admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-02T14:00:18.679243+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-02 14:03:15 +00:00
parent 5086ccddd2
commit e60122d702
132 changed files with 1063 additions and 447 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2023/CVE-2023-253xx/CVE-2023-25330.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25330",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-05T14:15:07.480",
"lastModified": "2024-06-04T19:17:24.197",
"lastModified": "2024-08-02T12:15:31.507",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-253xx/CVE-2023-25399.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25399",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-05T17:15:09.320",
"lastModified": "2024-07-03T01:39:35.733",
"lastModified": "2024-08-02T12:15:32.567",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-257xx/CVE-2023-25718.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25718",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-13T20:15:11.040",
"lastModified": "2024-06-04T19:17:24.500",
"lastModified": "2024-08-02T12:15:43.087",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-267xx/CVE-2023-26735.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26735",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T00:15:09.227",
"lastModified": "2024-05-17T02:21:16.287",
"lastModified": "2024-08-02T12:16:09.757",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-267xx/CVE-2023-26750.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26750",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T15:15:08.983",
"lastModified": "2024-05-17T02:21:16.387",
"lastModified": "2024-08-02T12:16:09.890",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-267xx/CVE-2023-26756.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26756",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-14T12:15:07.437",
"lastModified": "2024-07-05T20:15:02.193",
"lastModified": "2024-08-02T12:16:09.990",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-269xx/CVE-2023-26913.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26913",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-22T15:15:10.357",
"lastModified": "2024-07-18T20:15:03.727",
"lastModified": "2024-08-02T12:16:12.290",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-269xx/CVE-2023-26924.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26924",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-27T22:15:21.967",
"lastModified": "2024-05-17T02:21:19.767",
"lastModified": "2024-08-02T12:16:12.700",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-269xx/CVE-2023-26930.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26930",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T19:15:08.783",
"lastModified": "2024-05-17T02:21:19.923",
"lastModified": "2024-08-02T12:16:12.850",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-269xx/CVE-2023-26980.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26980",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-14T13:15:07.937",
"lastModified": "2024-06-11T15:15:53.983",
"lastModified": "2024-08-02T12:16:13.890",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-278xx/CVE-2023-27890.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27890",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-14T01:15:07.127",
"lastModified": "2024-06-04T19:17:26.020",
"lastModified": "2024-08-02T13:15:31.563",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-279xx/CVE-2023-27974.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27974",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-09T00:15:09.930",
"lastModified": "2024-06-10T17:16:11.603",
"lastModified": "2024-08-02T13:15:32.467",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-281xx/CVE-2023-28155.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28155",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-16T15:15:11.107",
"lastModified": "2024-05-17T02:21:50.407",
"lastModified": "2024-08-02T13:15:37.183",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2023/CVE-2023-285xx/CVE-2023-28500.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28500",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-06T21:15:07.797",
"lastModified": "2024-05-17T02:21:59.643",
"lastModified": "2024-08-02T13:15:50.133",
"vulnStatus": "Modified",
"cveTags": [
{

8
CVE-2023/CVE-2023-522xx/CVE-2023-52209.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52209",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:26.433",
"lastModified": "2024-08-01T21:15:26.433",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0."
},
{
"lang": "es",
"value": " Vulnerabilidad de gesti\u00f3n de privilegios inadecuada en WPForms, LLC. El registro de usuario de WPForms permite la escalada de privilegios. Este problema afecta al registro de usuario de WPForms: desde n/a hasta 2.1.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-63xx/CVE-2023-6393.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6393",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-06T17:15:07.377",
"lastModified": "2023-12-12T16:26:59.963",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-02T13:15:54.917",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -99,6 +99,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7700",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6393",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-63xx/CVE-2023-6394.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6394",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-09T02:15:06.747",
"lastModified": "2023-12-20T21:15:08.340",
"lastModified": "2024-08-02T13:15:55.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -119,6 +119,10 @@
"url": "https://access.redhat.com/errata/RHSA-2023:7612",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7700",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6394",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-65xx/CVE-2023-6546.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6546",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T20:15:08.260",
"lastModified": "2024-07-23T22:15:05.040",
"lastModified": "2024-08-02T13:15:56.237",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -269,6 +269,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:4731",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4970",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6546",
"source": "secalert@redhat.com",

6
CVE-2024/CVE-2024-08xx/CVE-2024-0874.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0874",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-04-25T17:15:47.083",
"lastModified": "2024-06-27T17:15:09.993",
"lastModified": "2024-08-02T13:16:02.740",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -56,6 +56,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0041",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4850",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0874",
"source": "secalert@redhat.com"

8
CVE-2024/CVE-2024-222xx/CVE-2024-22278.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-22278",
"sourceIdentifier": "security@vmware.com",
"published": "2024-08-02T01:15:23.077",
"lastModified": "2024-08-02T01:15:23.077",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations."
},
{
"lang": "es",
"value": " La validaci\u00f3n de permisos de usuario incorrecta en Harbor "
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23600.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23600",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-08-01T17:16:09.253",
"lastModified": "2024-08-01T17:16:09.253",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation of query search results for private field data in PingIDM OPENIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta de resultados de b\u00fasqueda de consultas para datos de campos privados en PingIDM OPENIDM (m\u00f3dulo de filtro de consultas) permite un enfoque de fuerza bruta potencialmente eficiente que conduce a la divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {

51
CVE-2024/CVE-2024-259xx/CVE-2024-25947.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25947",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-01T07:15:02.140",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-02T13:55:39.323",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.1.0",
"matchCriteriaId": "57BB4F3F-A3C0-4808-8DE2-B3D5C121367E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-259xx/CVE-2024-25948.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25948",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-01T08:15:02.203",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-02T13:55:42.040",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.1.0",
"matchCriteriaId": "57BB4F3F-A3C0-4808-8DE2-B3D5C121367E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-271xx/CVE-2024-27181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27181",
"sourceIdentifier": "security@apache.org",
"published": "2024-08-02T10:15:59.990",
"lastModified": "2024-08-02T10:15:59.990",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-271xx/CVE-2024-27182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27182",
"sourceIdentifier": "security@apache.org",
"published": "2024-08-02T10:16:00.250",
"lastModified": "2024-08-02T10:16:00.250",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-327xx/CVE-2024-32758.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32758",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-08-01T22:15:24.640",
"lastModified": "2024-08-01T22:15:24.640",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange"
},
{
"lang": "es",
"value": " En determinadas circunstancias, la comunicaci\u00f3n entre el Cliente exacqVision y el Servidor exacqVision utilizar\u00e1 una longitud de clave e intercambio insuficientes."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32862.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32862",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-08-01T22:15:24.783",
"lastModified": "2024-08-01T22:15:24.783",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains."
},
{
"lang": "es",
"value": " En determinadas circunstancias, los servicios web de ExacqVision no proporcionan suficiente protecci\u00f3n contra dominios que no son de confianza."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32863.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32863",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-08-01T21:15:26.920",
"lastModified": "2024-08-01T21:15:26.920",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)"
},
{
"lang": "es",
"value": " En determinadas circunstancias, los servicios web de exacqVision pueden ser susceptibles a Cross-Site Request Forgery (CSRF)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32864.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32864",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-08-01T21:15:27.150",
"lastModified": "2024-08-01T21:15:27.150",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)"
},
{
"lang": "es",
"value": " En determinadas circunstancias, los servicios web de exacqVision no aplicar\u00e1n comunicaciones web seguras (HTTPS)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-328xx/CVE-2024-32865.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32865",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-08-01T22:15:24.987",
"lastModified": "2024-08-01T22:15:24.987",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices."
},
{
"lang": "es",
"value": "En determinadas circunstancias, el servidor exacqVision no validar\u00e1 correctamente los certificados TLS proporcionados por los dispositivos conectados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-329xx/CVE-2024-32931.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32931",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-08-01T22:15:25.190",
"lastModified": "2024-08-01T22:15:25.190",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances the exacqVision Web Service can expose authentication token details within communications."
},
{
"lang": "es",
"value": " En determinadas circunstancias, el servicio web exacqVision puede exponer detalles del token de autenticaci\u00f3n dentro de las comunicaciones."
}
],
"metrics": {

8
CVE-2024/CVE-2024-32xx/CVE-2024-3238.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3238",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-02T07:16:09.667",
"lastModified": "2024-08-02T07:16:09.667",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Menu Plugin \u2014 Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajax_handle_delete_icons() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please not the CSRF was patched in 5.0.28, however, adequate directory traversal protection wasn't introduced until 5.0.30."
},
{
"lang": "es",
"value": " El complemento Menu Plugin \u2014 Superfly Responsive Menu para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 5.0.29 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n ajax_handle_delete_icons(). Esto hace posible que atacantes no autenticados eliminen archivos arbitrarios mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace. Por favor, no, el CSRF fue parcheado en 5.0.28; sin embargo, la protecci\u00f3n adecuada contra el cruce de directorios no se introdujo hasta 5.0.30."
}
],
"metrics": {

4
CVE-2024/CVE-2024-362xx/CVE-2024-36268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36268",
"sourceIdentifier": "security@apache.org",
"published": "2024-08-02T10:16:00.367",
"lastModified": "2024-08-02T10:16:00.367",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

51
CVE-2024/CVE-2024-384xx/CVE-2024-38481.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38481",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-01T08:15:02.767",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-02T13:54:44.360",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.1.0",
"matchCriteriaId": "57BB4F3F-A3C0-4808-8DE2-B3D5C121367E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-384xx/CVE-2024-38482.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38482",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-02T04:17:27.750",
"lastModified": "2024-08-02T04:17:27.750",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database."
},
{
"lang": "es",
"value": " CloudLink, versiones 7.1.x y 8.x, contienen una vulnerabilidad de verificaci\u00f3n o manejo incorrecto de las condiciones excepcionales en el componente del cl\u00faster. Un usuario malintencionado con privilegios elevados y acceso remoto podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a ejecutar acciones no autorizadas y recuperar informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

51
CVE-2024/CVE-2024-384xx/CVE-2024-38489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38489",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-01T08:15:02.980",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-02T13:54:55.697",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.1.0",
"matchCriteriaId": "57BB4F3F-A3C0-4808-8DE2-B3D5C121367E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-384xx/CVE-2024-38490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38490",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-01T08:15:03.187",
"lastModified": "2024-08-01T12:42:36.933",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-02T13:54:51.277",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.1.0",
"matchCriteriaId": "57BB4F3F-A3C0-4808-8DE2-B3D5C121367E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-387xx/CVE-2024-38746.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38746",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:27.400",
"lastModified": "2024-08-01T21:15:27.400",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MakeStories Team MakeStories (for Google Web Stories) allows Path Traversal, Server Side Request Forgery.This issue affects MakeStories (for Google Web Stories): from n/a through 3.0.3."
},
{
"lang": "es",
"value": " Vulnerabilidad de limitaci\u00f3n inadecuada de nombre de ruta a un directorio restringido (\"Path Traversal\") en MakeStories Team MakeStories (para Google Web Stories) permite Path Traversal y Server-Side Request Forgery. Este problema afecta a MakeStories (para Google Web Stories): de n/a hasta 3.0.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-387xx/CVE-2024-38761.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38761",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:25.397",
"lastModified": "2024-08-01T22:15:25.397",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99."
},
{
"lang": "es",
"value": " Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Dylan James Zephyr Project Manager. Este problema afecta a Zephyr Project Manager: desde n/a hasta 3.3.99."
}
],
"metrics": {

8
CVE-2024/CVE-2024-387xx/CVE-2024-38768.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38768",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:27.637",
"lastModified": "2024-08-01T21:15:27.637",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion, Path Traversal.This issue affects The Pack Elementor addons: from n/a through 2.0.8.6."
},
{
"lang": "es",
"value": "Vulnerabilidad de limitaci\u00f3n incorrecta de un nombre de ruta a un directorio restringido (\"Path Traversal\") en los complementos de Webangon The Pack Elementor permite la inclusi\u00f3n de archivos locales PHP, Path Traversal. Este problema afecta a los complementos de The Pack Elementor: desde n/a hasta 2.0.8.6."
}
],
"metrics": {

8
CVE-2024/CVE-2024-387xx/CVE-2024-38770.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38770",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:27.880",
"lastModified": "2024-08-01T21:15:27.880",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20."
},
{
"lang": "es",
"value": " La vulnerabilidad de gesti\u00f3n de privilegios inadecuada en Revmakx Backup and Staging de WP Time Capsule permite la escalada de privilegios y la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a Backup and Staging de WP Time Capsule: desde n/a hasta 1.22.20."
}
],
"metrics": {

8
CVE-2024/CVE-2024-387xx/CVE-2024-38772.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38772",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:28.120",
"lastModified": "2024-08-01T21:15:28.120",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7."
},
{
"lang": "es",
"value": " La vulnerabilidad de limitaci\u00f3n incorrecta de un nombre de ruta a un directorio restringido (\"Path Traversal\") en Crocoblock JetWidgets para Elementor y WooCommerce permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a JetWidgets para Elementor y WooCommerce: desde n/a hasta 1.1.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-387xx/CVE-2024-38775.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38775",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:28.357",
"lastModified": "2024-08-01T21:15:28.357",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in WebAppick CTX Feed allows Privilege Escalation.This issue affects CTX Feed: from n/a through 6.5.6."
},
{
"lang": "es",
"value": " Una vulnerabilidad de gesti\u00f3n de privilegios inadecuada en WebAppick CTX Feed permite la escalada de privilegios. Este problema afecta a CTX Feed: desde n/a hasta 6.5.6."
}
],
"metrics": {

4
CVE-2024/CVE-2024-387xx/CVE-2024-38776.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38776",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-02T08:15:42.420",
"lastModified": "2024-08-02T08:15:42.420",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-387xx/CVE-2024-38791.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38791",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:28.580",
"lastModified": "2024-08-01T21:15:28.580",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7."
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Jordy Meow AI Engine: ChatGPT Chatbot permite la Server-Side Request Forgery. Este problema afecta a AI Engine: ChatGPT Chatbot: desde n/a hasta 2.4.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-388xx/CVE-2024-38876.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38876",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-02T11:16:41.643",
"lastModified": "2024-08-02T11:16:41.643",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions >= R9.2), Omnivise T3000 Domain Controller (All versions >= R9.2), Omnivise T3000 Product Data Management (PDM) (All versions >= R9.2), Omnivise\u00a0T3000 Terminal Server (All versions >= R9.2), Omnivise T3000 Thin Client (All versions >= R9.2), Omnivise T3000 Whitelisting Server (All versions >= R9.2). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Omnivise T3000 Application Server (Todas las versiones &gt;= R9.2), Omnivise T3000 Domain Controller (Todas las versiones &gt;= R9.2), Omnivise T3000 Product Data Management (PDM) (Todas las versiones &gt;= R9.2 ), Omnivise T3000 Terminal Server (todas las versiones &gt;= R9.2), Omnivise T3000 Thin Client (todas las versiones &gt;= R9.2), Omnivise T3000 Whitelisting Server (todas las versiones &gt;= R9.2). La aplicaci\u00f3n afectada ejecuta peri\u00f3dicamente c\u00f3digo modificable por el usuario como usuario privilegiado. Esto podr\u00eda permitir que un atacante autenticado local ejecute c\u00f3digo arbitrario con privilegios elevados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-388xx/CVE-2024-38877.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38877",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-02T11:16:41.957",
"lastModified": "2024-08-02T11:16:41.957",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions), Omnivise T3000 Domain Controller (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) (All versions), Omnivise T3000 Product Data Management (PDM) (All versions), Omnivise T3000 Security Server (All versions), Omnivise\u00a0T3000 Terminal Server (All versions), Omnivise T3000 Thin Client (All versions), Omnivise T3000 Whitelisting Server (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Omnivise T3000 Application Server (Todas las versiones), Omnivise T3000 Domain Controller (Todas las versiones), Omnivise T3000 Network Intrusion Detection System (NIDS) (Todas las versiones), Omnivise T3000 Product Data Management (PDM) (Todas las versiones), Omnivise T3000 Security Server (Todas las versiones), Omnivise T3000 Terminal Server (Todas las versiones), Omnivise T3000 Thin Client (Todas las versiones), Omnivise T3000 Whitelisting Server (Todas las versiones). Los dispositivos afectados almacenan las credenciales iniciales del sistema sin la protecci\u00f3n suficiente. Un atacante con acceso remoto al shell o acceso f\u00edsico podr\u00eda recuperar las credenciales, lo que provocar\u00eda una p\u00e9rdida de confidencialidad, lo que permitir\u00eda al atacante moverse lateralmente dentro de la red afectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-388xx/CVE-2024-38878.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38878",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-02T11:16:42.260",
"lastModified": "2024-08-02T11:16:42.260",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system."
},
{
"lang": "es",
"value": " Se ha identificado una vulnerabilidad en Omnivise T3000 Application Server (todas las versiones). Los dispositivos afectados permiten a los usuarios autenticados exportar datos de diagn\u00f3stico. El endpoint API correspondiente es susceptible a path traversal y podr\u00eda permitir que un atacante autenticado descargue archivos arbitrarios del sistema de archivos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-388xx/CVE-2024-38879.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38879",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-02T11:16:42.510",
"lastModified": "2024-08-02T11:16:42.510",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application."
},
{
"lang": "es",
"value": " Se ha identificado una vulnerabilidad en Omnivise T3000 Application Server (todas las versiones). El sistema afectado expone el puerto de una aplicaci\u00f3n interna en la interfaz de la red p\u00fablica, lo que permite a un atacante omitir la autenticaci\u00f3n y acceder directamente a la aplicaci\u00f3n expuesta."
}
],
"metrics": {

8
CVE-2024/CVE-2024-38xx/CVE-2024-3827.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3827",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-02T06:15:53.847",
"lastModified": "2024-08-02T06:15:53.847",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Spectra Pro para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s de identificadores de bloque en todas las versiones hasta la 1.1.4 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida insuficientes en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39392.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39392",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-02T07:16:08.883",
"lastModified": "2024-08-02T07:16:08.883",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": " Las versiones ID18.5.2, ID19.3 y anteriores de InDesign Desktop se ven afectadas por una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-393xx/CVE-2024-39396.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39396",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-02T07:16:09.270",
"lastModified": "2024-08-02T07:16:09.270",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones ID18.5.2, ID19.3 y anteriores de InDesign Desktop se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39619.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39619",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:28.820",
"lastModified": "2024-08-01T21:15:28.820",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3."
},
{
"lang": "es",
"value": " La vulnerabilidad de limitaci\u00f3n incorrecta de un nombre de ruta a un directorio restringido (\"Path Traversal\") en CridioStudio ListingPro permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a ListingPro: desde n/a hasta 2.9.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39621.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39621",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:29.040",
"lastModified": "2024-08-01T21:15:29.040",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3."
},
{
"lang": "es",
"value": " La vulnerabilidad de limitaci\u00f3n incorrecta de un nombre de ruta a un directorio restringido (\"Path Traversal\") en CridioStudio ListingPro permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a ListingPro: desde n/a hasta 2.9.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39624.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39624",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:29.270",
"lastModified": "2024-08-01T21:15:29.270",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3."
},
{
"lang": "es",
"value": " La vulnerabilidad de limitaci\u00f3n incorrecta de un nombre de ruta a un directorio restringido (\"Path Traversal\") en CridioStudio ListingPro permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a ListingPro: desde n/a hasta 2.9.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39626.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39626",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T23:15:50.920",
"lastModified": "2024-08-01T23:15:50.920",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.7."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en 5 Star Plugins Pretty Simple Popup Builder permite XSS almacenado. Este problema afecta a Pretty Simple Popup Builder: desde n/a hasta 1.0.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39627.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39627",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T23:15:51.123",
"lastModified": "2024-08-01T23:15:51.123",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Imagely NextGEN Gallery permite XSS almacenado. Este problema afecta a NextGEN Gallery: desde n/a hasta 3.59.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39629.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39629",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T23:15:51.320",
"lastModified": "2024-08-01T23:15:51.320",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en ThemeGrill Himalayas permite XSS almacenado. Este problema afecta a Himalayas: desde n/a hasta 1.3.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39630.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39630",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:29.513",
"lastModified": "2024-08-01T21:15:29.513",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13."
},
{
"lang": "es",
"value": " La vulnerabilidad de la deserializaci\u00f3n de datos no confiables en MotoPress Timetable and Event Schedule permite la inyecci\u00f3n de objetos. Este problema afecta a Timetable y Event Schedule: desde n/a hasta 2.4.13."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39631.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39631",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T23:15:51.520",
"lastModified": "2024-08-01T23:15:51.520",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Contest Gallery permite XSS almacenado. Este problema afecta a Contest Gallery: desde n/a hasta 23.1.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39633.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39633",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:29.740",
"lastModified": "2024-08-01T21:15:29.740",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.This issue affects PowerPack for Beaver Builder: from n/a through 2.33.0."
},
{
"lang": "es",
"value": " La vulnerabilidad de administraci\u00f3n de privilegios inadecuada en IdeaBox PowerPack para Beaver Builder permite la escalada de privilegios. Este problema afecta a PowerPack para Beaver Builder: desde n/a hasta 2.33.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39634.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39634",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T21:15:29.973",
"lastModified": "2024-08-01T21:15:29.973",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in IdeaBox PowerPack Pro for Elementor allows Privilege Escalation.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.14."
},
{
"lang": "es",
"value": " La vulnerabilidad de gesti\u00f3n de privilegios inadecuada en IdeaBox PowerPack Pro para Elementor permite la escalada de privilegios. Este problema afecta a PowerPack Pro para Elementor: desde n/a hasta 2.10.14."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39636.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39636",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:25.620",
"lastModified": "2024-08-01T22:15:25.620",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1."
},
{
"lang": "es",
"value": " Vulnerabilidad de deserializaci\u00f3n de datos no confiables en CodeSolz Better Find and Replace. Este problema afecta a Better Find and Replace: desde n/a hasta 1.6.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39637.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39637",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:25.837",
"lastModified": "2024-08-01T22:15:25.837",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery (SSRF) vulnerability in Pixelcurve Edubin edubin.This issue affects Edubin: from n/a through 9.2.0."
},
{
"lang": "es",
"value": " Vulnerabilidad de Server Side Request Forgery (SSRF) en Pixelcurve Edubin edubin. Este problema afecta a Edubin: desde n/a hasta 9.2.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39643.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39643",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T23:15:51.730",
"lastModified": "2024-08-01T23:15:51.730",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la de generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en RegistrationMagic Forms. RegistrationMagic permite XSS almacenado. Este problema afecta a RegistrationMagic: desde n/a hasta 6.0.0.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39644.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39644",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T23:15:51.927",
"lastModified": "2024-08-01T23:15:51.927",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Modernaweb Studio Black Widgets For Elementor permite XSS almacenado. Este problema afecta a Black Widgets For Elementor: desde n/a hasta 1.3.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39646.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39646",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T23:15:52.127",
"lastModified": "2024-08-01T23:15:52.127",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Reflected XSS.This issue affects Custom 404 Pro: from n/a through 3.11.1."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Kunal Nagar Custom 404 Pro permite el XSS reflejado. Este problema afecta a Custom 404 Pro: desde n/a hasta 3.11.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39647.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39647",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T23:15:52.327",
"lastModified": "2024-08-01T23:15:52.327",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.1.1."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en el filtro de mensajes Kofi Mokome para Contact Form 7 permite el XSS reflejado. Este problema afecta a Message Filter for Contact Form 7: desde n/a hasta 1.6.1.1 ."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39648.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39648",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:26.010",
"lastModified": "2024-08-01T22:15:26.010",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Themewinter Eventin permite XSS almacenado. Este problema afecta a Eventin: desde n/a hasta 4.0.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39649.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39649",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:26.217",
"lastModified": "2024-08-01T22:15:26.217",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.26."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WPDeveloper Essential Addons para Elementor permite XSS almacenado. Este problema afecta a Essential Addons para Elementor: desde n/a hasta 5.9.26."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39652.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39652",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:26.420",
"lastModified": "2024-08-01T22:15:26.420",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WPWeb Elite WooCommerce PDF Vouchers permite el XSS reflejado. Este problema afecta a WooCommerce PDF Vouchers: desde n/a antes de 4.9.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39655.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39655",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:26.640",
"lastModified": "2024-08-01T22:15:26.640",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiquidPoll LiquidPoll \u2013 Advanced Polls for Creators and Brands.This issue affects LiquidPoll \u2013 Advanced Polls for Creators and Brands: from n/a through 3.3.77."
},
{
"lang": "es",
"value": " Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en LiquidPoll LiquidPoll \u2013 Advanced Polls for Creators and Brands. Este problema afecta a LiquidPoll \u2013 Advanced Polls for Creators and Brands: desde n/a hasta 3.3.77 ."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39656.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39656",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:26.850",
"lastModified": "2024-08-01T22:15:26.850",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Tin Canny Reporting for LearnDash allows Reflected XSS.This issue affects Tin Canny Reporting for LearnDash: from n/a through 4.3.0.7."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Uncanny Owl Tin Canny Reporting para LearnDash permite el XSS reflejado. Este problema afecta a Tin Canny Reporting para LearnDash: desde n/a hasta 4.3.0.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39659.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39659",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:27.060",
"lastModified": "2024-08-01T22:15:27.060",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester \u2018GaMerZ\u2019 Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Lester 'GaMerZ' Chan WP-PostRatings permite XSS almacenado. Este problema afecta a WP-PostRatings: desde n/a hasta 1.91.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39660.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39660",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:27.263",
"lastModified": "2024-08-01T22:15:27.263",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jordy Meow Photo Engine allows Stored XSS.This issue affects Photo Engine: from n/a through 6.3.1."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Jordy Meow Photo Engine permite XSS almacenado. Este problema afecta a Photo Engine: desde n/a hasta 6.3.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39661.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39661",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:27.467",
"lastModified": "2024-08-01T22:15:27.467",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ExtendThemes Kubio AI Page Builder.This issue affects Kubio AI Page Builder: from n/a through 2.2.4."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en ExtendThemes Kubio AI Page Builder. Este problema afecta a Kubio AI Page Builder: desde n/a hasta 2.2.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39662.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39662",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:27.697",
"lastModified": "2024-08-01T22:15:27.697",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Modernaweb Studio Black Widgets For Elementor permite XSS almacenado. Este problema afecta a Black Widgets For Elementor: desde n/a hasta 1.3.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39663.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39663",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:27.900",
"lastModified": "2024-08-01T22:15:27.900",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.68.232."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Epsiloncool WP Fast Total Search permite XSS almacenado. Este problema afecta a WP Fast Total Search: desde n/a hasta 1.68.232."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39665.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39665",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:28.110",
"lastModified": "2024-08-01T22:15:28.110",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YMC Filter & Grids allows Stored XSS.This issue affects Filter & Grids: from n/a through 2.9.2."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en YMC Filter &amp; Grids permite XSS almacenado. Este problema afecta a Filter &amp; Grids: desde n/a hasta 2.9.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39667.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39667",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:28.323",
"lastModified": "2024-08-01T22:15:28.323",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.6.11."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en BdThemes Element Pack Elementor Addons permite XSS almacenado. Este problema afecta a Element Pack Elementor Addons: desde n/a hasta 5.6.11."
}
],
"metrics": {

8
CVE-2024/CVE-2024-396xx/CVE-2024-39668.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39668",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-01T22:15:28.523",
"lastModified": "2024-08-01T22:15:28.523",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.This issue affects Extensions for Elementor: from n/a through 2.0.31."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en petesheppard84 Extensions para Elementor permiten el XSS almacenado. Este problema afecta a Extensions para Elementor: desde n/a hasta 2.0.31."
}
],
"metrics": {

4
CVE-2024/CVE-2024-407xx/CVE-2024-40719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40719",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-08-02T10:16:00.470",
"lastModified": "2024-08-02T10:16:00.470",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-407xx/CVE-2024-40720.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40720",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-08-02T11:16:42.763",
"lastModified": "2024-08-02T11:16:42.763",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands."
},
{
"lang": "es",
"value": "La API espec\u00edfica en TCBServiSign Windows Version de CHANGING Information Technology no valida correctamente la entrada del lado del servidor. Cuando un usuario visita un sitio web falsificado, atacantes remotos no autenticados pueden modificar el registro `HKEY_CURRENT_USER` para ejecutar comandos arbitrarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-407xx/CVE-2024-40721.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40721",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-08-02T11:16:43.020",
"lastModified": "2024-08-02T11:16:43.020",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path."
},
{
"lang": "es",
"value": " La API espec\u00edfica en TCBServiSign Windows Version de CHANGING Information Technology no valida correctamente la entrada del lado del servidor. Cuando un usuario visita un sitio web falsificado, atacantes remotos no autenticados pueden hacer que TCBServiSign cargue una DLL desde una ruta arbitraria."
}
],
"metrics": {

8
CVE-2024/CVE-2024-407xx/CVE-2024-40722.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40722",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-08-02T11:16:43.283",
"lastModified": "2024-08-02T11:16:43.283",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service."
},
{
"lang": "es",
"value": " La API espec\u00edfica en TCBServiSign Windows Version de CHANGING Information Technology no valida correctamente la longitud de la entrada del lado del servidor. Cuando un usuario visita un sitio web falsificado, atacantes remotos no autenticados pueden provocar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en TCBServiSign, interrumpiendo temporalmente su servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-407xx/CVE-2024-40723.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40723",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-08-02T11:16:43.520",
"lastModified": "2024-08-02T11:16:43.520",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service."
},
{
"lang": "es",
"value": "La API espec\u00edfica en HWATAIServiSign Windows Version de CHANGING Information Technology no valida correctamente la longitud de las entradas del lado del servidor. Cuando un usuario visita un sitio web falsificado, atacantes remotos no autenticados pueden provocar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en HWATAIServiSign, interrumpiendo temporalmente su servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-412xx/CVE-2024-41259.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41259",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-01T21:15:36.047",
"lastModified": "2024-08-01T21:15:36.047",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information."
},
{
"lang": "es",
"value": " El uso de un algoritmo hash inseguro en el servicio Gravatar en Navidrome v0.52.3 permite a los atacantes manipular la informaci\u00f3n de la cuenta de un usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-419xx/CVE-2024-41948.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41948",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T22:15:28.743",
"lastModified": "2024-08-01T22:15:28.743",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. This vulnerability is fixed in 4.0.0."
},
{
"lang": "es",
"value": "biscuit-java es la implementaci\u00f3n java de Biscuit, un token de autenticaci\u00f3n y autorizaci\u00f3n para arquitecturas de microservicios. Se pueden generar bloques de terceros sin transferir el token completo a la autoridad de terceros. En su lugar, se puede enviar una solicitud ThirdPartyBlock, proporcionando solo la informaci\u00f3n necesaria para generar un bloque de terceros y firmarlo, que incluye la clave p\u00fablica del bloque anterior (utilizada en la firma) y las claves p\u00fablicas que forman parte de la tabla de s\u00edmbolos de token (para clave p\u00fablica interna en expresiones de registro de datos). Una solicitud de bloqueo de un tercero falsificada por un usuario malintencionado puede enga\u00f1ar a la autoridad del tercero para que genere un registro de datos que conf\u00ede en el par de claves incorrecto. Esta vulnerabilidad se solucion\u00f3 en 4.0.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-419xx/CVE-2024-41949.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41949",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T22:15:28.950",
"lastModified": "2024-08-01T22:15:28.950",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair."
},
{
"lang": "es",
"value": "biscuit-rust es la implementaci\u00f3n Rust de Biscuit, un token de autenticaci\u00f3n y autorizaci\u00f3n para arquitecturas de microservicios. Se pueden generar bloques de terceros sin transferir el token completo a la autoridad de terceros. En su lugar, se puede enviar una solicitud ThirdPartyBlock, proporcionando solo la informaci\u00f3n necesaria para generar un bloque de terceros y firmarlo, que incluye la clave p\u00fablica del bloque anterior (utilizada en la firma) y las claves p\u00fablicas que forman parte de la tabla de s\u00edmbolos de token (para clave p\u00fablica interna en expresiones de registro de datos). Una solicitud de bloqueo de un tercero falsificada por un usuario malintencionado puede enga\u00f1ar a la autoridad del tercero para que genere un registro de datos que conf\u00ede en el par de claves incorrecto."
}
],
"metrics": {

8
CVE-2024/CVE-2024-419xx/CVE-2024-41956.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41956",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T22:15:29.153",
"lastModified": "2024-08-01T22:15:29.153",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5."
},
{
"lang": "es",
"value": "Soft Serve es un servidor Git autohospedable para la l\u00ednea de comandos. Antes de 0.7.5, era posible que un usuario que pudiera enviar archivos a un repositorio alojado por Soft Serve ejecutara c\u00f3digo arbitrario mediante manipulaci\u00f3n del entorno y Git. El problema es que Soft Serve pasa todas las variables de entorno proporcionadas por el cliente a los subprocesos de git. Esto incluye variables de entorno que controlan la ejecuci\u00f3n del programa, como LD_PRELOAD. Esta vulnerabilidad se solucion\u00f3 en 0.7.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-419xx/CVE-2024-41957.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41957",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T22:15:29.367",
"lastModified": "2024-08-01T22:15:29.367",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,\nbut it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647"
},
{
"lang": "es",
"value": "Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. Vim "
}
],
"metrics": {

8
CVE-2024/CVE-2024-419xx/CVE-2024-41962.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41962",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T17:16:09.507",
"lastModified": "2024-08-01T17:16:09.507",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10."
},
{
"lang": "es",
"value": " Bostr es un proxy agregador de retransmisi\u00f3n nostr que act\u00faa como un retransmisi\u00f3n nostr normal. bostr permite que todos tengan incluso authorized_keys configuradas cuando noscraper est\u00e1 configurado en verdadero. Esta vulnerabilidad se solucion\u00f3 en 3.0.10."
}
],
"metrics": {

8
CVE-2024/CVE-2024-419xx/CVE-2024-41965.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41965",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T22:15:29.567",
"lastModified": "2024-08-01T22:15:29.567",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648."
},
{
"lang": "es",
"value": " Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. double-free en dialog_changed() en Vim "
}
],
"metrics": {

8
CVE-2024/CVE-2024-424xx/CVE-2024-42458.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42458",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-02T04:17:30.593",
"lastModified": "2024-08-02T04:17:30.593",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type."
},
{
"lang": "es",
"value": " server.c en Neat VNC (tambi\u00e9n conocido como cleanvnc) anterior a 0.8.1 no valida correctamente el tipo de seguridad."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-424xx/CVE-2024-42459.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42459",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-02T07:16:10.003",
"lastModified": "2024-08-02T07:16:10.003",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended."
},
{
"lang": "es",
"value": "En el paquete Elliptic 6.5.6 para Node.js, la maleabilidad de la firma EDDSA se produce porque falta una verificaci\u00f3n de longitud de la firma y, por lo tanto, se pueden eliminar o agregar bytes con valor cero."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-424xx/CVE-2024-42460.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42460",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-02T07:16:10.120",
"lastModified": "2024-08-02T07:16:10.120",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero."
},
{
"lang": "es",
"value": " En el paquete Elliptic 6.5.6 para Node.js, la maleabilidad de la firma ECDSA se produce porque falta una verificaci\u00f3n de si el bit inicial de r y s es cero."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-424xx/CVE-2024-42461.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42461",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-02T07:16:10.230",
"lastModified": "2024-08-02T07:16:10.230",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-43xx/CVE-2024-4353.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-4353",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"published": "2024-08-01T19:15:52.313",
"lastModified": "2024-08-01T19:15:52.313",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board\ninstance functionality. The Name input field does not check the input sufficiently letting a rogue administrator hav the capability to inject malicious\nJavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator \u00a0and a CVSS v4 score of 1.8 with a vector of CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Thanks fhAnso for reporting."
},
{
"lang": "es",
"value": "Las versiones 9.0.0 a 9.3.2 de Concrete CMS se ven afectadas por una vulnerabilidad de XSS almacenado en la funcionalidad de generaci\u00f3n de instancia del tablero. El campo de entrada Name no verifica la entrada lo suficiente, lo que permite que un administrador deshonesto tenga la capacidad de inyectar c\u00f3digo JavaScript malicioso. El equipo de seguridad de Concrete CMS le dio a esta vulnerabilidad una puntuaci\u00f3n CVSS v3.1 de 3.1 con un vector de AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A: N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator y una puntuaci\u00f3n CVSS v4 de 1,8 con un vector de CVSS:4.0/AV:N/AC:H/AT:N/PR:H /UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Gracias fhAnso por informar."
}
],
"metrics": {

4
CVE-2024/CVE-2024-46xx/CVE-2024-4643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4643",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-02T10:16:00.770",
"lastModified": "2024-08-02T10:16:00.770",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-55xx/CVE-2024-5595.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5595",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-02T06:15:54.263",
"lastModified": "2024-08-02T06:15:54.263",
"vulnStatus": "Received",
"lastModified": "2024-08-02T12:59:43.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": " El complemento de WordPress Essential Blocks anterior a 4.7.0 no valida ni escapa algunas de sus opciones de bloqueo antes de devolverlas a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el bloque, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de CrossSite Scripting almacenado."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More