admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-23T18:00:18.654489+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-23 18:03:15 +00:00
parent b3a54d4376
commit ca78eb8a6b
197 changed files with 7098 additions and 762 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
CVE-2020/CVE-2020-118xx/CVE-2020-11846.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2020-11846",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-21T14:15:07.737",
"lastModified": "2024-08-21T16:06:23.153",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:03:39.093",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources.\u00a0This issue affects Privileged Access Manager before 3.7.0.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad encontrada en OpenText Privileged Access Manager que emite un token. Tras la emisi\u00f3n exitosa del token, se establece una cookie que permite el acceso sin restricciones a todos los recursos de la aplicaci\u00f3n. Este problema afecta a Privileged Access Manager anterior a 3.7.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -47,10 +81,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_privileged_access_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7",
"matchCriteriaId": "FA2CD967-B489-4A21-8B40-77723EA447CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_privileged_access_manager:3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B555DD5F-DF6C-4A46-9F75-C668D9E48D4E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes"
]
}
]
}

66
CVE-2020/CVE-2020-118xx/CVE-2020-11847.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2020-11847",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-21T14:15:07.957",
"lastModified": "2024-08-21T16:06:23.153",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:04:30.110",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1."
},
{
"lang": "es",
"value": "El usuario autenticado por SSH cuando accede al servidor PAM puede ejecutar un comando del sistema operativo para obtener acceso completo al sistema mediante bash. Este problema afecta a Privileged Access Manager anterior a 3.7.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -47,10 +81,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_privileged_access_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7",
"matchCriteriaId": "FA2CD967-B489-4A21-8B40-77723EA447CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_privileged_access_manager:3.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B555DD5F-DF6C-4A46-9F75-C668D9E48D4E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes"
]
}
]
}

101
CVE-2020/CVE-2020-118xx/CVE-2020-11850.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2020-11850",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-21T13:15:04.027",
"lastModified": "2024-08-21T16:06:23.153",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:02:39.537",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS).\u00a0This issue affects Self Service Password Reset before 4.5.0.2 and\u00a04.4.0.6"
},
{
"lang": "es",
"value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en OpenText Self Service Password Reset permite cross-site scripting (XSS). Este problema afecta al autoservicio de restablecimiento de contrase\u00f1a antes de 4.5.0.2 y 4.4.0.6"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -47,10 +81,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_self_service_password_reset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4",
"matchCriteriaId": "E701C6EC-B62F-41BB-B5AA-CE334DFBD47F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_self_service_password_reset:4.4:-:*:*:*:*:*:*",
"matchCriteriaId": "0D2267AA-38A3-4AAC-9CAE-8EBC4FE19A30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_self_service_password_reset:4.4:update_1:*:*:*:*:*:*",
"matchCriteriaId": "26CCCD03-813E-4423-8703-81C55839A52E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_self_service_password_reset:4.4:update_2:*:*:*:*:*:*",
"matchCriteriaId": "5B7B135B-352A-48CC-B92D-1C5D4725C032"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_self_service_password_reset:4.4:update_3:*:*:*:*:*:*",
"matchCriteriaId": "9E6830EE-5BE7-4B31-AAE4-A6EB8B6BA708"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_self_service_password_reset:4.4:update_4:*:*:*:*:*:*",
"matchCriteriaId": "7B3B7924-247B-4904-8AD2-11ED4AC93BD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_self_service_password_reset:4.4:update_5:*:*:*:*:*:*",
"matchCriteriaId": "412BB939-68DD-42E4-9489-3147E86D089B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_self_service_password_reset:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "29E8E907-EDC5-4C1B-82A8-9F6003DDC215"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:netiq_self_service_password_reset:4.5:update_1:*:*:*:*:*:*",
"matchCriteriaId": "6F8A8A2E-7EC0-4E8A-A4E9-F2ED985E229E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.netiq.com/documentation/self-service-password-reset-45/sspr-4502-release-notes/data/sspr-4502-release-notes.html#b149gz5h",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Release Notes"
]
}
]
}

59
CVE-2023/CVE-2023-225xx/CVE-2023-22576.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22576",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-21T10:15:04.173",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:56:09.967",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:repository_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.3",
"matchCriteriaId": "F0FD2AE7-C8C8-4CB0-8C21-A3A8964C9352"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000207513/dsa-2023-017-dell-emc-repository-manager-drm-security-update-for-an-improper-privilege-management-vulnerability",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-438xx/CVE-2023-43847.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43847",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T19:15:09.523",
"lastModified": "2024-05-29T13:02:09.280",
"lastModified": "2024-08-23T17:35:00.470",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El control de acceso incorrecto en la funci\u00f3n de control de salidas de la interfaz web en Aten PE6208 2.3.228 y 2.4.232 permite a los usuarios autenticados remotamente controlar todas las salidas como si fueran el administrador mediante solicitudes HTTP POST."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/setersora/pe6208",

47
CVE-2023/CVE-2023-491xx/CVE-2023-49198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49198",
"sourceIdentifier": "security@apache.org",
"published": "2024-08-21T10:15:04.903",
"lastModified": "2024-08-21T14:35:01.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:56:50.683",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2275FCE7-D9F5-4541-8193-85423472BC64"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/48j9f1nsn037mgzc4j9o51nwglb1s08h",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-64xx/CVE-2023-6452.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-6452",
"sourceIdentifier": "psirt@forcepoint.com",
"published": "2024-08-22T16:15:07.997",
"lastModified": "2024-08-22T16:15:07.997",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS.\n\n\n\n\n\nThe\n Forcepoint Web Security portal allows administrators to generate \ndetailed reports on user requests made through the Web proxy. It has \nbeen determined that the \"user agent\" field in the Transaction Viewer is\n vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability, \nwhich can be exploited by any user who can route traffic through the \nForcepoint Web proxy.\n\nThis \nvulnerability enables unauthorized attackers to execute JavaScript \nwithin the browser context of a Forcepoint administrator, thereby \nallowing them to perform actions on the administrator's behalf. Such a \nbreach could lead to unauthorized access or modifications, posing a \nsignificant security risk.\n\n\n\n\n\n\nThis issue affects Web Security: before 8.5.6."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Forcepoint Web Security (Transaction Viewer) permite XSS Almacenado. El portal Forcepoint Web Security permite a los administradores generar informes detallados sobre las solicitudes de los usuarios realizadas a trav\u00e9s del proxy web. Se ha determinado que el campo \"agente de usuario\" en el Visor de transacciones es vulnerable a una vulnerabilidad persistente de Cross-Site Scripting (XSS), que puede ser explotada por cualquier usuario que pueda enrutar el tr\u00e1fico a trav\u00e9s del proxy web de Forcepoint. Esta vulnerabilidad permite a atacantes no autorizados ejecutar JavaScript dentro del contexto del navegador de un administrador de Forcepoint, permiti\u00e9ndoles as\u00ed realizar acciones en nombre del administrador. Una infracci\u00f3n de este tipo podr\u00eda dar lugar a modificaciones o accesos no autorizados, lo que plantear\u00eda un riesgo de seguridad importante. Este problema afecta a Web Security: versiones anteriores a 8.5.6."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7260.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-7260",
"sourceIdentifier": "security@opentext.com",
"published": "2024-08-22T21:15:16.107",
"lastModified": "2024-08-22T21:15:16.107",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal vulnerability discovered in OpenText\u2122 CX-E Voice, \n\naffecting all version through 22.4. The vulnerability could allow\u00a0arbitrarily access files on the system."
},
{
"lang": "es",
"value": "Vulnerabilidad Path Traversal descubierta en OpenText\u2122 CX-E Voice, que afecta a todas las versiones hasta la 22.4. La vulnerabilidad podr\u00eda permitir acceder arbitrariamente a archivos del sistema."
}
],
"metrics": {

57
CVE-2024/CVE-2024-18xx/CVE-2024-1891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1891",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2024-06-12T16:15:10.887",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:05:49.007",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.0",
"matchCriteriaId": "2F327CB2-484E-4AA1-9590-2AC897A6E688"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/tns-2024-10",
"source": "vulnreport@tenable.com"
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2024/CVE-2024-218xx/CVE-2024-21878.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21878",
"sourceIdentifier": "csirt@divd.nl",
"published": "2024-08-12T13:38:15.107",
"lastModified": "2024-08-12T13:41:36.517",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:52:11.777",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "csirt@divd.nl",
"type": "Secondary",
@ -73,18 +105,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "8.2.4225",
"matchCriteriaId": "045C0178-42FE-4511-A182-AF3BA9545EF0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75882BE4-CF58-44B5-BA30-DD13BDFF78C0"
}
]
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-21878",
"source": "csirt@divd.nl"
"source": "csirt@divd.nl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00011",
"source": "csirt@divd.nl"
"source": "csirt@divd.nl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://enphase.com/cybersecurity/advisories/ensa-2024-3",
"source": "csirt@divd.nl"
"source": "csirt@divd.nl",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2024/CVE-2024-218xx/CVE-2024-21879.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21879",
"sourceIdentifier": "csirt@divd.nl",
"published": "2024-08-12T13:38:15.237",
"lastModified": "2024-08-12T13:41:36.517",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:49:25.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "csirt@divd.nl",
"type": "Secondary",
@ -73,18 +105,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndExcluding": "8.2.4225",
"matchCriteriaId": "045C0178-42FE-4511-A182-AF3BA9545EF0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75882BE4-CF58-44B5-BA30-DD13BDFF78C0"
}
]
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-21879",
"source": "csirt@divd.nl"
"source": "csirt@divd.nl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00011",
"source": "csirt@divd.nl"
"source": "csirt@divd.nl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://enphase.com/cybersecurity/advisories/ensa-2024-4",
"source": "csirt@divd.nl"
"source": "csirt@divd.nl",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2024/CVE-2024-218xx/CVE-2024-21880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21880",
"sourceIdentifier": "csirt@divd.nl",
"published": "2024-08-12T13:38:15.357",
"lastModified": "2024-08-12T13:41:36.517",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:38:35.193",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "csirt@divd.nl",
"type": "Secondary",
@ -73,18 +105,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "7.3.120",
"matchCriteriaId": "CF5422A2-2BF6-4B21-ADD1-27B6830A260D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75882BE4-CF58-44B5-BA30-DD13BDFF78C0"
}
]
}
]
}
],
"references": [
{
"url": "https://csirt.divd.nl/CVE-2024-21880",
"source": "csirt@divd.nl"
"source": "csirt@divd.nl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://csirt.divd.nl/DIVD-2024-00011",
"source": "csirt@divd.nl"
"source": "csirt@divd.nl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://enphase.com/cybersecurity/advisories/ensa-2024-5",
"source": "csirt@divd.nl"
"source": "csirt@divd.nl",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-27xx/CVE-2024-2747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2747",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2024-06-12T18:15:11.680",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:30:43.417",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:easergy_studio:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.3.3",
"matchCriteriaId": "57D8C08A-39CF-452A-AC1B-0FABB886D5C7"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf",
"source": "cybersecurity@se.com"
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-282xx/CVE-2024-28298.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28298",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-02T19:16:30.467",
"lastModified": "2024-08-05T12:41:45.957",
"lastModified": "2024-08-23T16:35:01.807",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en BM SOFT BMPlanning 1.0.0.1 permite a usuarios autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF y posiblemente otros par\u00e1metros de /BMServerR.dll/BMRest."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-28298_BMPlanning%28BM-Soft%29_Authenticated%20SQLI.pdf",

46
CVE-2024/CVE-2024-289xx/CVE-2024-28972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28972",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-01T08:15:02.520",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T16:59:11.070",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +71,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:insightiq:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5569D676-3632-4002-A1FF-56DCF5B2489C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000226567/dsa-2024-211-security-update-for-a-dell-insightiq-broken-or-risky-cryptographic-algorithm-vulnerability",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

98
CVE-2024/CVE-2024-28xx/CVE-2024-2800.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2800",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-08-08T11:15:12.210",
"lastModified": "2024-08-08T13:04:18.753",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:03:41.320",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -51,14 +81,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.3.0",
"versionEndExcluding": "17.0.6",
"matchCriteriaId": "BE9FA482-7DD8-4471-AB55-3DCAEA709557"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "11.3.0",
"versionEndExcluding": "17.06",
"matchCriteriaId": "66E5714F-3E5C-4982-BB80-A83CD0BB9B00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.4",
"matchCriteriaId": "6CA14692-9997-4A11-8B3D-29199A3498D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.4",
"matchCriteriaId": "39754D78-BBE0-41D9-B2AB-5402B32C8ECF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.2",
"matchCriteriaId": "153C136B-FF14-43EC-AE67-68273DF7D9ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.2",
"matchCriteriaId": "2BE7EFA9-D9B4-4E7E-81B2-597D3DC5756E"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451293",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2416332",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

39
CVE-2024/CVE-2024-317xx/CVE-2024-31771.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31771",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:25:42.360",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-08-23T16:35:04.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de permiso inseguro en TotalAV v.6.0.740 permite a un atacante local escalar privilegios a trav\u00e9s de un archivo manipulado"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://github.com/restdone/CVE-2024-31771",

98
CVE-2024/CVE-2024-31xx/CVE-2024-3114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3114",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-08-08T11:15:12.733",
"lastModified": "2024-08-08T13:04:18.753",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:04:56.070",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -51,14 +81,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "11.10.0",
"versionEndExcluding": "17.0.6",
"matchCriteriaId": "03B0A1CC-12FD-4FA4-A818-357F63A5C95A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.10.0",
"versionEndExcluding": "17.0.6",
"matchCriteriaId": "BA68FBDF-DCEE-45E0-8A5B-34E128474D88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.4",
"matchCriteriaId": "6CA14692-9997-4A11-8B3D-29199A3498D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.4",
"matchCriteriaId": "39754D78-BBE0-41D9-B2AB-5402B32C8ECF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.2",
"matchCriteriaId": "153C136B-FF14-43EC-AE67-68273DF7D9ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.2",
"matchCriteriaId": "2BE7EFA9-D9B4-4E7E-81B2-597D3DC5756E"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452547",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2416630",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

8
CVE-2024/CVE-2024-31xx/CVE-2024-3127.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3127",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-08-22T16:15:08.590",
"lastModified": "2024-08-22T16:15:08.590",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 12.5 anteriores a 17.1.6, todas las versiones desde 17.2 anteriores a 17.2.4, todas las versiones desde 17.3 anteriores a 17.3.1. Bajo ciertas condiciones, es posible evitar la restricci\u00f3n de IP para grupos a trav\u00e9s de GraphQL, permitiendo a usuarios no autorizados realizar algunas acciones a nivel de grupo."
}
],
"metrics": {

25
CVE-2024/CVE-2024-325xx/CVE-2024-32501.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-32501",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T17:15:06.490",
"lastModified": "2024-08-23T17:15:06.490",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23."
}
],
"metrics": {},
"references": [
{
"url": "https://centreon.com",
"source": "cve@mitre.org"
},
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744",
"source": "cve@mitre.org"
}
]
}

79
CVE-2024/CVE-2024-329xx/CVE-2024-32939.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32939",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-22T07:15:03.353",
"lastModified": "2024-08-22T12:48:02.790",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:17:54.027",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -51,10 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "9.5.8",
"matchCriteriaId": "7FEEA8D7-745A-49FF-8B01-CA0D1D820D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.8.0",
"versionEndExcluding": "9.8.3",
"matchCriteriaId": "9B9B4EAB-A618-4823-BECD-0BFD3D76A9D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.9.0",
"versionEndExcluding": "9.9.2",
"matchCriteriaId": "A445A478-E185-49DF-8CDC-F42BBF8577D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.10.0",
"versionEndExcluding": "9.10.1",
"matchCriteriaId": "0CA40F21-914D-4891-A578-02E6F35FE249"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-32xx/CVE-2024-3282.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3282",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-23T06:15:03.827",
"lastModified": "2024-08-23T15:35:06.070",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

60
CVE-2024/CVE-2024-338xx/CVE-2024-33852.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-33852",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T17:15:06.570",
"lastModified": "2024-08-23T17:35:02.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/centreon/centreon/releases",
"source": "cve@mitre.org"
},
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-338xx/CVE-2024-33853.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-33853",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T17:15:06.633",
"lastModified": "2024-08-23T17:35:03.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/centreon/centreon/releases",
"source": "cve@mitre.org"
},
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-338xx/CVE-2024-33854.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-33854",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T17:15:06.690",
"lastModified": "2024-08-23T17:15:06.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/centreon/centreon/releases",
"source": "cve@mitre.org"
},
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-364xx/CVE-2024-36439.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36439",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T15:15:15.883",
"lastModified": "2024-08-22T18:35:12.120",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password."
},
{
"lang": "es",
"value": "Los dispositivos Swissphone DiCal-RED 4009 permiten a un atacante remoto obtener acceso a la interfaz web administrativa a trav\u00e9s del valor hash de la contrase\u00f1a del dispositivo, sin conocer la contrase\u00f1a real del dispositivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-364xx/CVE-2024-36440.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36440",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T15:15:15.977",
"lastModified": "2024-08-22T20:35:13.640",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Swissphone DiCal-RED 4009. Un atacante con acceso al archivo /etc/deviceconfig puede recuperar la contrase\u00f1a del dispositivo administrativo mediante m\u00e9todos de descifrado de contrase\u00f1as, porque se utiliza MD5 sin sal."
}
],
"metrics": {

8
CVE-2024/CVE-2024-364xx/CVE-2024-36441.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36441",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T16:15:08.433",
"lastModified": "2024-08-22T19:35:29.793",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device."
},
{
"lang": "es",
"value": "Los dispositivos Swissphone DiCal-RED 4009 permiten que un atacante no autenticado utilice una conexi\u00f3n TCP del puerto 2101 para obtener acceso a los mensajes de operaci\u00f3n que recibe el dispositivo."
}
],
"metrics": {

4
CVE-2024/CVE-2024-364xx/CVE-2024-36442.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36442",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T15:15:16.047",
"lastModified": "2024-08-23T14:35:01.630",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-364xx/CVE-2024-36443.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36443",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T14:15:08.443",
"lastModified": "2024-08-22T19:35:30.730",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP."
},
{
"lang": "es",
"value": "Los dispositivos Swissphone DiCal-RED 4009 permiten a un atacante remoto obtener acceso de lectura a casi todo el sistema de archivos a trav\u00e9s de FTP an\u00f3nimo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-364xx/CVE-2024-36444.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36444",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T15:15:16.117",
"lastModified": "2024-08-22T15:15:16.117",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs."
},
{
"lang": "es",
"value": "cgi-bin/fdmcgiwebv2.cgi en dispositivos Swissphone DiCal-RED 4009 permite que un atacante no autenticado obtenga acceso a los registros del dispositivo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-364xx/CVE-2024-36445.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36445",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T15:15:16.187",
"lastModified": "2024-08-22T20:35:14.640",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication."
},
{
"lang": "es",
"value": "Los dispositivos Swissphone DiCal-RED 4009 permiten a un atacante remoto obtener un shell ra\u00edz a trav\u00e9s de TELNET sin autenticaci\u00f3n."
}
],
"metrics": {

4
CVE-2024/CVE-2024-365xx/CVE-2024-36514.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36514",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-08-23T14:15:09.993",
"lastModified": "2024-08-23T14:15:09.993",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-365xx/CVE-2024-36515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36515",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-08-23T14:15:10.300",
"lastModified": "2024-08-23T14:15:10.300",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-365xx/CVE-2024-36516.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36516",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-08-23T14:15:10.523",
"lastModified": "2024-08-23T14:15:10.523",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-365xx/CVE-2024-36517.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36517",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-08-23T14:15:10.747",
"lastModified": "2024-08-23T14:15:10.747",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

70
CVE-2024/CVE-2024-367xx/CVE-2024-36761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36761",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-12T16:15:11.983",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:19:16.607",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "Se descubri\u00f3 que naga v0.14.0 conten\u00eda un desbordamiento de pila a trav\u00e9s del componente /wgsl/parse/mod.rs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gfx-rs:naga:0.14.0:*:*:*:*:rust:*:*",
"matchCriteriaId": "78CD5E32-2654-480D-99A6-B5B24501BB0D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MageWeiG/VulnerabilityCollection/blob/main/CVE-2024-36761/info.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/gfx-rs/naga/issues/2591",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

71
CVE-2024/CVE-2024-370xx/CVE-2024-37008.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37008",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-08-21T10:15:05.037",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:57:34.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -51,10 +81,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*",
"matchCriteriaId": "70FD96A0-AC16-4E51-B4C1-6BB14C2D905A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*",
"matchCriteriaId": "2F75A973-839F-4BD0-8603-07AEF3F12476"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8E8074-7FA0-4257-9DF9-00B0A37D1F92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "99EC6432-EAE3-4759-A4AF-34B61818EB0E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0013",
"source": "psirt@autodesk.com"
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-373xx/CVE-2024-37311.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37311",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-23T15:15:15.617",
"lastModified": "2024-08-23T15:15:15.617",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-382xx/CVE-2024-38208.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38208",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-22T23:15:07.543",
"lastModified": "2024-08-22T23:15:07.543",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge for Android Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad de Microsoft Edge para Android"
}
],
"metrics": {

8
CVE-2024/CVE-2024-382xx/CVE-2024-38209.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38209",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-22T23:15:07.740",
"lastModified": "2024-08-22T23:15:07.740",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Edge (basado en Chromium)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-382xx/CVE-2024-38210.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38210",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-22T23:15:07.933",
"lastModified": "2024-08-22T23:15:07.933",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Edge (basado en Chromium)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-388xx/CVE-2024-38807.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38807",
"sourceIdentifier": "security@vmware.com",
"published": "2024-08-23T09:15:07.453",
"lastModified": "2024-08-23T09:15:07.453",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Applications that use spring-boot-loader\u00a0or spring-boot-loader-classic\u00a0and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another."
},
{
"lang": "es",
"value": "Las aplicaciones que utilizan spring-boot-loader o spring-boot-loader-classic y contienen c\u00f3digo personalizado que realiza la verificaci\u00f3n de firmas de archivos jar anidados pueden ser vulnerables a la falsificaci\u00f3n de firmas cuando el contenido que parece haber sido firmado por un firmante, de hecho, sido firmado por otro."
}
],
"metrics": {

4
CVE-2024/CVE-2024-388xx/CVE-2024-38869.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38869",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-08-23T15:15:15.843",
"lastModified": "2024-08-23T15:15:15.843",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

39
CVE-2024/CVE-2024-392xx/CVE-2024-39207.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39207",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-27T20:15:22.557",
"lastModified": "2024-06-28T10:27:00.920",
"lastModified": "2024-08-23T16:35:05.620",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que lua-shmem v1.0-1 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s de la funci\u00f3n shmem_write."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/yanggao017/5ca24da711cf893bedac38518ec448f1",

20
CVE-2024/CVE-2024-397xx/CVE-2024-39717.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39717",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-08-22T19:15:09.173",
"lastModified": "2024-08-22T19:15:09.173",
"vulnStatus": "Received",
"lastModified": "2024-08-23T17:35:04.543",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The \u201cChange Favicon\u201d (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. \r\n\r\nSeverity: HIGH\r\n \r\nExploitation Status:\r\n\r\nVersa Networks is aware of one confirmed customer reported instance where this vulnerability was exploited because the Firewall guidelines which were published in 2015 & 2017 were not implemented by that customer. This non-implementation resulted in the bad actor being able to exploit this vulnerability without using the GUI. In our testing (not exhaustive, as not all numerical versions of major browsers were tested) the malicious file does not get executed on the client. There are reports of others based on backbone telemetry observations of a 3rd party provider, however these are unconfirmed to date."
},
{
"lang": "es",
"value": "La GUI de Versa Director ofrece una opci\u00f3n para personalizar la apariencia de la interfaz de usuario. Esta opci\u00f3n solo est\u00e1 disponible para un usuario que haya iniciado sesi\u00f3n con Provider-Data-Center-Admin o Provider-Data-Center-System-Admin. (Los usuarios de nivel de inquilino no tienen este privilegio). La opci\u00f3n \"Cambiar Favicon\" (icono favorito) se puede utilizar incorrectamente para cargar un archivo malicioso que termina con la extensi\u00f3n .png y se hace pasar por un archivo de imagen. Esto solo es posible despu\u00e9s de que un usuario con Provider-Data-Center-Admin o Provider-Data-Center-System-Admin se haya autenticado e iniciado correctamente. Gravedad: ALTA Estado de explotaci\u00f3n: Versa Networks tiene conocimiento de un caso confirmado que inform\u00f3 un cliente en el que esto La vulnerabilidad fue explotada porque ese cliente no implement\u00f3 las pautas de firewall que se publicaron en 2015 y 2017. Esta no implementaci\u00f3n result\u00f3 en que el mal actor pudiera explotar esta vulnerabilidad sin usar la GUI. En nuestras pruebas (no exhaustivas, ya que no se probaron todas las versiones num\u00e9ricas de los principales navegadores), el archivo malicioso no se ejecuta en el cliente. Hay informes de otros basados en observaciones de telemetr\u00eda troncal de un proveedor externo, sin embargo, estos no est\u00e1n confirmados hasta la fecha."
}
],
"metrics": {
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3",

8
CVE-2024/CVE-2024-397xx/CVE-2024-39776.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39776",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-08-22T20:15:08.750",
"lastModified": "2024-08-22T20:15:08.750",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Avtec Outpost stores sensitive information in an insecure location without proper access controls in place."
},
{
"lang": "es",
"value": "Avtec Outpost almacena informaci\u00f3n confidencial en una ubicaci\u00f3n insegura sin controles de acceso adecuados."
}
],
"metrics": {

65
CVE-2024/CVE-2024-398xx/CVE-2024-39810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39810",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-22T07:15:03.743",
"lastModified": "2024-08-22T12:48:02.790",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:16:36.907",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -51,10 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "9.5.8",
"matchCriteriaId": "7FEEA8D7-745A-49FF-8B01-CA0D1D820D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.10.0",
"versionEndExcluding": "9.10.1",
"matchCriteriaId": "0CA40F21-914D-4891-A578-02E6F35FE249"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-398xx/CVE-2024-39836.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39836",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-22T07:15:03.960",
"lastModified": "2024-08-22T12:48:02.790",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:16:18.757",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -51,10 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "9.5.8",
"matchCriteriaId": "7FEEA8D7-745A-49FF-8B01-CA0D1D820D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.8.0",
"versionEndExcluding": "9.8.3",
"matchCriteriaId": "9B9B4EAB-A618-4823-BECD-0BFD3D76A9D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.9.0",
"versionEndExcluding": "9.9.2",
"matchCriteriaId": "A445A478-E185-49DF-8CDC-F42BBF8577D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.10.0",
"versionEndExcluding": "9.10.1",
"matchCriteriaId": "0CA40F21-914D-4891-A578-02E6F35FE249"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

25
CVE-2024/CVE-2024-398xx/CVE-2024-39841.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-39841",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T17:15:06.780",
"lastModified": "2024-08-23T17:15:06.780",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/centreon/centreon/releases",
"source": "cve@mitre.org"
},
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744",
"source": "cve@mitre.org"
}
]
}

107
CVE-2024/CVE-2024-404xx/CVE-2024-40453.json
View File

@ -2,28 +2,123 @@
"id": "CVE-2024-40453",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-21T17:15:08.100",
"lastModified": "2024-08-21T17:24:59.627",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T17:35:05.463",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que squirrellyjs squirrelly v9.0.0 y corregido en v.9.0.1 conten\u00eda una vulnerabilidad de inyecci\u00f3n de c\u00f3digo a trav\u00e9s del componente options.varName."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squirrelly:squirrelly:9.0.0:*:*:*:*:node.js:*:*",
"matchCriteriaId": "A9951264-FE0D-4AA9-88E3-165D84655471"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/squirrellyjs/squirrelly",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/squirrellyjs/squirrelly/pull/262",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://samuzora.com/posts/cve-2024-40453",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

8
CVE-2024/CVE-2024-407xx/CVE-2024-40766.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40766",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2024-08-23T07:15:03.643",
"lastModified": "2024-08-23T07:15:03.643",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administraci\u00f3n de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones espec\u00edficas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, as\u00ed como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores."
}
],
"metrics": {},

221
CVE-2024/CVE-2024-408xx/CVE-2024-40883.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40883",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-08-01T02:15:02.023",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T16:52:30.277",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,226 @@
"value": " Existe una vulnerabilidad de Cross-site request forgery en los enrutadores LAN inal\u00e1mbricos ELECOM. Al ver una p\u00e1gina maliciosa mientras inicia sesi\u00f3n en el producto afectado con un privilegio administrativo, se puede dirigir al usuario a realizar operaciones no deseadas, como cambiar el ID de inicio de sesi\u00f3n, la contrase\u00f1a de inicio de sesi\u00f3n, etc."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.69",
"matchCriteriaId": "62F4C8BB-6DA7-4227-BDE9-3113CEFA110A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF3CB7-7F2E-472A-A2A3-ED599F4FC99C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.69",
"matchCriteriaId": "77A56640-4A80-4338-9BBF-901088D26193"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD9F0FE-1232-4C39-AA86-2D616E4D39C6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.69",
"matchCriteriaId": "3892264D-1108-432F-83EA-E027A6AA0610"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-2533gs2v-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69FF2911-A946-4E48-B50A-F1F5EC95BBCC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.12",
"matchCriteriaId": "A1309B92-8C27-488A-8190-A164502EE615"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-x6000xs-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D50F2091-30D4-4A3E-A28A-B9D67D70DB2C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.12",
"matchCriteriaId": "C34B5CB1-4483-49B0-B281-1F61045785C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-x1500gs-b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B13224-1E88-4415-8B8E-979D00BD68F2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.12",
"matchCriteriaId": "82A4CAE8-0C68-4881-92F3-6BFFD72A58CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-x1500gsa-b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D198866F-7CB3-4EA0-86EA-345CF65E116F"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN06672778/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20240730-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-408xx/CVE-2024-40884.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40884",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-22T16:15:08.797",
"lastModified": "2024-08-22T16:15:08.797",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without \"Add Team Members\" permission to disable the invite URL."
},
{
"lang": "es",
"value": "Las versiones 9.5.x &lt;= 9.5.7, 9.10.x &lt;= 9.10.0 de Mattermost no aplican correctamente los permisos, lo que permite a un usuario administrador del equipo sin el permiso \"Agregar miembros del equipo\" deshabilitar la URL de invitaci\u00f3n."
}
],
"metrics": {

79
CVE-2024/CVE-2024-408xx/CVE-2024-40886.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40886",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-22T07:15:04.183",
"lastModified": "2024-08-22T12:48:02.790",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:09:31.887",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -51,10 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "9.5.8",
"matchCriteriaId": "7FEEA8D7-745A-49FF-8B01-CA0D1D820D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.8.0",
"versionEndExcluding": "9.8.3",
"matchCriteriaId": "9B9B4EAB-A618-4823-BECD-0BFD3D76A9D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.9.0",
"versionEndExcluding": "9.9.2",
"matchCriteriaId": "A445A478-E185-49DF-8CDC-F42BBF8577D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.10.0",
"versionEndExcluding": "9.10.1",
"matchCriteriaId": "0CA40F21-914D-4891-A578-02E6F35FE249"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-411xx/CVE-2024-41150.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41150",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-08-23T15:15:16.120",
"lastModified": "2024-08-23T15:15:16.120",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

39
CVE-2024/CVE-2024-413xx/CVE-2024-41304.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41304",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-30T18:15:05.817",
"lastModified": "2024-07-31T12:57:02.300",
"lastModified": "2024-08-23T16:35:06.883",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n uploadFileAction() de WonderCMS v3.4.3 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SVG manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-SVG-Stored-Cross-Site-Scripting",

67
CVE-2024/CVE-2024-416xx/CVE-2024-41674.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-41674",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-21T15:15:08.770",
"lastModified": "2024-08-21T16:06:23.153",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:06:58.063",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0."
},
{
"lang": "es",
"value": "CKAN es un sistema de gesti\u00f3n de datos de c\u00f3digo abierto para impulsar centros y portales de datos. Si hubo problemas de conexi\u00f3n con el servidor Solr, la URL interna de Solr (que potencialmente incluye las credenciales) podr\u00eda filtrarse a llamadas package_search como parte del mensaje de error devuelto. Esto ha sido parcheado en CKAN 2.10.5 y 2.11.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -47,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"versionEndExcluding": "2.10.5",
"matchCriteriaId": "E92554C7-B668-4F24-9781-5E5F2A284989"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ckan/ckan/commit/f6b032cd7082d784938165bbd113557639002ca7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ckan/ckan/security/advisories/GHSA-2rqw-cfhc-35fh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-416xx/CVE-2024-41675.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-41675",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-21T15:15:08.963",
"lastModified": "2024-08-21T16:06:23.153",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-23T17:07:28.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0."
},
{
"lang": "es",
"value": "CKAN es un sistema de gesti\u00f3n de datos de c\u00f3digo abierto para impulsar centros y portales de datos. El complemento de vista Datatables no escap\u00f3 correctamente de los datos de registro provenientes del DataStore, lo que gener\u00f3 un posible vector XSS. Sitios que ejecutan CKAN &gt;= 2.7.0 con el complemento datatables_view activado. Este es un complemento incluido en el n\u00facleo de CKAN, que no est\u00e1 activado de forma predeterminada pero se usa ampliamente para obtener una vista previa de datos tabulares. Esta vulnerabilidad se ha solucionado en CKAN 2.10.5 y 2.11.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -47,18 +81,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.10.5",
"matchCriteriaId": "A70EB437-0147-41E9-B781-D0F52995B0C4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ckan/ckan/commit/9e89ce8220ab1445e0bd85a67994a51d9d3d2688",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ckan/ckan/commit/d7dfe8c427b1c63c75d788a609f3b7d7620a25a1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ckan/ckan/security/advisories/GHSA-r3jc-vhf4-6v32",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41841.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41841",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:06.847",
"lastModified": "2024-08-23T17:15:06.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41842.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41842",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:07.100",
"lastModified": "2024-08-23T17:15:07.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41843.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41843",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:07.320",
"lastModified": "2024-08-23T17:15:07.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41844.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41844",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:07.550",
"lastModified": "2024-08-23T17:15:07.550",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41845.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41845",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:07.803",
"lastModified": "2024-08-23T17:15:07.803",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41846.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41846",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:08.033",
"lastModified": "2024-08-23T17:15:08.033",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41847.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41847",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:08.240",
"lastModified": "2024-08-23T17:15:08.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41848.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41848",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:08.447",
"lastModified": "2024-08-23T17:15:08.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41849.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41849",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:08.697",
"lastModified": "2024-08-23T17:15:08.697",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41875.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41875",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:08.927",
"lastModified": "2024-08-23T17:15:08.927",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41876.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41876",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:09.137",
"lastModified": "2024-08-23T17:15:09.137",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41877.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41877",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:09.370",
"lastModified": "2024-08-23T17:15:09.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41878.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41878",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-23T17:15:09.610",
"lastModified": "2024-08-23T17:15:09.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

61
CVE-2024/CVE-2024-419xx/CVE-2024-41937.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-41937",
"sourceIdentifier": "security@apache.org",
"published": "2024-08-21T16:15:08.107",
"lastModified": "2024-08-21T17:25:08.560",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:21:21.893",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the\u00a0user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability."
},
{
"lang": "es",
"value": "Apache Airflow, versiones anteriores a la 2.10.0, tienen una vulnerabilidad que permite al desarrollador de un proveedor malicioso ejecutar un ataque de cross-site scripting al hacer clic en un enlace de documentaci\u00f3n del proveedor. Esto requerir\u00eda que el proveedor est\u00e9 instalado en el servidor web y que el usuario haga clic en el enlace del proveedor. Los usuarios deben actualizar a 2.10.0 o posterior, lo que soluciona esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -24,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.10.0",
"matchCriteriaId": "3762E1D0-9E6E-44EB-82A7-620638F6F9AD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/apache/airflow/pull/40933",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Patch"
]
},
{
"url": "https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-420xx/CVE-2024-42040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42040",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T15:15:16.323",
"lastModified": "2024-08-23T15:15:16.323",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

56
CVE-2024/CVE-2024-423xx/CVE-2024-42364.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-42364",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-23T16:15:06.510",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will ask a user to visit his/her website. The attacker website will then change the DNS records of their domain from their IP address to the internal IP address of the homepage instance. To tell which IP addresses are valid, we can rebind a subdomain to each IP address we want to check, and see if there is a response. Once potential candidates have been found, the attacker can launch the attack by reading the response of the webserver after the IP address has changed. When the attacker domain is fetched, the response will be from the homepage instance, not the attacker website, because the IP address has been changed. Due to a lack of authentication, a user\u2019s private information such as API keys (fixed after first report) and other private information can then be extracted by the attacker website."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-350"
}
]
}
],
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-096_homepage/",
"source": "security-advisories@github.com"
}
]
}

79
CVE-2024/CVE-2024-424xx/CVE-2024-42411.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42411",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-22T07:15:04.397",
"lastModified": "2024-08-22T12:48:02.790",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-23T16:04:26.227",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -51,10 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "9.5.8",
"matchCriteriaId": "7FEEA8D7-745A-49FF-8B01-CA0D1D820D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.8.0",
"versionEndExcluding": "9.8.3",
"matchCriteriaId": "9B9B4EAB-A618-4823-BECD-0BFD3D76A9D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.9.0",
"versionEndExcluding": "9.9.2",
"matchCriteriaId": "A445A478-E185-49DF-8CDC-F42BBF8577D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.10.0",
"versionEndExcluding": "9.10.1",
"matchCriteriaId": "0CA40F21-914D-4891-A578-02E6F35FE249"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-424xx/CVE-2024-42418.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42418",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-08-22T20:15:09.470",
"lastModified": "2024-08-22T20:15:09.470",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information."
},
{
"lang": "es",
"value": "Avtec Outpost utiliza una clave criptogr\u00e1fica predeterminada que se puede utilizar para descifrar informaci\u00f3n confidencial."
}
],
"metrics": {

8
CVE-2024/CVE-2024-424xx/CVE-2024-42490.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42490",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-22T16:15:09.117",
"lastModified": "2024-08-22T16:15:09.117",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs/<uuid>/view_certificate/, /api/v3/crypto/certificatekeypairs/<uuid>/view_private_key/, and /api/v3/.../used_by/. Note that all of the affected API endpoints require the knowledge of the ID of an object, which especially for certificates is not accessible to an unprivileged user. Additionally the IDs for most objects are UUIDv4, meaning they are not easily guessable/enumerable. authentik 2024.4.4, 2024.6.4 and 2024.8.0 fix this issue."
},
{
"lang": "es",
"value": "authentik es un proveedor de identidades de c\u00f3digo abierto. Los usuarios pueden acceder a varios endpoints de API sin la autenticaci\u00f3n/autorizaci\u00f3n correcta. Los principales endpoints de API afectados por esto son /api/v3/crypto/certificatekeypairs//view_certificate/, /api/v3/crypto/certificatekeypairs//view_private_key/ y /api/v3/.../ used_by/. Tenga en cuenta que todos los endpoints de API afectados requieren el conocimiento del ID de un objeto, que, especialmente en el caso de los certificados, no es accesible para un usuario sin privilegios. Adem\u00e1s, los ID de la mayor\u00eda de los objetos son UUIDv4, lo que significa que no son f\u00e1ciles de adivinar ni enumerar. authentik 2024.4.4, 2024.6.4 y 2024.8.0 solucionan este problema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-424xx/CVE-2024-42497.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42497",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-08-22T16:15:09.330",
"lastModified": "2024-08-22T16:15:09.330",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams."
},
{
"lang": "es",
"value": "Las versiones de Mattermost 9.9.x &lt;= 9.9.1, 9.5.x &lt;= 9.5.7, 9.10.x &lt;= 9.10.0, 9.8.x &lt;= 9.8.2 no aplican correctamente los permisos que permiten a un usuario con funci\u00f3n de administrador de sistemas con acceso de solo lectura a los equipos para realizar operaciones de escritura en los equipos."
}
],
"metrics": {

25
CVE-2024/CVE-2024-425xx/CVE-2024-42523.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42523",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T16:15:06.730",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData"
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ilikeoyt/3dbbca2679c2551eaaeaea9c83acf1a1",
"source": "cve@mitre.org"
},
{
"url": "https://gitee.com/sanluan/PublicCMS/issues/IADVDM",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-425xx/CVE-2024-42531.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42531",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T17:15:09.833",
"lastModified": "2024-08-23T17:15:09.833",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed."
}
],
"metrics": {},
"references": [
{
"url": "http://ezviz.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Anonymous120386/Anonymous",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-425xx/CVE-2024-42599.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42599",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T20:15:09.730",
"lastModified": "2024-08-22T20:15:09.730",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges."
},
{
"lang": "es",
"value": "SeaCMS 13.0 tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. La raz\u00f3n de esta vulnerabilidad es que, aunque admin_files.php impone restricciones a los archivos editados, los atacantes a\u00fan pueden eludir estas restricciones y escribir c\u00f3digo, lo que permite a los atacantes autenticados explotar la vulnerabilidad para ejecutar comandos arbitrarios y obtener privilegios del sistema."
}
],
"metrics": {},

21
CVE-2024/CVE-2024-426xx/CVE-2024-42636.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-42636",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T16:15:06.787",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/iami233/cve/issues/1",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-427xx/CVE-2024-42756.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42756",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T16:15:06.840",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Nop3z/CVE/blob/main/Netgear/Netgear%20DGN1000%20RCE/Netgear%20DGN1000%20RCE.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.netgear.com/about/security/",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-427xx/CVE-2024-42761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42761",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T21:15:17.193",
"lastModified": "2024-08-23T15:35:09.650",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-427xx/CVE-2024-42762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42762",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T21:15:17.293",
"lastModified": "2024-08-23T14:35:04.597",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

45
CVE-2024/CVE-2024-427xx/CVE-2024-42763.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-42763",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T21:15:17.380",
"lastModified": "2024-08-22T21:15:17.380",
"vulnStatus": "Received",
"lastModified": "2024-08-23T17:35:06.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in the \"/schedule.php\" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the \"bookingdate\" parameter."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) Reflejado en la p\u00e1gina \"/schedule.php\" del Kashipara Bus Ticket Reservation System v1.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro \"bookingdate\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Reflected%20XSS%20-%20Book%20Ticket.pdf",

4
CVE-2024/CVE-2024-427xx/CVE-2024-42764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42764",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T15:15:16.397",
"lastModified": "2024-08-23T15:35:10.780",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-427xx/CVE-2024-42765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42765",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T15:15:16.447",
"lastModified": "2024-08-23T15:35:11.753",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-427xx/CVE-2024-42766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42766",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T15:15:16.497",
"lastModified": "2024-08-23T15:15:16.497",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-427xx/CVE-2024-42767.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42767",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T18:15:10.280",
"lastModified": "2024-08-22T19:35:36.800",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php."
},
{
"lang": "es",
"value": "Kashipara Hotel Management System v1.0 es vulnerable a la carga de archivos sin restricciones RCE a trav\u00e9s de /admin/add_room_controller.php."
}
],
"metrics": {

8
CVE-2024/CVE-2024-427xx/CVE-2024-42768.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42768",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T17:15:05.693",
"lastModified": "2024-08-22T18:35:16.727",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de cross-site request forgery (CSRF) en Kashipara Hotel Management System v1.0 a trav\u00e9s de /admin/delete_room.php."
}
],
"metrics": {

8
CVE-2024/CVE-2024-427xx/CVE-2024-42769.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42769",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T16:15:09.553",
"lastModified": "2024-08-22T19:35:37.830",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in \"/core/signup_user.php \" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via \"user_fname\" and \"user_lname\" parameters."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) Reflejado en \"/core/signup_user.php\" de Kashipara Hotel Management System v1.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros \"user_fname\" y \"user_lname\"."
}
],
"metrics": {

8
CVE-2024/CVE-2024-427xx/CVE-2024-42770.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T16:15:09.640",
"lastModified": "2024-08-22T16:35:07.240",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross Site Scripting (XSS) vulnerability was found in \"/core/signup_user.php\" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the \"user_email\" parameter."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) Almacenado en \"/core/signup_user.php\" de Kashipara Hotel Management System v1.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro \"user_email\"."
}
],
"metrics": {

8
CVE-2024/CVE-2024-427xx/CVE-2024-42771.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42771",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T16:15:09.730",
"lastModified": "2024-08-22T20:35:19.220",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross Site Scripting (XSS) vulnerability was found in \" /admin/edit_room_controller.php\" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via \"room_name\" parameter."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) Almacenado en \" /admin/edit_room_controller.php\" de Kashipara Hotel Management System v1.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro \"room_name\"."
}
],
"metrics": {

8
CVE-2024/CVE-2024-427xx/CVE-2024-42772.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42772",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T17:15:06.070",
"lastModified": "2024-08-22T19:35:38.793",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de control de acceso incorrecto en /admin/rooms.php en Kashipara Hotel Management System v1.0, que permite a un atacante no autenticado ver entradas v\u00e1lidas de habitaciones de hotel en la secci\u00f3n de administrador."
}
],
"metrics": {

8
CVE-2024/CVE-2024-427xx/CVE-2024-42773.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42773",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T18:15:10.367",
"lastModified": "2024-08-22T18:15:10.367",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de control de acceso incorrecto en /admin/edit_room_controller.php en Kashipara Hotel Management System v1.0, que permite a un atacante no autenticado editar las entradas v\u00e1lidas de las habitaciones del hotel en la secci\u00f3n del administrador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-427xx/CVE-2024-42774.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42774",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T17:15:06.350",
"lastModified": "2024-08-22T20:35:20.297",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de control de acceso incorrecto en /admin/delete_room.php en Kashipara Hotel Management System v1.0, que permite a un atacante no autenticado eliminar entradas v\u00e1lidas de habitaciones de hotel en la secci\u00f3n de administrador."
}
],
"metrics": {

8
CVE-2024/CVE-2024-427xx/CVE-2024-42775.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42775",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T17:15:06.580",
"lastModified": "2024-08-22T20:35:21.223",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de control de acceso incorrecto en /admin/add_room_controller.php en Kashipara Hotel Management System v1.0, que permite a un atacante no autenticado agregar entradas v\u00e1lidas de habitaciones de hotel en la secci\u00f3n de administrador a trav\u00e9s del acceso URL directo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-427xx/CVE-2024-42776.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42776",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T17:15:06.807",
"lastModified": "2024-08-22T20:35:22.323",
"vulnStatus": "Received",
"lastModified": "2024-08-23T16:18:28.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php."
},
{
"lang": "es",
"value": "Kashipara Hotel Management System v1.0 es vulnerable a un control de acceso incorrecto a trav\u00e9s de /admin/users.php."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More