` codificada en la configuraci\u00f3n del matraz, lo que permite a los atacantes falsificar una cookie de sesi\u00f3n si la autenticaci\u00f3n est\u00e1 habilitada. Adem\u00e1s, la aplicaci\u00f3n no puede restringir adecuadamente las consultas de filtro personalizado, lo que permite a los atacantes ejecutar c\u00f3digo arbitrario en el servidor evitando la restricci\u00f3n en el endpoint `/update-settings`, incluso cuando `enable_custom_filters` no est\u00e1 habilitado. Esta vulnerabilidad permite a los atacantes eludir los mecanismos de autenticaci\u00f3n y ejecutar c\u00f3digo remoto en el servidor."
}
],
"metrics": {

8
CVE-2024/CVE-2024-34xx/CVE-2024-3429.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3429",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:02.103",
"lastModified": "2024-06-06T19:16:02.103",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\\lollms\\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.6."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en la aplicaci\u00f3n parisneo/lollms, espec\u00edficamente dentro de las funciones `sanitize_path_from_endpoint` y `sanitize_path` en `lollms_core\\lollms\\security.py`. Esta vulnerabilidad permite la lectura arbitraria de archivos cuando la aplicaci\u00f3n se ejecuta en Windows. El problema surge debido a una sanitizaci\u00f3n insuficiente de la entrada proporcionada por el usuario, lo que permite a los atacantes eludir los mecanismos de protecci\u00f3n de path traversal mediante la creaci\u00f3n de entradas maliciosas. Una explotaci\u00f3n exitosa podr\u00eda dar lugar a acceso no autorizado a archivos confidenciales, divulgaci\u00f3n de informaci\u00f3n y, potencialmente, una condici\u00f3n de denegaci\u00f3n de servicio (DoS) al incluir numerosos archivos grandes o que consumen muchos recursos. Esta vulnerabilidad afecta a la \u00faltima versi\u00f3n anterior a la 9.6."
}
],
"metrics": {

8
CVE-2024/CVE-2024-351xx/CVE-2024-35178.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-35178",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-06T16:15:11.937",
"lastModified": "2024-06-06T16:15:11.937",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1."
},
{
"lang": "es",
"value": "Jupyter Server proporciona el backend para las aplicaciones web de Jupyter. Jupyter Server en Windows tiene una vulnerabilidad que permite a atacantes no autenticados filtrar el hash de contrase\u00f1a NTLMv2 del usuario de Windows que ejecuta el servidor Jupyter. Un atacante puede descifrar esta contrase\u00f1a para obtener acceso a la m\u00e1quina Windows que aloja el servidor Jupyter, o acceder a otras m\u00e1quinas accesibles en red o servicios de terceros utilizando esa credencial. O un atacante realiza un ataque de retransmisi\u00f3n NTLM sin descifrar la credencial para obtener acceso a otras m\u00e1quinas accesibles en la red. Esta vulnerabilidad se solucion\u00f3 en 2.14.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-35xx/CVE-2024-3504.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3504",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:17.980",
"lastModified": "2024-06-06T18:15:17.980",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in version 1.2.7."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de control de acceso inadecuado en las versiones lunary-ai/lunary hasta la 1.2.2 incluida, donde un administrador puede actualizar cualquier usuario de la organizaci\u00f3n al propietario de la organizaci\u00f3n. Esta vulnerabilidad permite al usuario elevado eliminar proyectos dentro de la organizaci\u00f3n. El problema se resuelve en la versi\u00f3n 1.2.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-35xx/CVE-2024-3592.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-3592",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T06:15:10.960",
"lastModified": "2024-06-07T06:15:10.960",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento Quiz And Survey Master \u2013 Best Quiz, Exam and Survey para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'question_id' en todas las versiones hasta la 9.0.1 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-360xx/CVE-2024-36082.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36082",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-07T04:15:30.357",
"lastModified": "2024-06-07T04:15:30.357",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Music Store - WordPress eCommerce anteriores a la 1.1.14 permiten que un atacante remoto autenticado con privilegios administrativos ejecute comandos SQL arbitrarios. El atacante puede obtener o modificar la informaci\u00f3n almacenada en la base de datos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-361xx/CVE-2024-36106.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36106",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-06T15:15:45.023",
"lastModified": "2024-06-06T15:15:45.023",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It\u2019s possible for authenticated users to enumerate clusters by name by inspecting error messages. It\u2019s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17."
},
{
"lang": "es",
"value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. Es posible que los usuarios autenticados enumeren los cl\u00fasteres por nombre inspeccionando los mensajes de error. Tambi\u00e9n es posible enumerar los nombres de proyectos con cl\u00fasteres con \u00e1mbito de proyecto si conoce los nombres de los cl\u00fasteres. Esta vulnerabilidad se solucion\u00f3 en 2.11.3, 2.10.12 y 2.9.17."
}
],
"metrics": {

8
CVE-2024/CVE-2024-363xx/CVE-2024-36399.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36399",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-06T16:15:12.573",
"lastModified": "2024-06-06T16:15:12.573",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37."
},
{
"lang": "es",
"value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. La vulnerabilidad est\u00e1 en la funci\u00f3n addUser() de app/Controller/ProjectPermissionController.php. El permiso de los usuarios para agregar usuarios a un proyecto solo se verifica en el par\u00e1metro de URL project_id. Si el usuario est\u00e1 autorizado a agregar usuarios a este proyecto, la solicitud se procesa. El permiso de los usuarios para el par\u00e1metro POST BODY project_id no se vuelve a verificar durante el procesamiento. Un atacante con el 'Gerente de Proyecto' en un \u00fanico proyecto puede hacerse cargo de cualquier otro proyecto. La vulnerabilidad se solucion\u00f3 en 1.2.37."
}
],
"metrics": {

4
CVE-2024/CVE-2024-366xx/CVE-2024-36673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36673",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T13:15:49.547",
"lastModified": "2024-06-07T13:15:49.547",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-367xx/CVE-2024-36730.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36730",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:57.840",
"lastModified": "2024-06-06T19:15:57.840",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter."
},
{
"lang": "es",
"value": "Validaci\u00f3n de entrada incorrecta en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) ingresando valores negativos en el par\u00e1metro oneflow.zeros/ones. "
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36732.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36732",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:57.937",
"lastModified": "2024-06-06T19:15:57.937",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot."
},
{
"lang": "es",
"value": "Un problema en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) cuando se procesa una matriz vac\u00eda con oneflow.tensordot."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36734.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36734",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:58.030",
"lastModified": "2024-06-06T19:15:58.030",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter."
},
{
"lang": "es",
"value": "Validaci\u00f3n de entrada incorrecta en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) ingresando un valor negativo en el par\u00e1metro tenue."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36735.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36735",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:58.117",
"lastModified": "2024-06-06T19:15:58.117",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating."
},
{
"lang": "es",
"value": "OneFlow-Inc. Oneflow v0.9.1 no muestra un error o advertencia cuando el par\u00e1metro oneflow.eye est\u00e1 flotante."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36736.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36736",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T18:15:16.560",
"lastModified": "2024-06-06T18:15:16.560",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed."
},
{
"lang": "es",
"value": "Un problema en el componente oneflow.permute de OneFlow-Inc. Oneflow v0.9.1 provoca un c\u00e1lculo incorrecto cuando se realiza la misma operaci\u00f3n de dimensi\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36737.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36737",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T18:15:16.643",
"lastModified": "2024-06-06T18:15:16.643",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter."
},
{
"lang": "es",
"value": "Validaci\u00f3n de entrada incorrecta en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) ingresando un valor negativo en el par\u00e1metro oneflow.full."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36740.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36740",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:58.217",
"lastModified": "2024-06-06T19:15:58.217",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size."
},
{
"lang": "es",
"value": "Un problema en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) cuando el \u00edndice como n\u00famero negativo excede el rango de tama\u00f1o."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36742.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36742",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T17:15:51.157",
"lastModified": "2024-06-06T17:15:51.157",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape."
},
{
"lang": "es",
"value": "Un problema en el par\u00e1metro oneflow.scatter_nd OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) cuando el par\u00e1metro de \u00edndice excede el rango de forma."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36743.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36743",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T18:15:16.723",
"lastModified": "2024-06-06T18:15:16.723",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot."
},
{
"lang": "es",
"value": "Un problema en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) cuando se procesa una matriz vac\u00eda con oneflow.dot."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36745.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36745",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T18:15:16.807",
"lastModified": "2024-06-06T18:15:16.807",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter."
},
{
"lang": "es",
"value": "Un problema en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) ingresando un valor negativo en el par\u00e1metro oneflow.index_select."
}
],
"metrics": {},

20
CVE-2024/CVE-2024-367xx/CVE-2024-36773.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36773",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T15:15:50.063",
"lastModified": "2024-06-07T15:15:50.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OoLs5/VulDiscovery/blob/main/cve-2024-36773.md",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-367xx/CVE-2024-36774.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36774",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.660",
"lastModified": "2024-06-06T22:15:10.660",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en Monstra CMS v3.0.4 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-367xx/CVE-2024-36775.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-36775",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.753",
"lastModified": "2024-06-06T22:15:10.753",
"vulnStatus": "Received",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-site Scripting (XSS) en Monstra CMS v3.0.4 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Acerca de m\u00ed en la p\u00e1gina Editar perfil."
}
],
"metrics": {},

20
CVE-2024/CVE-2024-367xx/CVE-2024-36787.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36787",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T15:15:50.140",
"lastModified": "2024-06-07T15:15:50.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors."
}
],
"metrics": {},
"references": [
{
"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36788.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36788",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T15:15:50.233",
"lastModified": "2024-06-07T15:15:50.233",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices."
}
],
"metrics": {},
"references": [
{
"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36789.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36789",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T15:15:50.323",
"lastModified": "2024-06-07T15:15:50.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards."
}
],
"metrics": {},
"references": [
{
"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36790.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36790",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T15:15:50.407",
"lastModified": "2024-06-07T15:15:50.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext."
}
],
"metrics": {},
"references": [
{
"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/",
"source": "cve@mitre.org"
}
]
}

Some files were not shown because too many files have changed in this diff Show More