admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-20T14:00:59.046271+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-20 14:03:57 +00:00
parent 5e62f52399
commit e893b46315
555 changed files with 4957 additions and 1754 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2021/CVE-2021-279xx/CVE-2021-27915.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-27915",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-17T14:15:14.100",
"lastModified": "2024-09-17T14:15:14.100",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, existe una vulnerabilidad XSS en los campos de descripci\u00f3n dentro de la aplicaci\u00f3n Mautic que podr\u00eda ser explotada por un usuario registrado de Mautic con los permisos adecuados. Esto podr\u00eda provocar que el usuario tenga acceso elevado al sistema."
}
],
"metrics": {

8
CVE-2021/CVE-2021-279xx/CVE-2021-27916.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-27916",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-17T15:15:11.967",
"lastModified": "2024-09-17T15:15:11.967",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\n\nThis vulnerability exists in the implementation of the GrapesJS builder in Mautic."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic eran vulnerables a la eliminaci\u00f3n arbitraria de archivos y al recorrido de ruta relativa. Independientemente del nivel de acceso que tuviera el usuario de Mautic, pod\u00eda eliminar archivos que no estuvieran en las carpetas multimedia, como archivos del sistema, librer\u00edas u otros archivos importantes. Esta vulnerabilidad existe en la implementaci\u00f3n del generador GrapesJS en Mautic."
}
],
"metrics": {

8
CVE-2021/CVE-2021-279xx/CVE-2021-27917.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-27917",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T22:15:03.577",
"lastModified": "2024-09-18T22:15:03.577",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report."
},
{
"lang": "es",
"value": "Antes de este parche, exist\u00eda una vulnerabilidad XSS almacenado en el seguimiento de contactos y en el informe de visitas a la p\u00e1gina."
}
],
"metrics": {

8
CVE-2022/CVE-2022-257xx/CVE-2022-25768.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-25768",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T21:15:12.860",
"lastModified": "2024-09-18T21:15:12.860",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required."
},
{
"lang": "es",
"value": "La l\u00f3gica implementada para facilitar el proceso de actualizaci\u00f3n a trav\u00e9s de la interfaz de usuario carece de control de acceso para verificar si existe permiso para realizar las tareas. Antes de que se aplicara este parche, era posible que un atacante accediera al n\u00famero de versi\u00f3n de Mautic o ejecutara partes del proceso de actualizaci\u00f3n sin permiso. Como la actualizaci\u00f3n en la interfaz de usuario est\u00e1 obsoleta, esta funcionalidad ya no es necesaria."
}
],
"metrics": {

8
CVE-2022/CVE-2022-257xx/CVE-2022-25769.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-25769",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T15:15:13.060",
"lastModified": "2024-09-18T15:15:13.060",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\n\nThis logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path."
},
{
"lang": "es",
"value": "ImpactoEl archivo .htaccess predeterminado tiene algunas restricciones en el acceso a los archivos PHP para permitir que solo se ejecuten archivos PHP espec\u00edficos en la ra\u00edz de la aplicaci\u00f3n. Esta l\u00f3gica no es correcta, ya que la expresi\u00f3n regular en el segundo FilesMatch solo verifica el nombre del archivo, no la ruta completa."
}
],
"metrics": {

8
CVE-2022/CVE-2022-257xx/CVE-2022-25770.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-25770",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T22:15:03.827",
"lastModified": "2024-09-18T22:15:03.827",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable."
},
{
"lang": "es",
"value": "Mautic permite actualizar la aplicaci\u00f3n mediante un script de actualizaci\u00f3n. La l\u00f3gica de actualizaci\u00f3n no est\u00e1 protegida correctamente, lo que puede generar una situaci\u00f3n vulnerable. Esta vulnerabilidad se ve mitigada por el hecho de que Mautic debe instalarse de una determinada manera para que sea vulnerable."
}
],
"metrics": {

8
CVE-2022/CVE-2022-257xx/CVE-2022-25774.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-25774",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T15:15:13.253",
"lastModified": "2024-09-18T15:15:13.253",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\n\nUsers could inject malicious code into the notification when saving Dashboards."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, los usuarios que hab\u00edan iniciado sesi\u00f3n en Mautic eran vulnerables a una vulnerabilidad XSS propia en las notificaciones dentro de Mautic. Los usuarios pod\u00edan inyectar c\u00f3digo malicioso en la notificaci\u00f3n al guardar los Dashboards."
}
],
"metrics": {

8
CVE-2022/CVE-2022-257xx/CVE-2022-25775.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-25775",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T15:15:13.440",
"lastModified": "2024-09-18T15:15:13.440",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\n\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic eran vulnerables a una vulnerabilidad de inyecci\u00f3n SQL en el paquete de informes. El usuario pod\u00eda recuperar y alterar datos como datos confidenciales, datos de inicio de sesi\u00f3n y, seg\u00fan el permiso de la base de datos, el atacante pod\u00eda manipular los sistemas de archivos."
}
],
"metrics": {

8
CVE-2022/CVE-2022-257xx/CVE-2022-25776.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-25776",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T15:15:13.620",
"lastModified": "2024-09-18T15:15:13.620",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\n\nUsers could potentially access sensitive data such as names and surnames, company names and stage names."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic pod\u00edan acceder a \u00e1reas de la aplicaci\u00f3n a las que no deber\u00edan tener acceso. Los usuarios podr\u00edan acceder a datos confidenciales como nombres y apellidos, nombres de empresas y nombres art\u00edsticos."
}
],
"metrics": {

8
CVE-2022/CVE-2022-257xx/CVE-2022-25777.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-25777",
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T16:15:04.980",
"lastModified": "2024-09-18T16:15:04.980",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, un usuario autenticado de Mautic pod\u00eda leer archivos del sistema y acceder a las direcciones internas de la aplicaci\u00f3n debido a una vulnerabilidad de Server-Side Request Forgery (SSRF)."
}
],
"metrics": {

8
CVE-2022/CVE-2022-390xx/CVE-2022-39068.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-39068",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2024-09-18T02:15:09.690",
"lastModified": "2024-09-18T02:15:09.690",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en ZTE MF296R. Debido a una validaci\u00f3n insuficiente de la longitud del par\u00e1metro SMS, un atacante autenticado podr\u00eda utilizar la vulnerabilidad para realizar un ataque de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2022/CVE-2022-45xx/CVE-2022-4533.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-4533",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-19T04:15:05.860",
"lastModified": "2024-09-19T04:15:05.860",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in."
},
{
"lang": "es",
"value": "El complemento Limit Login Attempts Plus para WordPress es vulnerable a la suplantaci\u00f3n de direcciones IP en versiones hasta la 1.1.0 incluida. Esto se debe a restricciones insuficientes sobre d\u00f3nde se recupera la informaci\u00f3n de la direcci\u00f3n IP para el registro de solicitudes y las restricciones de inicio de sesi\u00f3n. Los atacantes pueden proporcionar el encabezado X-Forwarded-For con una direcci\u00f3n IP diferente que se registrar\u00e1 y se puede usar para eludir configuraciones que pueden haber bloqueado el inicio de sesi\u00f3n de una direcci\u00f3n IP o un pa\u00eds."
}
],
"metrics": {

22
CVE-2023/CVE-2023-223xx/CVE-2023-22378.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-22378",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T09:15:13.507",
"lastModified": "2024-05-28T13:15:08.783",
"lastModified": "2024-09-20T12:15:02.750",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way."
"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.\n\nAuthenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability."
},
{
"lang": "es",
@ -22,15 +22,15 @@
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
@ -55,7 +55,7 @@
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
@ -86,20 +86,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
"impactScore": 5.9
}
]
},

4
CVE-2023/CVE-2023-228xx/CVE-2023-22843.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-22843",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T09:15:13.667",
"lastModified": "2024-05-28T13:15:08.937",
"lastModified": "2024-09-20T12:15:03.493",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule.\nAn attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules.\nThe injected code will be executed in the context of the authenticated victim's session."
"value": "An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule.\nVia stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules."
},
{
"lang": "es",

22
CVE-2023/CVE-2023-235xx/CVE-2023-23574.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-23574",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T09:15:13.767",
"lastModified": "2024-05-28T13:15:09.070",
"lastModified": "2024-09-20T12:15:03.747",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way."
"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.\n\nAuthenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability."
},
{
"lang": "es",
@ -22,15 +22,15 @@
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
@ -55,7 +55,7 @@
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
@ -86,20 +86,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
"impactScore": 5.9
}
]
},

4
CVE-2023/CVE-2023-239xx/CVE-2023-23903.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23903",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T10:15:09.687",
"lastModified": "2024-05-28T13:15:09.210",
"lastModified": "2024-09-20T12:15:04.187",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -120,7 +120,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-1286"
}
]
}

4
CVE-2023/CVE-2023-240xx/CVE-2023-24015.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24015",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T10:15:09.890",
"lastModified": "2024-05-28T13:15:09.340",
"lastModified": "2024-09-20T12:15:04.520",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -120,7 +120,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-1286"
}
]
}

42
CVE-2023/CVE-2023-244xx/CVE-2023-24477.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24477",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-08-09T08:15:09.280",
"lastModified": "2024-05-28T13:15:09.593",
"lastModified": "2024-09-20T13:15:04.357",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -18,15 +18,15 @@
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
@ -51,8 +51,8 @@
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW"
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
}
],
@ -82,20 +82,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},

22
CVE-2023/CVE-2023-25xx/CVE-2023-2567.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-2567",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-09-19T11:16:19.333",
"lastModified": "2024-05-28T13:15:09.857",
"lastModified": "2024-09-20T13:15:07.067",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way."
"value": "A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality.\nAuthenticated users may be able to execute arbitrary SQL statements on the DBMS used by the web application."
},
{
"lang": "es",
@ -22,15 +22,15 @@
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
@ -55,7 +55,7 @@
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.2,
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
@ -86,20 +86,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
"impactScore": 5.9
}
]
},

8
CVE-2023/CVE-2023-275xx/CVE-2023-27584.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-27584",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-19T23:15:11.233",
"lastModified": "2024-09-19T23:15:11.233",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, \"Secret Key\", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Dragonfly es un sistema de distribuci\u00f3n de archivos y aceleraci\u00f3n de im\u00e1genes basado en P2P de c\u00f3digo abierto. Est\u00e1 alojado por la Cloud Native Computing Foundation (CNCF) como un proyecto de nivel de incubaci\u00f3n. Dragonfly utiliza JWT para verificar al usuario. Sin embargo, la clave secreta para JWT, \"Clave secreta\", est\u00e1 codificada de forma r\u00edgida, lo que permite eludir la autenticaci\u00f3n. Un atacante puede realizar cualquier acci\u00f3n como usuario con privilegios de administrador. Este problema se ha solucionado en la versi\u00f3n 2.0.9. Se recomienda a todos los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2023/CVE-2023-284xx/CVE-2023-28451.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28451",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T15:15:13.900",
"lastModified": "2024-09-18T19:35:05.387",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit would be widespread and highly impactful, because the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Technitium 11.0.2. Existe una vulnerabilidad (denominada BadDNS) en el software de resoluci\u00f3n de DNS, que hace que un solucionador ignore las respuestas v\u00e1lidas, lo que provoca una denegaci\u00f3n de servicio (DoS) para una resoluci\u00f3n normal. Los efectos de una explotaci\u00f3n ser\u00edan generalizados y de gran impacto, porque el atacante podr\u00eda simplemente falsificar una respuesta dirigida al puerto de origen de un solucionador vulnerable sin necesidad de adivinar el TXID correcto."
}
],
"metrics": {

8
CVE-2023/CVE-2023-284xx/CVE-2023-28452.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28452",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T15:15:13.957",
"lastModified": "2024-09-18T15:15:13.957",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en CoreDNS a trav\u00e9s de la versi\u00f3n 1.10.1. Existe una vulnerabilidad en el software de resoluci\u00f3n de DNS que hace que un solucionador ignore las respuestas v\u00e1lidas, lo que provoca la denegaci\u00f3n de servicio para una resoluci\u00f3n normal. En un exploit, el atacante podr\u00eda simplemente falsificar una respuesta dirigida al puerto de origen de un solucionador vulnerable sin la necesidad de adivinar el TXID correcto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-284xx/CVE-2023-28455.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28455",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T15:15:14.020",
"lastModified": "2024-09-18T18:35:01.490",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Technitium hasta la versi\u00f3n 11.0.2. El modo de reenv\u00edo permite a los atacantes crear un bucle de consultas mediante los solucionadores de Technitium, lanzando ataques de amplificaci\u00f3n y provocando posibles ataques de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {

8
CVE-2023/CVE-2023-284xx/CVE-2023-28456.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28456",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T15:15:14.083",
"lastModified": "2024-09-18T18:35:02.367",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other \"golden model\" software like BIND) and cause potential DoS."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Technitium a trav\u00e9s de la versi\u00f3n 11.0.2. Permite a los atacantes lanzar ataques de amplificaci\u00f3n (tres veces m\u00e1s que otros programas de \"modelo dorado\" como BIND) y provocar posibles ataques de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {

8
CVE-2023/CVE-2023-284xx/CVE-2023-28457.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28457",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T15:15:14.143",
"lastModified": "2024-09-18T18:35:03.190",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Technitium hasta la versi\u00f3n 11.0.3. Permite a los atacantes realizar un ataque de envenenamiento de cach\u00e9 de DNS e inyectar respuestas falsas en un segundo, lo que tiene un gran impacto."
}
],
"metrics": {

4
CVE-2023/CVE-2023-304xx/CVE-2023-30464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30464",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T21:15:13.080",
"lastModified": "2024-09-19T19:35:01.113",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-416xx/CVE-2023-41610.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-41610",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T18:15:05.680",
"lastModified": "2024-09-19T02:35:17.530",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Victure PC420 1.1.39 contiene una contrase\u00f1a de superusuario codificada que se almacena en texto plano."
}
],
"metrics": {

8
CVE-2023/CVE-2023-416xx/CVE-2023-41611.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-41611",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T18:15:05.750",
"lastModified": "2024-09-18T18:15:05.750",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Victure PC420 1.1.39 utiliza una clave d\u00e9bil y parcialmente codificada para cifrar datos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-416xx/CVE-2023-41612.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-41612",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T18:15:05.803",
"lastModified": "2024-09-18T18:15:05.803",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Victure PC420 1.1.39 utiliza una clave de cifrado d\u00e9bil para el archivo enabled_telnet.dat en la tarjeta Micro SD."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-458xx/CVE-2023-45854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45854",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-16T18:15:53.053",
"lastModified": "2024-09-17T21:35:02.480",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-471xx/CVE-2023-47105.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-47105",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T17:15:18.277",
"lastModified": "2024-09-18T19:35:09.023",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication."
},
{
"lang": "es",
"value": "exec.CommandContext en Chaosblade 0.3 a 1.7.3, cuando se utiliza el modo servidor, permite la ejecuci\u00f3n de comandos del sistema operativo a trav\u00e9s del par\u00e1metro cmd sin autenticaci\u00f3n."
}
],
"metrics": {

19
CVE-2023/CVE-2023-490xx/CVE-2023-49000.json
View File

@ -2,13 +2,20 @@
"id": "CVE-2023-49000",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T22:15:16.653",
"lastModified": "2024-01-04T18:45:41.737",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-09-20T13:15:13.783",
"vulnStatus": "Modified",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component."
"value": "An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: this is disputed by the vendor, who indicates that ArtisBrowser 34 does not support CSS3."
},
{
"lang": "es",
@ -83,6 +90,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/advisories/GHSA-866h-q63m-66xm",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-492xx/CVE-2023-49203.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-49203",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T15:15:14.513",
"lastModified": "2024-09-18T19:35:09.870",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic."
},
{
"lang": "es",
"value": "Technitium 11.5.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (amplificaci\u00f3n del ancho de banda) porque la manipulaci\u00f3n DNSBomb provoca la acumulaci\u00f3n de consultas DNS de baja velocidad, de modo que hay una respuesta de gran tama\u00f1o en una r\u00e1faga de tr\u00e1fico."
}
],
"metrics": {

4
CVE-2023/CVE-2023-52xx/CVE-2023-5253.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-5253",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-01-15T11:15:08.627",
"lastModified": "2024-05-28T13:15:10.223",
"lastModified": "2024-09-20T12:15:04.893",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.\n\n\n\nMalicious unauthenticated users with knowledge on the underlying system may be able to extract asset information."
"value": "A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.\n\n\n\nMalicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-59xx/CVE-2023-5937.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5937",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-05-15T16:15:09.577",
"lastModified": "2024-05-28T13:15:10.607",
"lastModified": "2024-09-20T12:15:05.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-732"
"value": "CWE-538"
}
]
}

4
CVE-2023/CVE-2023-69xx/CVE-2023-6916.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6916",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-04-10T16:15:09.190",
"lastModified": "2024-05-28T13:15:10.800",
"lastModified": "2024-09-20T12:15:05.307",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-522"
"value": "CWE-201"
}
]
}

4
CVE-2024/CVE-2024-02xx/CVE-2024-0218.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0218",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-04-10T16:15:09.413",
"lastModified": "2024-05-28T13:15:10.927",
"lastModified": "2024-09-20T13:15:16.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-1286"
}
]
}

101
CVE-2024/CVE-2024-15xx/CVE-2024-1578.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1578",
"sourceIdentifier": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
"published": "2024-09-16T07:15:02.030",
"lastModified": "2024-09-16T15:35:14.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T13:53:31.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 4.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -84,6 +104,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
"type": "Secondary",
@ -95,14 +125,77 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF183E5B-D277-422A-AEC8-3FA8253BEFDA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34DA9EB3-51BA-4F27-83CF-25B1A4061C6E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D897A1C4-F336-49A2-B805-F6CFA20234A1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D784B14-21AE-4BF0-A1AF-3E43E85E7F79"
}
]
}
]
}
],
"references": [
{
"url": "https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters",
"source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"
"source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
"tags": [
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://www.canon-europe.com/psirt/advisory-information",
"source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"
"source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
"tags": [
"Vendor Advisory"
]
}
]
}

22
CVE-2024/CVE-2024-211xx/CVE-2024-21145.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21145",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:15.993",
"lastModified": "2024-09-18T15:16:36.450",
"lastModified": "2024-09-20T13:46:53.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
},
{
"source": "secalert_us@oracle.com",
"type": "Secondary",

8
CVE-2024/CVE-2024-217xx/CVE-2024-21743.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21743",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-17T14:15:16.900",
"lastModified": "2024-09-17T14:15:16.900",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalada de privilegios en favethemes Houzez Login Register houzez-login-register. Este problema afecta a Houzez Login Register: desde n/a hasta 3.2.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-220xx/CVE-2024-22013.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-22013",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-09-16T20:15:45.743",
"lastModified": "2024-09-16T20:15:45.743",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "U-Boot environment is read from unauthenticated partition."
},
{
"lang": "es",
"value": "El entorno U-Boot se lee desde una partici\u00f3n no autenticada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-223xx/CVE-2024-22303.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-22303",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-17T14:15:17.123",
"lastModified": "2024-09-17T14:15:17.123",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in favethemes Houzez houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4."
},
{
"lang": "es",
"value": "Vulnerabilidad de asignaci\u00f3n incorrecta de privilegios en favethemes Houzez Houzez permite la escalada de privilegios. Este problema afecta a Houzez: desde n/a hasta 3.2.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-232xx/CVE-2024-23237.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23237",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.670",
"lastModified": "2024-09-17T00:15:47.670",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},

83
CVE-2024/CVE-2024-236xx/CVE-2024-23657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23657",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-05T21:15:37.880",
"lastModified": "2024-08-06T16:30:24.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T12:49:35.743",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -55,30 +85,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.9",
"matchCriteriaId": "D74FCC4E-3C6E-4A3E-87F1-F7D5875BA7D5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/dev-auth.ts#L14",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L88C48-L88C48",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L96C11-L96C28",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/index.ts#L109",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-rcvg-rgf7-pppv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://portswigger.net/web-security/websockets/cross-site-websocket-hijacking",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-239xx/CVE-2024-23915.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23915",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:12.580",
"lastModified": "2024-09-18T14:15:12.580",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::of13::InstructionSet::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de puntero nulo de valor de retorno no controlado en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con las rutinas de programa fluid_msg::of13::InstructionSet::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-239xx/CVE-2024-23916.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-23916",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:12.790",
"lastModified": "2024-09-18T14:15:12.790",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionSet::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de puntero nulo de valor de retorno no controlado en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con las rutinas de programa fluid_msg::ActionSet::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-256xx/CVE-2024-25673.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25673",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-19T19:15:24.093",
"lastModified": "2024-09-19T19:15:24.093",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection."
},
{
"lang": "es",
"value": "Couchbase Server 7.6.x anterior a 7.6.2, 7.2.x anterior a 7.2.6 y todas las versiones anteriores permiten la inyecci\u00f3n de encabezado de host HTTP."
}
],
"metrics": {},

291
CVE-2024/CVE-2024-273xx/CVE-2024-27365.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27365",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-09T21:15:10.990",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-20T13:09:31.330",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -39,14 +59,277 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2635646-DD6A-4735-8E01-F45445584832"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA0F8A58-71B7-4503-A03A-6FB4282D75BD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64897B0D-EBF6-4BEB-BF54-ABCDBFAB45E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F328B4-0442-4748-B5EE-DD1CEE50D6CF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "801E188F-C71B-4933-9099-151A4A1B1BC5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8FC82D-57C5-4F00-BDF4-4261A32C4246"
}
]
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27365/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-277xx/CVE-2024-27795.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27795",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.740",
"lastModified": "2024-09-17T00:15:47.740",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una extensi\u00f3n de c\u00e1mara pueda acceder a Internet."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27858.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27858",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.797",
"lastModified": "2024-09-17T00:15:47.797",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sequoia 15. Una aplicaci\u00f3n puede tener acceso a datos de usuario protegidos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27860.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27860",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.847",
"lastModified": "2024-09-17T00:15:47.847",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda leer memoria restringida."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27861.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27861",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.897",
"lastModified": "2024-09-17T00:15:47.897",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda leer memoria restringida."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-278xx/CVE-2024-27869.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27869",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.943",
"lastModified": "2024-09-17T21:35:03.670",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-278xx/CVE-2024-27874.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27874",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.993",
"lastModified": "2024-09-17T15:35:06.550",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-278xx/CVE-2024-27875.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27875",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.063",
"lastModified": "2024-09-17T00:15:48.063",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de l\u00f3gica con una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en macOS Sequoia 15. Los indicadores de privacidad para el acceso al micr\u00f3fono o la c\u00e1mara pueden atribuirse de forma incorrecta."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-278xx/CVE-2024-27876.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27876",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.127",
"lastModified": "2024-09-17T20:35:05.790",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-278xx/CVE-2024-27879.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27879",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.190",
"lastModified": "2024-09-17T20:35:06.640",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-278xx/CVE-2024-27880.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27880",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.250",
"lastModified": "2024-09-17T00:15:48.250",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-311xx/CVE-2024-31164.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31164",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:12.967",
"lastModified": "2024-09-18T14:15:12.967",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con las rutinas de programa fluid_msg::ActionList::unpack13. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31165.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31165",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.147",
"lastModified": "2024-09-18T14:15:13.147",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:51.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::SetFieldAction::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina de programa fluid_msg::of13::SetFieldAction::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31166.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31166",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.327",
"lastModified": "2024-09-18T14:15:13.327",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::HelloElemVersionBitmap::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::HelloElemVersionBitmap::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31167.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31167",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.507",
"lastModified": "2024-09-18T14:15:13.507",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack13.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::QueuePropertyList::unpack13. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31168.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31168",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.683",
"lastModified": "2024-09-18T14:15:13.683",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::EchoCommon::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::EchoCommon::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31169.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31169",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:13.860",
"lastModified": "2024-09-18T14:15:13.860",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::QueueGetConfigReply::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::QueueGetConfigReply::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31170.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31170",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.037",
"lastModified": "2024-09-18T14:15:14.037",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::StatsReplyQueue::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::StatsReplyQueue::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31171.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31171",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.210",
"lastModified": "2024-09-18T14:15:14.210",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::StatsReplyPort::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::StatsReplyPort::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31172.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31172",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.387",
"lastModified": "2024-09-18T14:15:14.387",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::StatsReplyTable::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::StatsReplyTable::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31173.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31173",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.557",
"lastModified": "2024-09-18T14:15:14.557",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::StatsReplyFlow::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::StatsReplyFlow::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31174.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31174",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.730",
"lastModified": "2024-09-18T14:15:14.730",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::FeaturesReply::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::FeaturesReply::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31175.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31175",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:14.927",
"lastModified": "2024-09-18T14:15:14.927",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TablePropertiesList::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina de programa fluid_msg::of13::TablePropertiesList::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31176.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31176",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.100",
"lastModified": "2024-09-18T14:15:15.100",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TableFeaturePropOXM::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::TableFeaturePropOXM::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31177.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31177",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.283",
"lastModified": "2024-09-18T14:15:15.283",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg modules). This vulnerability is associated with program routines fluid_msg::of13::TableFeaturePropActions::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulos libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con las rutinas de programa fluid_msg::of13::TableFeaturePropActions::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31178.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31178",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.460",
"lastModified": "2024-09-18T14:15:15.460",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TableFeaturePropNextTables::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::TableFeaturePropNextTables::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31179.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31179",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.633",
"lastModified": "2024-09-18T14:15:15.633",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::TableFeaturePropInstruction::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::TableFeaturePropInstruction::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31180.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31180",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:15.820",
"lastModified": "2024-09-18T14:15:15.820",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::GroupDesc::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::GroupDesc::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31181.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31181",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.000",
"lastModified": "2024-09-18T14:15:16.000",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::GroupStats::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::GroupStats::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31182.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31182",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.193",
"lastModified": "2024-09-18T14:15:16.193",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::QueuePropertyList::unpack10.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de valor de retorno no controlado a puntero nulo en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::QueuePropertyList::unpack10. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31183.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31183",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.377",
"lastModified": "2024-09-18T14:15:16.377",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::Hello::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::Hello::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31184.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31184",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.550",
"lastModified": "2024-09-18T14:15:16.550",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::MeterStats::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MeterStats::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31185.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31185",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.727",
"lastModified": "2024-09-18T14:15:16.727",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of13::MeterBandList::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de puntero nulo de valor de retorno no controlado en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina de programa fluid_msg::of13::MeterBandList::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31186.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31186",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:16.953",
"lastModified": "2024-09-18T14:15:16.953",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::QueueGetConfigReply::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::QueueGetConfigReply::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31187.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31187",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:17.173",
"lastModified": "2024-09-18T14:15:17.173",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyPortDescription::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyPortDescription::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31188.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31188",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:17.403",
"lastModified": "2024-09-18T14:15:17.403",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyTableFeatures::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyTableFeatures::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31189.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31189",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:17.593",
"lastModified": "2024-09-18T14:15:17.593",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartRequestTableFeatures::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartRequestTableFeatures::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31190.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31190",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.017",
"lastModified": "2024-09-18T14:15:18.017",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyMeterConfig::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyMeterConfig::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31191.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31191",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.290",
"lastModified": "2024-09-18T14:15:18.290",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyMeter::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyMeter::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31192.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31192",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.470",
"lastModified": "2024-09-18T14:15:18.470",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyGroupDesc::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyGroupDesc::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31193.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31193",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.647",
"lastModified": "2024-09-18T14:15:18.647",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyGroup::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyGroup::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31194.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31194",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:18.827",
"lastModified": "2024-09-18T14:15:18.827",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyPortStats::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyPortStats::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31195.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31195",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:19.000",
"lastModified": "2024-09-18T14:15:19.000",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyTable::unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of13::MultipartReplyTable::unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31196.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31196",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:19.190",
"lastModified": "2024-09-18T14:15:19.190",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::ActionList::unpack10.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desreferencia de puntero nulo de valor de retorno no controlado en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::ActionList::unpack10. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31197.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31197",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:19.367",
"lastModified": "2024-09-18T14:15:19.367",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::Port:unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de terminaci\u00f3n nula incorrecta en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::Port:unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-311xx/CVE-2024-31198.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31198",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-09-18T14:15:19.550",
"lastModified": "2024-09-18T14:15:19.550",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine\u00a0fluid_msg::of10::Port:unpack.\n\nThis issue affects libfluid: 0.1.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en libfluid (m\u00f3dulo libfluid_msg) de Open Networking Foundation (ONF). Esta vulnerabilidad est\u00e1 asociada con la rutina del programa fluid_msg::of10::Port:unpack. Este problema afecta a libfluid: 0.1.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-315xx/CVE-2024-31570.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31570",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-19T17:15:12.623",
"lastModified": "2024-09-19T17:15:12.623",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file."
},
{
"lang": "es",
"value": "libfreeimage en FreeImage 3.4.0 a 3.18.0 tiene un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n de carga PluginXPM.cpp a trav\u00e9s de un archivo XPM."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-31xx/CVE-2024-3153.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3153",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.600",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-20T13:15:04.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -51,14 +73,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.0",
"matchCriteriaId": "0D667E32-5A5C-479C-BB81-47F3BCA38C13"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-320xx/CVE-2024-32034.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32034",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-16T19:16:10.300",
"lastModified": "2024-09-16T19:16:10.300",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. This issue has been addressed in release version 0.27.7, 0.28.2, and newer. Users are advised to upgrade. Users unable to upgrade may redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. `/admin/organization/edit`)."
},
{
"lang": "es",
"value": "Decidim es una democracia participativa, participaci\u00f3n ciudadana y gobierno abierto de c\u00f3digo abierto y gratuito para ciudades y organizaciones. El panel de administraci\u00f3n est\u00e1 sujeto a posibles ataques de cross site scripting (XSS) en caso de que un administrador asigne un evaluador a una propuesta o realice cualquier otra acci\u00f3n que genere un registro de actividad de administraci\u00f3n donde uno de los recursos tenga un XSS creado. Este problema se ha solucionado en las versiones de lanzamiento 0.27.7, 0.28.2 y posteriores. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden redirigir las p\u00e1ginas /admin y /admin/logs a otras p\u00e1ginas de administraci\u00f3n para evitar este acceso (es decir, `/admin/organization/edit`)."
}
],
"metrics": {

20
CVE-2024/CVE-2024-331xx/CVE-2024-33109.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33109",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-19T19:15:24.170",
"lastModified": "2024-09-19T19:15:24.170",
"vulnStatus": "Received",
"lastModified": "2024-09-20T13:35:02.703",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function."
},
{
"lang": "es",
"value": "Directory Traversal en la interfaz web del Tiptel IP 286 con la versi\u00f3n de firmware 2.61.13.10 permite a los atacantes sobrescribir archivos arbitrarios en el tel\u00e9fono a trav\u00e9s de la funci\u00f3n de carga de tono de llamada."
}
],
"metrics": {
@ -35,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "http://tiptel.com",

8
CVE-2024/CVE-2024-340xx/CVE-2024-34016.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34016",
"sourceIdentifier": "security@acronis.com",
"published": "2024-09-16T20:15:46.087",
"lastModified": "2024-09-16T20:15:46.087",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Cloud Agent (Windows) antes de la compilaci\u00f3n 38235."
}
],
"metrics": {

8
CVE-2024/CVE-2024-340xx/CVE-2024-34026.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34026",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-09-18T15:15:14.623",
"lastModified": "2024-09-18T15:15:14.623",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en la funcionalidad del analizador EtherNet/IP de OpenPLC Runtime de OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. Una solicitud EtherNet/IP especialmente manipulada puede provocar la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una serie de solicitudes EtherNet/IP para activar esta vulnerabilidad."
}
],
"metrics": {

4
CVE-2024/CVE-2024-340xx/CVE-2024-34057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34057",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T19:15:40.777",
"lastModified": "2024-09-19T15:35:09.077",
"vulnStatus": "Received",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More