admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-29T02:00:17.791047+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-29 02:03:15 +00:00
parent e808d0e7b8
commit d6e1618052
246 changed files with 2952 additions and 500 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
CVE-2021/CVE-2021-279xx/CVE-2021-27915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-27915",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-17T14:15:14.100",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-29T00:22:31.787",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "security@mautic.org",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@mautic.org",
"type": "Secondary",
@ -51,10 +81,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "4.4.12",
"matchCriteriaId": "71754804-5279-4236-8CE2-434BC23B4A30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99718D48-5C19-41C5-84E1-52E95F012830"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0B21EB9D-BFCD-4D58-BCA6-3AAE6B3B9041"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9C1C106B-1B3D-427D-8147-5527E610F569"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4E35B0F0-9BF1-45FA-8954-B8BFB7389C4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "213A9276-B9D1-4B4D-BBE9-FC42B6D63DE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F366E4D8-1515-4E5F-8551-4C8D9E00D0D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B4234B41-F219-45B7-83A1-8F0F652F2A8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA028F70-6020-47D6-BEC0-6FC0C7E18420"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422",
"source": "security@mautic.org"
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
]
}
]
}

2
CVE-2021/CVE-2021-389xx/CVE-2021-38963.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-25T01:15:26.607",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-24xx/CVE-2022-2439.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-24T03:15:02.040",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

68
CVE-2022/CVE-2022-390xx/CVE-2022-39068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-39068",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-09-18T02:15:09.690",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-29T00:41:50.500",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -51,10 +81,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:mf296r_firmware:mf296r_nordic1_b06:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4200F7-9018-4F67-B09D-AD07064FAA2F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:mf296r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E159E60A-7612-405E-B837-DECB98D049D2"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028984",
"source": "psirt@zte.com.cn"
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
]
}
]
}

2
CVE-2022/CVE-2022-438xx/CVE-2022-43845.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-25T01:15:32.757",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-490xx/CVE-2022-49037.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:03.770",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-490xx/CVE-2022-49038.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:04.940",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-490xx/CVE-2022-49039.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:05.187",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-490xx/CVE-2022-49040.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:05.390",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-490xx/CVE-2022-49041.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:05.620",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-251xx/CVE-2023-25189.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-25T16:15:06.827",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-356xx/CVE-2023-35674.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.193",
"lastModified": "2024-09-26T15:35:17.000",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2023-09-13",
"cisaActionDue": "2023-10-04",

4
CVE-2023/CVE-2023-461xx/CVE-2023-46175.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user."
},
{
"lang": "es",
"value": "IBM Cloud Pak for Multicloud Management 2.3 a 2.3 FP8 almacena las credenciales de usuario en un archivo de registro de texto simple que puede ser le\u00eddo por un usuario privilegiado."
}
],
"metrics": {

2
CVE-2023/CVE-2023-529xx/CVE-2023-52946.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:05.863",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-529xx/CVE-2023-52947.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:06.110",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-529xx/CVE-2023-52948.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:06.327",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-529xx/CVE-2023-52949.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:06.550",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-529xx/CVE-2023-52950.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@synology.com",
"published": "2024-09-26T04:15:06.780",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-53xx/CVE-2023-5359.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-25T01:15:39.730",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-01xx/CVE-2024-0132.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-09-26T06:15:02.397",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-01xx/CVE-2024-0133.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-09-26T06:15:04.053",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-228xx/CVE-2024-22892.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-25T15:15:13.430",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-239xx/CVE-2024-23922.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-23T15:15:13.010",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-239xx/CVE-2024-23972.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@asrg.io",
"published": "2024-09-23T15:15:13.703",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-23xx/CVE-2024-2300.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-06-12T15:15:51.097",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-289xx/CVE-2024-28973.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-26T03:15:09.640",
"lastModified": "2024-06-26T12:44:29.693",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-291xx/CVE-2024-29173.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-26T03:15:09.877",
"lastModified": "2024-06-26T12:44:29.693",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-301xx/CVE-2024-30134.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application."
},
{
"lang": "es",
"value": "El ejecutable de HCL Traveler para Microsoft Outlook (HTMO.exe) est\u00e1 marcado como software potencialmente malicioso o una aplicaci\u00f3n no reconocida."
}
],
"metrics": {

2
CVE-2024/CVE-2024-304xx/CVE-2024-30472.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-06-13T12:15:10.410",
"lastModified": "2024-06-13T18:35:19.777",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-318xx/CVE-2024-31872.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316."
},
{
"lang": "es",
"value": "IBM Security Verify Access Appliance 10.0.0 a 10.0.7 podr\u00eda permitir que un actor malintencionado lleve a cabo un ataque de intermediario al implementar scripts de c\u00f3digo abierto debido a la falta de validaci\u00f3n de certificados. ID de IBM X-Force: 287316."
}
],
"metrics": {

4
CVE-2024/CVE-2024-318xx/CVE-2024-31899.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device."
},
{
"lang": "es",
"value": "IBM Cognos Command Center 10.2.4.1 y 10.2.5 podr\u00edan revelar informaci\u00f3n de usuario altamente confidencial a un usuario autenticado con acceso f\u00edsico al dispositivo."
}
],
"metrics": {

2
CVE-2024/CVE-2024-31xx/CVE-2024-3150.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.350",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-31xx/CVE-2024-3166.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.817",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

77
CVE-2024/CVE-2024-320xx/CVE-2024-32034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32034",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-16T19:16:10.300",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-29T00:14:35.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,26 +71,69 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "0.27.7",
"matchCriteriaId": "6C6546E7-9340-4C15-BEF9-9075508E1C35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:0.28.0:-:*:*:*:ruby:*:*",
"matchCriteriaId": "637B8863-0862-4FB4-9871-EDCF21054F34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:0.28.1:*:*:*:*:ruby:*:*",
"matchCriteriaId": "45B74421-A9CA-4C0F-86ED-A6AAB5FCF7F7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

2
CVE-2024/CVE-2024-33xx/CVE-2024-3322.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.247",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-341xx/CVE-2024-34112.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-06-13T12:15:10.870",
"lastModified": "2024-06-13T18:35:19.777",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-34xx/CVE-2024-3408.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.890",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-34xx/CVE-2024-3467.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-06-12T21:15:50.617",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-34xx/CVE-2024-3468.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-06-12T21:15:50.747",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-371xx/CVE-2024-37125.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service."
},
{
"lang": "es",
"value": "El software Dell SmartFabric OS10, versiones 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contiene una vulnerabilidad de consumo de recursos no controlado. Un host remoto no autenticado podr\u00eda explotar esta vulnerabilidad y provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {

2
CVE-2024/CVE-2024-373xx/CVE-2024-37300.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-12T16:15:12.097",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-373xx/CVE-2024-37304.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-12T15:15:52.910",
"lastModified": "2024-06-13T18:36:09.010",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

68
CVE-2024/CVE-2024-379xx/CVE-2024-37985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37985",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-17T23:15:14.913",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-29T00:26:19.423",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3880",
"matchCriteriaId": "C0C74784-089C-4F6D-8488-C2D78F1334D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3880",
"matchCriteriaId": "7430F434-C018-49EA-8E58-B326918F04C6"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37985",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

2
CVE-2024/CVE-2024-382xx/CVE-2024-38267.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-09-24T02:15:02.750",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-382xx/CVE-2024-38268.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-09-24T02:15:02.987",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-382xx/CVE-2024-38269.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-09-24T02:15:03.230",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-383xx/CVE-2024-38324.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-25T01:15:40.493",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-388xx/CVE-2024-38861.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a."
},
{
"lang": "es",
"value": "Validaci\u00f3n incorrecta de certificados en el complemento Checkmk Exchange MikroTik permite a los atacantes en posici\u00f3n MitM interceptar el tr\u00e1fico. Este problema afecta a MikroTik: desde la versi\u00f3n 2.0.0 hasta la 2.5.5, desde la versi\u00f3n 0.4a_mk hasta la 2.0a."
}
],
"metrics": {

2
CVE-2024/CVE-2024-392xx/CVE-2024-39278.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-05T23:15:12.233",
"lastModified": "2024-09-06T12:08:04.550",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-393xx/CVE-2024-39319.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue."
},
{
"lang": "es",
"value": "aimeos/ai-controller-frontend es el paquete de controlador de interfaz de Aimeos para proyectos de comercio electr\u00f3nico. En versiones anteriores a las 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8 y 2020.10.15, una referencia directa a un objeto no segura permit\u00eda a un atacante deshabilitar las suscripciones y rese\u00f1as de otro cliente. Las versiones 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8 y 2020.10.15 solucionan este problema."
}
],
"metrics": {

4
CVE-2024/CVE-2024-394xx/CVE-2024-39431.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed."
},
{
"lang": "es",
"value": "En el controlador RLC de UMTS, existe la posibilidad de una escritura fuera de los l\u00edmites debido a la falta de una comprobaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una denegaci\u00f3n de servicio remota con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {

4
CVE-2024/CVE-2024-394xx/CVE-2024-39432.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed."
},
{
"lang": "es",
"value": "En el controlador RLC de UMTS, existe una posible lectura fuera de los l\u00edmites debido a la falta de una verificaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {

4
CVE-2024/CVE-2024-394xx/CVE-2024-39433.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In drm service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
},
{
"lang": "es",
"value": "En el servicio DRM, existe la posibilidad de una escritura fuera de los l\u00edmites debido a la falta de una verificaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una denegaci\u00f3n local del servicio con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {

4
CVE-2024/CVE-2024-394xx/CVE-2024-39434.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In drm service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
},
{
"lang": "es",
"value": "En el servicio DRM, es posible que se produzca una lectura fuera de los l\u00edmites debido a la falta de una comprobaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una denegaci\u00f3n local del servicio, con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {

4
CVE-2024/CVE-2024-394xx/CVE-2024-39435.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In Logmanager service, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed."
},
{
"lang": "es",
"value": "En el servicio Logmanager, es posible que falte una verificaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales."
}
],
"metrics": {

4
CVE-2024/CVE-2024-395xx/CVE-2024-39577.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution."
},
{
"lang": "es",
"value": "El software Dell SmartFabric OS10, versiones 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contiene una vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando ('inyecci\u00f3n de comando'). Un atacante con pocos privilegios y acceso remoto podr\u00eda explotar esta vulnerabilidad y provocar la ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {

52
CVE-2024/CVE-2024-399xx/CVE-2024-39910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39910",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-16T19:16:10.540",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-29T00:33:03.740",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "0.27.7",
"matchCriteriaId": "6C6546E7-9340-4C15-BEF9-9075508E1C35"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/decidim/decidim/commit/47adca81cabea898005ec07b130b008f2a2be99f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/decidim/decidim/security/advisories/GHSA-vvqw-fqwx-mqmm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

2
CVE-2024/CVE-2024-39xx/CVE-2024-3930.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@puppet.com",
"published": "2024-07-30T19:15:10.573",
"lastModified": "2024-07-31T12:57:02.300",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-406xx/CVE-2024-40681.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-07T15:15:10.167",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-40xx/CVE-2024-4099.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones a partir de la 16.0 anterior a la 17.2.8, de la 17.3 anterior a la 17.3.4 y de la 17.4 anterior a la 17.4.1. Se descubri\u00f3 que una funci\u00f3n de IA le\u00eda contenido no desinfectado de una manera que podr\u00eda haber permitido a un atacante ocultar la inyecci\u00f3n de mensajes."
}
],
"metrics": {

2
CVE-2024/CVE-2024-411xx/CVE-2024-41121.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-19T20:15:08.180",
"lastModified": "2024-07-22T13:00:53.287",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-411xx/CVE-2024-41122.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-19T20:15:08.430",
"lastModified": "2024-07-22T13:00:53.287",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-414xx/CVE-2024-41445.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-25T17:15:18.740",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41715.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The goTenna Pro ATAK Plugin has a payload length vulnerability that \nmakes it possible to tell the length of the payload regardless of the \nencryption used."
},
{
"lang": "es",
"value": "El complemento ATAK de goTenna Pro tiene una vulnerabilidad de longitud de payload que permite saber la longitud de el payload independientemente del cifrado utilizado."
}
],
"metrics": {

4
CVE-2024/CVE-2024-417xx/CVE-2024-41722.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the goTenna Pro ATAK Plugin there is a vulnerability that makes it \npossible to inject any custom message with any GID and Callsign using a \nsoftware defined radio in existing gotenna mesh networks. This \nvulnerability can be exploited if the device is being used in a \nunencrypted environment or if the cryptography has already been \ncompromised."
},
{
"lang": "es",
"value": "En el complemento ATAK de goTenna Pro existe una vulnerabilidad que permite inyectar cualquier mensaje personalizado con cualquier GID y Callsign utilizando una radio definida por software en redes en malla de GoTenna existentes. Esta vulnerabilidad se puede explotar si el dispositivo se utiliza en un entorno no cifrado o si la criptograf\u00eda ya se ha visto comprometida."
}
],
"metrics": {

2
CVE-2024/CVE-2024-417xx/CVE-2024-41725.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-25T01:15:41.833",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41930.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Scripting en MF Teacher Performance Management System version 6. Si se explota esta vulnerabilidad, se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario que accedi\u00f3 al sitio web utilizando el producto."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-419xx/CVE-2024-41931.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The goTenna Pro ATAK Plugin broadcast key name is always sent unencrypted and could reveal the location of operation."
},
{
"lang": "es",
"value": "El nombre de la clave de transmisi\u00f3n del complemento goTenna Pro ATAK siempre se env\u00eda sin cifrar y podr\u00eda revelar la ubicaci\u00f3n de la operaci\u00f3n."
}
],
"metrics": {

2
CVE-2024/CVE-2024-422xx/CVE-2024-42272.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.370",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-422xx/CVE-2024-42278.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:08.813",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-422xx/CVE-2024-42297.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:10.147",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-423xx/CVE-2024-42320.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T09:15:11.833",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-424xx/CVE-2024-42406.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-09-26T08:15:05.810",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-424xx/CVE-2024-42473.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-12T13:38:35.680",
"lastModified": "2024-08-12T13:41:36.517",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-424xx/CVE-2024-42487.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-15T21:15:16.997",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-424xx/CVE-2024-42495.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-05T23:15:12.520",
"lastModified": "2024-09-06T12:08:04.550",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-428xx/CVE-2024-42861.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-23T21:15:12.870",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

74
CVE-2024/CVE-2024-430xx/CVE-2024-43024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43024",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T20:15:03.270",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-29T00:27:47.003",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,81 @@
"value": "Varias vulnerabilidades de cross-site scripting (XSS) almacenado en RWS MultiTrans v7.0.23324.2 y versiones anteriores permiten a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload especialmente manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rws:multitrans:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.0.23324.2",
"matchCriteriaId": "1386A44E-EF45-4423-B305-3A89ABA23AAF"
}
]
}
]
}
],
"references": [
{
"url": "https://community.rws.com/product-groups/translation_management/multitrans/w/releases/5112/multitrans-7-releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-43024",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/tomdantuma/CVE/tree/main/2024-43024",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

2
CVE-2024/CVE-2024-430xx/CVE-2024-43025.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T20:15:03.343",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-431xx/CVE-2024-43108.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted \nmessages without any additional integrity checking mechanisms. This \nleaves messages malleable to any attacker that can access the message."
},
{
"lang": "es",
"value": "El complemento ATAK de goTenna Pro utiliza el modo AES CTR para mensajes breves y cifrados sin ning\u00fan mecanismo de comprobaci\u00f3n de integridad adicional. Esto permite que los mensajes sean manipulables para cualquier atacante que pueda acceder a ellos."
}
],
"metrics": {

111
CVE-2024/CVE-2024-431xx/CVE-2024-43188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43188",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-18T12:15:02.867",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-29T00:24:49.103",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,7 +18,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -36,13 +36,43 @@
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"versionStartIncluding": "18.0.0.1",
"versionEndIncluding": "18.0.0.3",
"matchCriteriaId": "F74D99AD-0570-49B3-9B0D-6F28FA9564B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"versionStartIncluding": "19.0.0.1",
"versionEndIncluding": "19.0.0.3",
"matchCriteriaId": "DB90C98C-7A38-4B9B-878C-028DD872D19C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"versionStartIncluding": "21.0.1",
"versionEndIncluding": "21.0.3.1",
"matchCriteriaId": "47064639-B3A7-4F99-8823-40D2C9FE3C1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DFB13BEC-206E-41B3-A4F3-9281EBB0E213"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "F7C0BC37-0F42-463F-B2E4-F2B3D3958314"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "7E9F20F6-4D3B-4AD6-9F6B-E145598FFEE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*",
"matchCriteriaId": "95CE7462-D6B6-41AE-BD90-E2D65E0318A3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7168769",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-431xx/CVE-2024-43191.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request."
},
{
"lang": "es",
"value": "IBM ManageIQ podr\u00eda permitir que un atacante autenticado remoto ejecute comandos arbitrarios en el sistema enviando una solicitud de archivo yaml especialmente manipulada."
}
],
"metrics": {

2
CVE-2024/CVE-2024-432xx/CVE-2024-43201.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-09-23T20:15:04.973",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-434xx/CVE-2024-43402.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-04T16:15:06.640",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-434xx/CVE-2024-43405.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-04T16:15:06.853",
"lastModified": "2024-09-05T12:53:21.110",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-434xx/CVE-2024-43423.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-25T01:15:42.893",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-436xx/CVE-2024-43692.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-25T01:15:43.110",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-436xx/CVE-2024-43693.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-25T01:15:43.370",
"lastModified": "2024-09-26T13:32:02.803",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-436xx/CVE-2024-43694.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the goTenna Pro ATAK Plugin application, the encryption keys are \nstored along with a static IV on the device. This allows for complete \ndecryption of keys stored on the device. This allows an attacker to \ndecrypt all encrypted broadcast communications based on broadcast keys \nstored on the device."
},
{
"lang": "es",
"value": "En la aplicaci\u00f3n del complemento ATAK de goTenna Pro, las claves de cifrado se almacenan junto con un IV est\u00e1tico en el dispositivo. Esto permite el descifrado completo de las claves almacenadas en el dispositivo. Esto permite que un atacante descifre todas las comunicaciones de transmisi\u00f3n cifradas en funci\u00f3n de las claves de transmisi\u00f3n almacenadas en el dispositivo."
}
],
"metrics": {

2
CVE-2024/CVE-2024-438xx/CVE-2024-43801.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-02T18:15:36.320",
"lastModified": "2024-09-03T12:59:02.453",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-438xx/CVE-2024-43814.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "goTenna Pro ATAK Plugin by default enables frequent unencrypted \nPosition, Location and Information (PLI) transmission. This transmission\n is done without user's knowledge, revealing the exact location \ntransmitted in unencrypted form."
},
{
"lang": "es",
"value": "El complemento ATAK de goTenna Pro permite de forma predeterminada la transmisi\u00f3n frecuente de informaci\u00f3n de posici\u00f3n, ubicaci\u00f3n e informaci\u00f3n (PLI) sin cifrar. Esta transmisi\u00f3n se realiza sin el conocimiento del usuario y revela la ubicaci\u00f3n exacta transmitida sin cifrar."
}
],
"metrics": {

2
CVE-2024/CVE-2024-438xx/CVE-2024-43825.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:08.533",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-438xx/CVE-2024-43827.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:08.653",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-438xx/CVE-2024-43829.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:08.787",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-438xx/CVE-2024-43842.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:09.647",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-438xx/CVE-2024-43850.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-17T10:15:10.157",
"lastModified": "2024-08-19T12:59:59.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-439xx/CVE-2024-43944.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-29T16:15:09.197",
"lastModified": "2024-08-30T13:00:05.390",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

65
CVE-2024/CVE-2024-441xx/CVE-2024-44162.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44162",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.060",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-29T00:16:28.033",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "Este problema se solucion\u00f3 habilitando el tiempo de ejecuci\u00f3n reforzado. Este problema se solucion\u00f3 en Xcode 16. Una aplicaci\u00f3n malintencionada puede obtener acceso a los elementos de Keychain de un usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0",
"matchCriteriaId": "6894DFF1-7930-4DF7-88CF-EB6C7E36336F"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121239",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-448xx/CVE-2024-44860.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el endpoint /Letter/PrintQr/ de Solvait v24.4.2 permite a los atacantes acceder a datos confidenciales a trav\u00e9s de una solicitud manipulada espec\u00edficamente para ello."
}
],
"metrics": {

4
CVE-2024/CVE-2024-450xx/CVE-2024-45042.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assume that the identity\u2019s highest available AAL is `aal1` even though it really is `aal2`. This means that the `highest_available` configuration will act as if the user has only one factor set up, for that particular user. This means that they can call the settings and whoami endpoint without a `aal2` session, even though that should be disallowed. An attacker would need to steal or guess a valid login OTP of a user who has only OTP for login enabled and who has an incorrect `available_aal` value stored, to exploit this vulnerability. All other aspects of the session (e.g. the session\u2019s aal) are not impacted by this issue. On the Ory Network, only 0.00066% of registered users were affected by this issue, and most of those users appeared to be test users. Their respective AAL values have since been updated and they are no longer vulnerable to this attack. Version 1.3.0 is not affected by this issue. As a workaround, those who require MFA should disable the passwordless code login method. If that is not possible, check the sessions `aal` to identify if the user has `aal1` or `aal2`."
},
{
"lang": "es",
"value": "Ory Kratos es un sistema de autenticaci\u00f3n, gesti\u00f3n de usuarios e identidad para servicios en la nube. Antes de la versi\u00f3n 1.3.0, dadas una serie de condiciones previas, la configuraci\u00f3n `highest_available` supon\u00eda incorrectamente que el AAL m\u00e1s alto disponible de la identidad era `aal1`, aunque en realidad era `aal2`. Esto significa que la configuraci\u00f3n `highest_available` actuar\u00eda como si el usuario tuviera solo un factor configurado para ese usuario en particular. Esto significa que pueden llamar a la configuraci\u00f3n y al endpoint whoami sin una sesi\u00f3n `aal2`, aunque eso deber\u00eda estar prohibido. Un atacante necesitar\u00eda robar o adivinar un OTP de inicio de sesi\u00f3n v\u00e1lido de un usuario que solo tiene habilitado el OTP para el inicio de sesi\u00f3n y que tiene un valor `available_aal` incorrecto almacenado, para explotar esta vulnerabilidad. Todos los dem\u00e1s aspectos de la sesi\u00f3n (por ejemplo, el aal de la sesi\u00f3n) no se ven afectados por este problema. En la red Ory, solo el 0,00066 % de los usuarios registrados se vieron afectados por este problema, y la mayor\u00eda de esos usuarios parec\u00edan ser usuarios de prueba. Desde entonces, se han actualizado sus respectivos valores AAL y ya no son vulnerables a este ataque. La versi\u00f3n 1.3.0 no se ve afectada por este problema. Como workaround, quienes requieran MFA deben deshabilitar el m\u00e9todo de inicio de sesi\u00f3n con c\u00f3digo sin contrase\u00f1a. Si eso no es posible, verifique las sesiones `aal` para identificar si el usuario tiene `aal1` o `aal2`."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More