admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-01T13:00:21.251545+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-01 13:03:21 +00:00
parent 7ddefa6746
commit cc13ee5acd
261 changed files with 3148 additions and 787 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2019/CVE-2019-252xx/CVE-2019-25219.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25219",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-29T17:15:03.567",
"lastModified": "2024-10-30T16:35:01.230",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:35.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-520xx/CVE-2023-52044.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52044",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T19:15:12.347",
"lastModified": "2024-10-31T19:15:12.347",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-520xx/CVE-2023-52045.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52045",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T19:15:12.450",
"lastModified": "2024-10-31T19:15:12.450",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-520xx/CVE-2023-52066.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52066",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T21:15:14.000",
"lastModified": "2024-10-30T21:15:14.000",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "http.zig commit 76cf5 was discovered to contain a CRLF injection vulnerability via the url parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el commit 76cf5 de http.zig conten\u00eda una vulnerabilidad de inyecci\u00f3n CRLF a trav\u00e9s del par\u00e1metro url."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-58xx/CVE-2023-5816.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-5816",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T03:15:03.090",
"lastModified": "2024-10-30T03:15:03.090",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance."
},
{
"lang": "es",
"value": " El complemento Code Explorer para WordPress es vulnerable a la lectura arbitraria de archivos externos en todas las versiones hasta la 1.4.5 incluida. Esto se debe a que el complemento no restringe el acceso a los archivos a aquellos que se encuentran fuera de la instancia de WordPress, aunque la intenci\u00f3n del complemento es acceder \u00fanicamente a los archivos relacionados con WordPress. Esto permite que atacantes autenticados, con acceso de nivel de administrador, lean archivos fuera de la instancia de WordPress."
}
],
"metrics": {

4
CVE-2024/CVE-2024-01xx/CVE-2024-0105.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0105",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-11-01T06:15:12.397",
"lastModified": "2024-11-01T06:15:12.397",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-01xx/CVE-2024-0106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0106",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-11-01T06:15:12.883",
"lastModified": "2024-11-01T06:15:12.883",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-100xx/CVE-2024-10005.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10005",
"sourceIdentifier": "security@hashicorp.com",
"published": "2024-10-30T22:15:02.820",
"lastModified": "2024-10-30T22:15:02.820",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en Consul y Consul Enterprise (\u201cConsul\u201d) tal que el uso de rutas URL en intenciones de tr\u00e1fico L7 podr\u00eda eludir las reglas de acceso basadas en rutas de solicitud HTTP."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10006.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10006",
"sourceIdentifier": "security@hashicorp.com",
"published": "2024-10-30T22:15:03.063",
"lastModified": "2024-10-30T22:15:03.063",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en Consul y Consul Enterprise (\u201cConsul\u201d) tal que el uso de encabezados en intenciones de tr\u00e1fico L7 podr\u00eda eludir las reglas de acceso basadas en encabezados HTTP."
}
],
"metrics": {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10086.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10086",
"sourceIdentifier": "security@hashicorp.com",
"published": "2024-10-30T22:15:03.283",
"lastModified": "2024-10-30T22:15:03.283",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en Consul y Consul Enterprise tal que la respuesta del servidor no establec\u00eda expl\u00edcitamente un encabezado HTTP Content-Type, lo que permit\u00eda que las entradas proporcionadas por el usuario se malinterpretaran y generaran un XSS reflejado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10108.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10108",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T07:15:13.887",
"lastModified": "2024-10-30T07:15:13.887",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": " El complemento WPAdverts \u2013 Classifieds Plugin para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado adverts_add del complemento en todas las versiones hasta la 2.1.6 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficiente. Esto permite que atacantes no autenticados inyecten scripts web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-102xx/CVE-2024-10223.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10223",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T07:15:15.487",
"lastModified": "2024-10-30T07:15:15.487",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Team \u2013 WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WP Team \u2013 WordPress Team Member para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto htteamember del complemento en todas las versiones hasta la 1.1.4 incluida, debido a una desinfecci\u00f3n de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-102xx/CVE-2024-10228.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10228",
"sourceIdentifier": "security@hashicorp.com",
"published": "2024-10-29T22:15:03.220",
"lastModified": "2024-10-29T22:15:03.220",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:35.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23"
},
{
"lang": "es",
"value": "El instalador de Windows de Vagrant VMWare Utility apuntaba a una ubicaci\u00f3n personalizada con una ruta no protegida que pod\u00eda ser modificada por un usuario sin privilegios, lo que generaba la posibilidad de escrituras no autorizadas en el sistema de archivos. Esta vulnerabilidad, CVE-2024-10228, se corrigi\u00f3 en Vagrant VMWare Utility 1.0.23"
}
],
"metrics": {

4
CVE-2024/CVE-2024-102xx/CVE-2024-10232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10232",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-01T10:15:03.080",
"lastModified": "2024-11-01T10:15:03.080",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

84
CVE-2024/CVE-2024-103xx/CVE-2024-10331.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10331",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-24T11:15:14.327",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-01T12:41:51.470",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,56 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?ctiid.281675",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.281675",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.427426",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:vehicle_record_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C526E65-D52A-44FC-9193-8544B55EB158"
}
]
}
]
}
],
"references": [
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.281675",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281675",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.427426",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

64
CVE-2024/CVE-2024-103xx/CVE-2024-10367.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-10367",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-01T11:15:12.130",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3178637/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/otter-blocks/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d83c085-b33a-4003-9e0a-8457669d6634?source=cve",
"source": "security@wordfence.com"
}
]
}

8
CVE-2024/CVE-2024-103xx/CVE-2024-10392.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10392",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-31T06:15:04.400",
"lastModified": "2024-10-31T06:15:04.400",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
},
{
"lang": "es",
"value": "El complemento AI Power: Complete AI Pack para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'handle_image_upload' en todas las versiones hasta la 1.8.89 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-103xx/CVE-2024-10399.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10399",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-30T06:15:14.763",
"lastModified": "2024-10-30T06:15:14.763",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users."
},
{
"lang": "es",
"value": " El complemento Download Monitor para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n ajax_search_users en todas las versiones hasta la 5.0.13 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, obtengan nombres de usuario y correos electr\u00f3nicos de los usuarios del sitio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-104xx/CVE-2024-10452.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10452",
"sourceIdentifier": "security@grafana.com",
"published": "2024-10-29T16:15:04.593",
"lastModified": "2024-10-29T16:15:04.593",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:35.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Organization admins can delete pending invites created in an organization they are not part of."
},
{
"lang": "es",
"value": " Los administradores de la organizaci\u00f3n pueden eliminar las invitaciones pendientes creadas en una organizaci\u00f3n de la que no forman parte."
}
],
"metrics": {

4
CVE-2024/CVE-2024-104xx/CVE-2024-10454.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10454",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-10-31T13:15:14.580",
"lastModified": "2024-10-31T13:15:14.580",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-104xx/CVE-2024-10456.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10456",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-10-30T18:15:05.123",
"lastModified": "2024-10-30T18:15:05.123",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication."
},
{
"lang": "es",
"value": "Las versiones de Delta Electronics InfraSuite Device Master anteriores a 1.0.12 se ven afectadas por una vulnerabilidad de deserializaci\u00f3n que afecta a Device-Gateway, lo que podr\u00eda permitir la deserializaci\u00f3n de objetos .NET arbitrarios antes de la autenticaci\u00f3n."
}
],
"metrics": {

4
CVE-2024/CVE-2024-104xx/CVE-2024-10487.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10487",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-10-29T22:15:03.430",
"lastModified": "2024-10-31T14:35:04.283",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:35.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-104xx/CVE-2024-10488.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10488",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-10-29T22:15:03.523",
"lastModified": "2024-10-31T14:35:04.517",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:35.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-104xx/CVE-2024-10491.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10491",
"sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"published": "2024-10-29T17:15:03.853",
"lastModified": "2024-10-29T17:15:03.853",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:35.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the Express response.links\u00a0function, allowing for arbitrary resource injection in the Link\u00a0header when unsanitized data is used.\n\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\n\nThis vulnerability is especially relevant for dynamic parameters."
},
{
"lang": "es",
"value": " Se ha identificado una vulnerabilidad en la funci\u00f3n response.links de Express, que permite la inyecci\u00f3n arbitraria de recursos en el encabezado Link cuando se utilizan datos no desinfectados. El problema surge de una desinfecci\u00f3n incorrecta en los valores del encabezado `Link`, que puede permitir una combinaci\u00f3n de caracteres como `,`, `;` y `&lt;&gt;` para precargar recursos maliciosos. Esta vulnerabilidad es especialmente relevante para los par\u00e1metros din\u00e1micos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10500.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10500",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T01:15:02.803",
"lastModified": "2024-10-30T01:15:02.803",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en ESAFENET CDG 5. Este problema afecta a una funcionalidad desconocida del archivo /com/esafenet/servlet/policy/HookWhiteListService.java. La manipulaci\u00f3n del argumento policyId provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10501.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10501",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T01:15:03.107",
"lastModified": "2024-10-30T01:15:03.107",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": " Se ha descubierto una vulnerabilidad clasificada como cr\u00edtica en ESAFENET CDG 5. Afecta a la funci\u00f3n findById del archivo /com/esafenet/servlet/document/ExamCDGDocService.java. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10502.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10502",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T01:15:03.377",
"lastModified": "2024-10-30T01:15:03.377",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function getOneFileDirectory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument directoryId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en ESAFENET CDG 5 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n getOneFileDirectory del archivo /com/esafenet/servlet/fileManagement/FileDirectoryService.java. La manipulaci\u00f3n del argumento directoryId provoca una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10503.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10503",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T01:15:03.653",
"lastModified": "2024-10-30T01:15:03.653",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": " Se encontr\u00f3 una vulnerabilidad en Klokan MapTiler tilerver-gl 2.3.1 y se clasific\u00f3 como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del componente URL Handler. La manipulaci\u00f3n del argumento key conduce a Cross Site Scripting. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10505.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10505",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T02:15:02.430",
"lastModified": "2024-10-30T02:15:02.430",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en wuzhicms 4.1.0. Se ha clasificado como cr\u00edtica. La funci\u00f3n add/edit del archivo www/coreframe/app/content/admin/block.php est\u00e1 afectada. La manipulaci\u00f3n provoca la inyecci\u00f3n de c\u00f3digo. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Inicialmente, el investigador cre\u00f3 dos problemas separados para las diferentes llamadas de funci\u00f3n. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10506.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10506",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T03:15:03.490",
"lastModified": "2024-10-30T03:15:03.490",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Blood Bank System 1.0. This affects an unknown part of the file /admin/blood/update/B-.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en el c\u00f3digo de proyectos Blood Bank System 1.0. Afecta a una parte desconocida del archivo /admin/blood/update/B-.php. La manipulaci\u00f3n del argumento Bloodname provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10507.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10507",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T03:15:03.777",
"lastModified": "2024-10-30T03:15:03.777",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Codezips Free Exam Hall Seating Management System 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /login.php. La manipulaci\u00f3n del argumento email conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10509.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10509",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T03:15:04.060",
"lastModified": "2024-10-30T03:15:04.060",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Codezips Online Institute Management System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /login.php. La manipulaci\u00f3n del argumento email provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

4
CVE-2024/CVE-2024-105xx/CVE-2024-10525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10525",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-10-30T12:15:02.787",
"lastModified": "2024-10-31T10:15:03.133",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-105xx/CVE-2024-10544.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10544",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-31T02:15:03.080",
"lastModified": "2024-10-31T02:15:03.080",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files."
},
{
"lang": "es",
"value": "El complemento Woo Manage Fraud Orders para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 6.1.7 incluida, a trav\u00e9s de archivos de registro expuestos p\u00fablicamente. Esto permite que atacantes no autenticados vean informaci\u00f3n potencialmente confidencial sobre los usuarios contenida en los archivos de registro expuestos."
}
],
"metrics": {

10
CVE-2024/CVE-2024-105xx/CVE-2024-10546.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10546",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-30T20:15:03.700",
"lastModified": "2024-10-30T20:15:03.700",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in open-scratch Teaching \u5728\u7ebf\u6559\u5b66\u5e73\u53f0 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
"value": "A vulnerability classified as critical was found in open-scratch Teaching ?????? up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en open-scratch Teaching ?????? hasta la versi\u00f3n 2.7. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /api/sys/ng-alain/getDictItemsByTable/ del componente URL Handler. La manipulaci\u00f3n conduce a una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10556.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10556",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T01:15:14.253",
"lastModified": "2024-10-31T01:15:14.253",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Codezips Pet Shop Management System 1.0. Se trata de una funci\u00f3n desconocida del archivo birdsadd.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10557.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10557",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T01:15:14.527",
"lastModified": "2024-10-31T01:15:14.527",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Blood Bank Management System 1.0 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /file/updateprofile.php. La manipulaci\u00f3n conduce a cross-site request forgery. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10559.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10559",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T02:15:03.370",
"lastModified": "2024-10-31T02:15:03.370",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function details of the component Passport Number Handler. The manipulation leads to buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en SourceCodester Airport Booking Management System 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a los detalles de la funci\u00f3n del componente Passport Number Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. El ataque debe abordarse de forma local. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-105xx/CVE-2024-10561.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10561",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T02:15:03.680",
"lastModified": "2024-10-31T02:15:03.680",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Codezips Pet Shop Management System 1.0. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo birdsupdate.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

4
CVE-2024/CVE-2024-105xx/CVE-2024-10573.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10573",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-31T19:15:12.540",
"lastModified": "2024-10-31T19:15:12.540",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-105xx/CVE-2024-10594.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10594",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T21:15:14.990",
"lastModified": "2024-10-31T21:15:14.990",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-105xx/CVE-2024-10595.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10595",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T21:15:15.387",
"lastModified": "2024-10-31T21:15:15.387",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-105xx/CVE-2024-10596.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10596",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T21:15:15.647",
"lastModified": "2024-10-31T21:15:15.647",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-105xx/CVE-2024-10597.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10597",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T21:15:15.893",
"lastModified": "2024-10-31T21:15:15.893",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-105xx/CVE-2024-10598.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10598",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T22:15:02.960",
"lastModified": "2024-10-31T22:15:02.960",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-105xx/CVE-2024-10599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10599",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T22:15:03.267",
"lastModified": "2024-10-31T22:15:03.267",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10600.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10600",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T23:15:12.067",
"lastModified": "2024-10-31T23:15:12.067",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10601.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10601",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T23:15:12.343",
"lastModified": "2024-10-31T23:15:12.343",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10602.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10602",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T00:15:02.973",
"lastModified": "2024-11-01T00:15:02.973",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10605.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10605",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T00:15:03.243",
"lastModified": "2024-11-01T00:15:03.243",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10607.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10607",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T01:15:12.153",
"lastModified": "2024-11-01T01:15:12.153",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10608.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10608",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T01:15:12.430",
"lastModified": "2024-11-01T01:15:12.430",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10609.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10609",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T01:15:12.690",
"lastModified": "2024-11-01T01:15:12.690",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10610.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10610",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T02:15:03.180",
"lastModified": "2024-11-01T02:15:03.180",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10611.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10611",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T02:15:03.533",
"lastModified": "2024-11-01T02:15:03.533",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10612",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T03:15:02.617",
"lastModified": "2024-11-01T03:15:02.617",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10613",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T03:15:02.903",
"lastModified": "2024-11-01T03:15:02.903",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10615.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10615",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T03:15:03.180",
"lastModified": "2024-11-01T03:15:03.180",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10616.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10616",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T04:15:08.643",
"lastModified": "2024-11-01T04:15:08.643",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10617.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10617",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T04:15:09.100",
"lastModified": "2024-11-01T04:15:09.100",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10618",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T04:15:09.513",
"lastModified": "2024-11-01T04:15:09.513",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10619.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10619",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T04:15:10.897",
"lastModified": "2024-11-01T04:15:10.897",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10620",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T05:15:05.167",
"lastModified": "2024-11-01T05:15:05.167",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10651",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-11-01T10:15:04.600",
"lastModified": "2024-11-01T10:15:04.600",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10652",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-11-01T10:15:04.877",
"lastModified": "2024-11-01T10:15:04.877",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-106xx/CVE-2024-10653.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10653",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-11-01T10:15:05.103",
"lastModified": "2024-11-01T10:15:05.103",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

141
CVE-2024/CVE-2024-106xx/CVE-2024-10654.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-10654",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T12:15:03.077",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://github.com/c0nyy/IoT_vuln/blob/main/TOTOLINK%20LR350%20Vuln.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282667",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282667",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.434801",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

1535
CVE-2024/CVE-2024-204xx/CVE-2024-20493.json
View File

File diff suppressed because it is too large Load Diff

4
CVE-2024/CVE-2024-215xx/CVE-2024-21510.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21510",
"sourceIdentifier": "report@snyk.io",
"published": "2024-11-01T05:15:05.640",
"lastModified": "2024-11-01T05:15:05.640",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-215xx/CVE-2024-21537.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21537",
"sourceIdentifier": "report@snyk.io",
"published": "2024-10-31T05:15:04.733",
"lastModified": "2024-10-31T05:15:04.733",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function."
},
{
"lang": "es",
"value": "Las versiones del paquete lilconfig de la versi\u00f3n 3.1.0 y anteriores a la 3.1.1 son vulnerables a la ejecuci\u00f3n de c\u00f3digo arbitrario debido al uso inseguro de eval en la funci\u00f3n dynamicImport. Un atacante puede aprovechar esta vulnerabilidad al pasar una entrada maliciosa a trav\u00e9s de la funci\u00f3n defaultLoaders."
}
],
"metrics": {

8
CVE-2024/CVE-2024-233xx/CVE-2024-23309.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23309",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:04.153",
"lastModified": "2024-10-30T14:15:04.153",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token."
},
{
"lang": "es",
"value": "El enrutador LevelOne WBR-6012 con firmware R0.40e6 tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en su aplicaci\u00f3n web debido a que depende de las direcciones IP del cliente para la autenticaci\u00f3n. Los atacantes podr\u00edan falsificar una direcci\u00f3n IP para obtener acceso no autorizado sin necesidad de un token de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-247xx/CVE-2024-24777.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-24777",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:04.457",
"lastModified": "2024-10-30T14:15:04.457",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site request forgery (CSRF) en la funcionalidad de aplicaci\u00f3n web de LevelOne WBR-6012 R0.40e6. Una solicitud HTTP especialmente manipulada puede provocar un acceso no autorizado. Un atacante puede preparar una p\u00e1gina web maliciosa para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-255xx/CVE-2024-25566.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25566",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-10-29T16:15:04.947",
"lastModified": "2024-10-29T16:15:04.947",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:35.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de redireccionamiento abierto en PingAM, en la que las solicitudes bien manipuladas pueden provocar una validaci\u00f3n incorrecta de las URL de redireccionamiento. Esto podr\u00eda permitir que un atacante redirija a los usuarios finales a sitios maliciosos bajo su control, lo que simplifica los ataques de phishing."
}
],
"metrics": {

8
CVE-2024/CVE-2024-280xx/CVE-2024-28052.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-28052",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:04.720",
"lastModified": "2024-10-30T14:15:04.720",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities."
},
{
"lang": "es",
"value": "El WBR-6012 es un enrutador inal\u00e1mbrico para peque\u00f1as oficinas. Es un dispositivo de bajo costo que funciona como una puerta de enlace a Internet para hogares y peque\u00f1as oficinas y que tiene como objetivo ser f\u00e1cil de configurar y operar. Adem\u00e1s de proporcionar un punto de acceso WiFi, el dispositivo funciona como un enrutador cableado de 4 puertos e implementa una variedad de capacidades comunes de los enrutadores para peque\u00f1as oficinas, como reenv\u00edo de puertos, calidad de servicio, administraci\u00f3n basada en web, un servidor DHCP, una DMZ b\u00e1sica y capacidades UPnP."
}
],
"metrics": {

8
CVE-2024/CVE-2024-288xx/CVE-2024-28875.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-28875",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:04.990",
"lastModified": "2024-10-30T14:15:04.990",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910\r\n\r\n 80100910 40 6d 21 74 ds \"@m!t2K1\"\r\n 32 4b 31 00\r\n \r\nIt is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below:\r\n\r\n if ((SECOND_FROM_BOOT_TIME < 300) &&\r\n (is_equal = strcmp(password,\"@m!t2K1\")) {\r\n return 1;}\r\n \r\nWhere 1 is the return value to admin-level access (0 being fail and 3 being user)."
},
{
"lang": "es",
"value": "Una falla de seguridad que involucra credenciales codificadas de forma r\u00edgida en los servicios web de LevelOne WBR-6012 permite a los atacantes obtener acceso no autorizado durante los primeros 30 segundos posteriores al arranque. Otras vulnerabilidades pueden forzar un reinicio, eludiendo la restricci\u00f3n de tiempo inicial para la explotaci\u00f3n. La cadena de puerta trasera se puede encontrar en la direcci\u00f3n 0x80100910 80100910 40 6d 21 74 ds \"@m!t2K1\" 32 4b 31 00 La funci\u00f3n ubicada en 0x800b78b0 hace referencia a ella y se utiliza como se muestra en el pseudoc\u00f3digo a continuaci\u00f3n: if ((SECOND_FROM_BOOT_TIME &lt; 300) &amp;&amp; (is_equal = strcmp(password,\"@m!t2K1\")) { return 1;} Donde 1 es el valor de retorno al acceso de nivel de administrador (0 es error y 3 es usuario)."
}
],
"metrics": {

4
CVE-2024/CVE-2024-301xx/CVE-2024-30149.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30149",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-10-31T09:15:02.993",
"lastModified": "2024-10-31T09:15:02.993",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-311xx/CVE-2024-31151.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31151",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:05.507",
"lastModified": "2024-10-30T14:15:05.507",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be found at addresses 0x 803cdd0f and 0x803da3e6:\r\n\r\n 803cdd0f 41 72 69 65 ds \"AriesSerenaCairryNativitaMegan\"\r\n 73 53 65 72 \r\n 65 6e 61 43\r\n ...\r\n\r\nIt is referenced by the function at 0x800b78b0 and simplified in the pseudocode below:\r\n\r\n if (is_equal = strcmp(password,\"AriesSerenaCairryNativitaMegan\"){\r\n ret = 3;}\r\n\r\nWhere 3 is the return value to user-level access (0 being fail and 1 being admin/backdoor).\r\n\r\nWhile there's no legitimate functionality to change this password, once authenticated it is possible manually make a change by taking advantage of TALOS-2024-XXXXX using HTTP POST paramater \"Pu\" (new user password) in place of \"Pa\" (new admin password)."
},
{
"lang": "es",
"value": "Una falla de seguridad que involucra credenciales codificadas en los servicios web de LevelOne WBR-6012 permite a los atacantes obtener acceso no autorizado durante los primeros 30 segundos posteriores al arranque. Otras vulnerabilidades pueden forzar un reinicio, eludiendo la restricci\u00f3n de tiempo inicial para la explotaci\u00f3n. La cadena de contrase\u00f1a se puede encontrar en las direcciones 0x 803cdd0f y 0x803da3e6: 803cdd0f 41 72 69 65 ds \"AriesSerenaCairryNativitaMegan\" 73 53 65 72 65 6e 61 43 ... La funci\u00f3n hace referencia a ella en 0x800b78b0 y se simplifica en el pseudoc\u00f3digo siguiente: if (is_equal = strcmp(password,\"AriesSerenaCairryNativitaMegan\"){ ret = 3;} Donde 3 es el valor de retorno para el acceso a nivel de usuario (0 es error y 1 es administrador/puerta trasera). Si bien no hay una funcionalidad leg\u00edtima para cambiar esta contrase\u00f1a, una vez autenticado es posible realizar un cambio manualmente aprovechando TALOS-2024-XXXXX mediante HTTP POST par\u00e1metro \"Pu\" (nueva contrase\u00f1a de usuario) en lugar de \"Pa\" (nueva contrase\u00f1a de administrador)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31152.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31152",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:05.773",
"lastModified": "2024-10-30T14:15:05.773",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions."
},
{
"lang": "es",
"value": "El enrutador LevelOne WBR-6012 con firmware R0.40e6 es vulnerable a una asignaci\u00f3n incorrecta de recursos dentro de su aplicaci\u00f3n web, donde una serie de solicitudes HTTP manipulada pueden provocar un reinicio. Esto podr\u00eda provocar interrupciones del servicio de red."
}
],
"metrics": {

4
CVE-2024/CVE-2024-319xx/CVE-2024-31972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31972",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:06.760",
"lastModified": "2024-10-31T16:35:13.347",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-319xx/CVE-2024-31973.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31973",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:06.893",
"lastModified": "2024-10-31T16:35:14.150",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-319xx/CVE-2024-31975.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31975",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:06.967",
"lastModified": "2024-10-31T16:35:14.937",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-329xx/CVE-2024-32946.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32946",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:06.033",
"lastModified": "2024-10-30T14:15:06.033",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la versi\u00f3n de firmware R0.40e6 del enrutador LevelOne WBR-6012 permite transmitir informaci\u00f3n confidencial en texto plano a trav\u00e9s de servicios web y FTP, exponi\u00e9ndola a ataques de rastreo de red."
}
],
"metrics": {

8
CVE-2024/CVE-2024-336xx/CVE-2024-33603.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33603",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:06.330",
"lastModified": "2024-10-30T14:15:06.330",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication."
},
{
"lang": "es",
"value": "El enrutador LevelOne WBR-6012 tiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en su aplicaci\u00f3n web, que permite a los usuarios no autenticados acceder a una p\u00e1gina de registro del sistema con muchos detalles y obtener datos confidenciales, como direcciones de memoria y direcciones IP para los intentos de inicio de sesi\u00f3n. Esta falla podr\u00eda provocar el secuestro de sesiones debido a la dependencia del dispositivo de la direcci\u00f3n IP para la autenticaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-336xx/CVE-2024-33623.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33623",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:06.597",
"lastModified": "2024-10-30T14:15:06.597",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad de la aplicaci\u00f3n web de LevelOne WBR-6012 R0.40e6. Una solicitud HTTP especialmente manipulada puede provocar un reinicio. Un atacante puede enviar una solicitud HTTP para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-336xx/CVE-2024-33626.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33626",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:06.850",
"lastModified": "2024-10-30T14:15:06.850",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the device's WiFi network."
},
{
"lang": "es",
"value": "El enrutador LevelOne WBR-6012 contiene una vulnerabilidad en su aplicaci\u00f3n web que permite la divulgaci\u00f3n no autenticada de informaci\u00f3n confidencial, como el PIN de WPS de WiFi, a trav\u00e9s de una p\u00e1gina oculta a la que se puede acceder mediante una solicitud HTTP. La divulgaci\u00f3n de esta informaci\u00f3n podr\u00eda permitir a los atacantes conectarse a la red WiFi del dispositivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-336xx/CVE-2024-33699.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33699",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:07.100",
"lastModified": "2024-10-30T14:15:07.100",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web del enrutador LevelOne WBR-6012 tiene una vulnerabilidad en su versi\u00f3n de firmware R0.40e6, que permite a los atacantes cambiar la contrase\u00f1a de administrador y obtener mayores privilegios sin la contrase\u00f1a actual."
}
],
"metrics": {

8
CVE-2024/CVE-2024-337xx/CVE-2024-33700.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33700",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:07.460",
"lastModified": "2024-10-30T14:15:07.460",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption."
},
{
"lang": "es",
"value": "El firmware R0.40e6 del enrutador LevelOne WBR-6012 presenta una vulnerabilidad de validaci\u00f3n de entrada en su funcionalidad FTP, lo que permite a los atacantes provocar una denegaci\u00f3n de servicio mediante una serie de comandos FTP mal formados. Esto puede provocar reinicios del dispositivo e interrupciones del servicio."
}
],
"metrics": {

4
CVE-2024/CVE-2024-360xx/CVE-2024-36060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36060",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:07.037",
"lastModified": "2024-10-31T15:35:34.893",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-375xx/CVE-2024-37573.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37573",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:07.107",
"lastModified": "2024-10-31T15:35:35.677",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-393xx/CVE-2024-39332.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39332",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T19:15:12.897",
"lastModified": "2024-10-31T19:15:12.897",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39719",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T20:15:04.770",
"lastModified": "2024-10-31T20:15:04.770",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39720",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T20:15:04.877",
"lastModified": "2024-10-31T20:15:04.877",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39721",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T20:15:04.993",
"lastModified": "2024-10-31T20:15:04.993",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39722",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T20:15:05.080",
"lastModified": "2024-10-31T20:15:05.080",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-39xx/CVE-2024-3935.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3935",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-10-30T12:15:03.090",
"lastModified": "2024-10-31T10:15:04.187",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-420xx/CVE-2024-42041.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42041",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:07.223",
"lastModified": "2024-10-31T15:35:35.840",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-425xx/CVE-2024-42515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42515",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T19:15:12.983",
"lastModified": "2024-10-31T19:15:12.983",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-428xx/CVE-2024-42835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42835",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T14:15:05.610",
"lastModified": "2024-10-31T19:35:08.113",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-433xx/CVE-2024-43382.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43382",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T21:15:14.160",
"lastModified": "2024-10-31T15:35:36.610",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-433xx/CVE-2024-43383.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43383",
"sourceIdentifier": "security@apache.org",
"published": "2024-10-31T10:15:04.293",
"lastModified": "2024-10-31T10:15:04.293",
"vulnStatus": "Received",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More