diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13317.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13317.json index 89211296065..80470526df8 100644 --- a/CVE-2017/CVE-2017-133xx/CVE-2017-13317.json +++ b/CVE-2017/CVE-2017-133xx/CVE-2017-13317.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." + }, + { + "lang": "es", + "value": "En HeifDecoderImpl::getScanline de HeifDecoderImpl.cpp, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para su explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13318.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13318.json index d8ad85643d7..aded5b467b1 100644 --- a/CVE-2017/CVE-2017-133xx/CVE-2017-13318.json +++ b/CVE-2017/CVE-2017-133xx/CVE-2017-13318.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." + }, + { + "lang": "es", + "value": "En HeifDataSource::readAt de HeifDecoderImpl.cpp, existe una posible lectura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda provocar la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para su explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9373.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9373.json index bc4c39f8cd9..6c674666a67 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9373.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9373.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En TdlsexRxFrameHandle del controlador MTK WLAN, existe una posible escritura fuera de los l\u00edmites debido a un neutra. Esto podr\u00eda provocar una escalada remota de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9378.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9378.json index 2ad3e1d4731..08470699bac 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9378.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9378.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En BnAudioPolicyService::onTransact de IAudioPolicyService.cpp, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a datos no inicializados. Esto podr\u00eda generar una divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2019/CVE-2019-137xx/CVE-2019-13720.json b/CVE-2019/CVE-2019-137xx/CVE-2019-13720.json index 5ff43e22af0..99bb406ea04 100644 --- a/CVE-2019/CVE-2019-137xx/CVE-2019-13720.json +++ b/CVE-2019/CVE-2019-137xx/CVE-2019-13720.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2019-11-25T15:15:33.887", "lastModified": "2024-11-21T04:25:34.420", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2019/CVE-2019-156xx/CVE-2019-15690.json b/CVE-2019/CVE-2019-156xx/CVE-2019-15690.json index 2594834c97e..628a67898c5 100644 --- a/CVE-2019/CVE-2019-156xx/CVE-2019-15690.json +++ b/CVE-2019/CVE-2019-156xx/CVE-2019-15690.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution." + }, + { + "lang": "es", + "value": "La versi\u00f3n 0.9.12 y anteriores de LibVNCServer contienen una vulnerabilidad de desbordamiento del b\u00fafer de mont\u00f3n dentro de la funci\u00f3n HandleCursorShape() en libvncclient/cursor.c. Un atacante env\u00eda formas de cursor con dimensiones manipulado especiales, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-170xx/CVE-2020-17087.json b/CVE-2020/CVE-2020-170xx/CVE-2020-17087.json index 7ee8f3c1f53..a06d502dd61 100644 --- a/CVE-2020/CVE-2020-170xx/CVE-2020-17087.json +++ b/CVE-2020/CVE-2020-170xx/CVE-2020-17087.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2020-11-11T07:15:18.997", "lastModified": "2024-11-21T05:07:47.513", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2020/CVE-2020-351xx/CVE-2020-35165.json b/CVE-2020/CVE-2020-351xx/CVE-2020-35165.json index f02ab2c3d15..41f239f6583 100644 --- a/CVE-2020/CVE-2020-351xx/CVE-2020-35165.json +++ b/CVE-2020/CVE-2020-351xx/CVE-2020-35165.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-05-22T06:15:09.317", "lastModified": "2024-11-21T05:26:53.077", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3978.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3978.json index 71964007c51..d34bf52b64d 100644 --- a/CVE-2021/CVE-2021-39xx/CVE-2021-3978.json +++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3978.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "When copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation." + }, + { + "lang": "es", + "value": "Al copiar archivos con rsync, octorpki utiliza el indicador \"-a\" 0, que obliga a rsync a copiar binarios con el bit suid establecido como root. Dado que la definici\u00f3n de servicio proporcionada tiene como valor predeterminado root (https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service), esto podr\u00eda permitir un vector, cuando se combina con otra vulnerabilidad que hace que octorpki procese un archivo TAL malicioso, para una escalada de privilegios local." } ], "metrics": { diff --git a/CVE-2021/CVE-2021-470xx/CVE-2021-47091.json b/CVE-2021/CVE-2021-470xx/CVE-2021-47091.json index b3206012a6a..07d9588c305 100644 --- a/CVE-2021/CVE-2021-470xx/CVE-2021-47091.json +++ b/CVE-2021/CVE-2021-470xx/CVE-2021-47091.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-04T18:15:07.670", "lastModified": "2024-11-21T06:35:22.760", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-470xx/CVE-2021-47098.json b/CVE-2021/CVE-2021-470xx/CVE-2021-47098.json index b450c6893e1..b00dcdb7e5c 100644 --- a/CVE-2021/CVE-2021-470xx/CVE-2021-47098.json +++ b/CVE-2021/CVE-2021-470xx/CVE-2021-47098.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-04T18:15:08.090", "lastModified": "2024-11-21T06:35:23.650", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47100.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47100.json index 80775c0fbd5..9e39761d5fe 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47100.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47100.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-04T18:15:08.267", "lastModified": "2024-11-21T06:35:23.917", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47101.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47101.json index eb62a339712..775a7929a04 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47101.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47101.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-04T18:15:08.450", "lastModified": "2024-11-21T06:35:24.037", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-472xx/CVE-2021-47223.json b/CVE-2021/CVE-2021-472xx/CVE-2021-47223.json index 28c61faaf6c..f653e88c287 100644 --- a/CVE-2021/CVE-2021-472xx/CVE-2021-47223.json +++ b/CVE-2021/CVE-2021-472xx/CVE-2021-47223.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T15:15:11.530", "lastModified": "2024-11-21T06:35:39.510", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-473xx/CVE-2021-47394.json b/CVE-2021/CVE-2021-473xx/CVE-2021-47394.json index 79e54c1d581..4d209551887 100644 --- a/CVE-2021/CVE-2021-473xx/CVE-2021-47394.json +++ b/CVE-2021/CVE-2021-473xx/CVE-2021-47394.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T15:15:24.710", "lastModified": "2024-11-21T06:36:03.317", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-474xx/CVE-2021-47405.json b/CVE-2021/CVE-2021-474xx/CVE-2021-47405.json index 07f289cb7e4..d99935427df 100644 --- a/CVE-2021/CVE-2021-474xx/CVE-2021-47405.json +++ b/CVE-2021/CVE-2021-474xx/CVE-2021-47405.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T15:15:26.030", "lastModified": "2024-11-21T06:36:04.693", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-474xx/CVE-2021-47462.json b/CVE-2021/CVE-2021-474xx/CVE-2021-47462.json index 471a992b25d..88cd4764f5b 100644 --- a/CVE-2021/CVE-2021-474xx/CVE-2021-47462.json +++ b/CVE-2021/CVE-2021-474xx/CVE-2021-47462.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-22T07:15:11.117", "lastModified": "2024-11-21T06:36:12.487", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-317xx/CVE-2022-31749.json b/CVE-2022/CVE-2022-317xx/CVE-2022-31749.json index b7ada83574a..a46a1626e4e 100644 --- a/CVE-2022/CVE-2022-317xx/CVE-2022-31749.json +++ b/CVE-2022/CVE-2022-317xx/CVE-2022-31749.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@rapid7.com", "published": "2025-01-28T00:15:06.487", "lastModified": "2025-01-28T00:15:06.487", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM appliances" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de argumentos en los comandos diagnose e import pac en WatchGuard Fireware OS anterior a 12.8.1, 12.1.4 y 12.5.10 permite que un atacante remoto autenticado con credenciales sin privilegios cargue o lea archivos en ubicaciones arbitrarias limitadas en los dispositivos WatchGuard Firebox y XTM" } ], "metrics": { diff --git a/CVE-2022/CVE-2022-33xx/CVE-2022-3365.json b/CVE-2022/CVE-2022-33xx/CVE-2022-3365.json index 1e391d4bbb8..d3d9d038796 100644 --- a/CVE-2022/CVE-2022-33xx/CVE-2022-3365.json +++ b/CVE-2022/CVE-2022-33xx/CVE-2022-3365.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved." + }, + { + "lang": "es", + "value": "Debido a la dependencia de un c\u00f3digo de sustituci\u00f3n trivial, enviado en texto plano, y la dependencia de una contrase\u00f1a predeterminada cuando el usuario no establece una contrase\u00f1a, los atacantes pueden abusar del servidor de mouse remoto de Emote Interactive para inyectar comandos del sistema operativo a trav\u00e9s del protocolo de control personalizado del producto. Se escribi\u00f3 y prob\u00f3 un m\u00f3dulo de Metasploit contra la versi\u00f3n 4.110, la versi\u00f3n actual cuando se reserv\u00f3 este CVE." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-439xx/CVE-2022-43916.json b/CVE-2022/CVE-2022-439xx/CVE-2022-43916.json index ada592acb46..19ac622fd5e 100644 --- a/CVE-2022/CVE-2022-439xx/CVE-2022-43916.json +++ b/CVE-2022/CVE-2022-439xx/CVE-2022-43916.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-30T12:15:26.867", "lastModified": "2025-01-30T14:15:29.990", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure." + }, + { + "lang": "es", + "value": "Los pods de IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6 y 12.7 no restringen la salida de la red para los pods que se utilizan para la infraestructura interna." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-470xx/CVE-2022-47090.json b/CVE-2022/CVE-2022-470xx/CVE-2022-47090.json index 30e291fdaef..f8048b01b75 100644 --- a/CVE-2022/CVE-2022-470xx/CVE-2022-47090.json +++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47090.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns" + }, + { + "lang": "es", + "value": "GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contiene un desbordamiento de b\u00fafer en la funci\u00f3n gf_vvc_read_pps_bs_internal de media_tools/av_parsers.c, se necesita una verificaci\u00f3n para num_exp_tile_columns" } ], "metrics": { diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48630.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48630.json index 57d9182e8eb..79acdcb210f 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48630.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48630.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-05T12:15:45.780", "lastModified": "2024-11-21T07:33:38.930", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-487xx/CVE-2022-48706.json b/CVE-2022/CVE-2022-487xx/CVE-2022-48706.json index 5e51ad80dbd..57730512d3b 100644 --- a/CVE-2022/CVE-2022-487xx/CVE-2022-48706.json +++ b/CVE-2022/CVE-2022-487xx/CVE-2022-48706.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:12.100", "lastModified": "2024-11-21T07:33:49.720", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-487xx/CVE-2022-48784.json b/CVE-2022/CVE-2022-487xx/CVE-2022-48784.json index 7bc82185191..e84192b2383 100644 --- a/CVE-2022/CVE-2022-487xx/CVE-2022-48784.json +++ b/CVE-2022/CVE-2022-487xx/CVE-2022-48784.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-16T12:15:03.427", "lastModified": "2024-11-21T07:34:01.003", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49043.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49043.json index ca9bb0932c9..88a78e18932 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49043.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49043.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free." + }, + { + "lang": "es", + "value": "xmlXIncludeAddNode en xinclude.c en libxml2 anterior a 2.11.0 tiene un use-after-free." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4975.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4975.json index 86742e59644..6df0ff9867f 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4975.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4975.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id=\"pdf-table\"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en el portal Red Hat Advanced Cluster Security (RHACS). Al representar una vista de tabla en el portal, por ejemplo, en cualquiera de los archivos /main/configmanagement/* endpoints, el front-end genera un elemento de tabla DOM (id=\"pdf-table\"). Esta informaci\u00f3n luego se completa con datos no desinfectada mediante innerHTML. Un atacante con cierto control sobre los datos representados puede desencadenar una vulnerabilidad de cross-site scripting (XSS)." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27112.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27112.json index 9c43640957a..8e35ae2bcce 100644 --- a/CVE-2023/CVE-2023-271xx/CVE-2023-27112.json +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27112.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-21T22:15:09.710", "lastModified": "2025-01-23T16:15:27.067", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27113.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27113.json index af01a08969a..43612bee3a1 100644 --- a/CVE-2023/CVE-2023-271xx/CVE-2023-27113.json +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27113.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-21T22:15:09.823", "lastModified": "2025-01-23T16:15:28.080", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29080.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29080.json index fbfda1e6a2c..f9afc401a34 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29080.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29080.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2\u00a0due to adding\u00a0InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability." + }, + { + "lang": "es", + "value": "Vulnerabilidad potencial de escalada de privilegios en las versiones 2022 R2 y 2021 R2 de Revenera InstallShield debido a la adici\u00f3n de una acci\u00f3n personalizada InstallScript a un proyecto MSI b\u00e1sico o MSI InstallScript que extrae algunos archivos binarios a una carpeta escribible predefinida durante el tiempo de instalaci\u00f3n. La cuenta de usuario est\u00e1ndar tiene acceso de escritura a estos archivos y carpetas, por lo que reemplazarlos durante el tiempo de instalaci\u00f3n puede provocar una vulnerabilidad de secuestro de DLL." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32340.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32340.json index 0a225f5ceae..b40840c24a5 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32340.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32340.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-23T03:15:08.290", "lastModified": "2025-01-23T03:15:08.290", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33838.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33838.json index 35aa3a97144..91c28ca6c8c 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33838.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33838.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Security Verify Governance 10.0.2 Identity Manager \n\nuses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input." + }, + { + "lang": "es", + "value": "IBM Security Verify Governance 10.0.2 Identity Manager utiliza un hash criptogr\u00e1fico unidireccional contra una entrada que no debe ser reversible, como una contrase\u00f1a, pero el producto no utiliza una sal como parte de la entrada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35017.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35017.json index 046144e8bd6..b3ae1e3c381 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35017.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35017.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques." + }, + { + "lang": "es", + "value": "IBM Security Verify Governance 10.0.2 Identity Manager puede transmitir credenciales de usuario en texto plano que un atacante podr\u00eda obtener mediante t\u00e9cnicas de intermediario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35907.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35907.json index 9a9b10c754f..95f35b3d2a4 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35907.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35907.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts." + }, + { + "lang": "es", + "value": "IBM Aspera Faspex 5.0.0 a 5.0.10 no requiere que los usuarios tengan contrase\u00f1as seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de usuario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36998.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36998.json index 3e25f467a10..62fd5a3a90f 100644 --- a/CVE-2023/CVE-2023-369xx/CVE-2023-36998.json +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36998.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:09.647", "lastModified": "2025-01-22T15:15:09.647", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37014.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37014.json index d10c74fc965..c8d072d585a 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37014.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37014.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:10.987", "lastModified": "2025-01-23T15:15:09.280", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37015.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37015.json index 7c1fd3ee39d..9647731aa79 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37015.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37015.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:11.100", "lastModified": "2025-01-22T15:15:11.100", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37016.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37016.json index 8314fc2eae6..76f03166278 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37016.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37016.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:11.207", "lastModified": "2025-01-22T15:15:11.207", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37017.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37017.json index 445a0a0a7a3..74411789bbe 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37017.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37017.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:11.310", "lastModified": "2025-01-22T15:15:11.310", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37018.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37018.json index 5c51421096b..bd7054a9c29 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37018.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37018.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:11.410", "lastModified": "2025-01-22T15:15:11.410", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37019.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37019.json index 0dce8ceb097..8e139f6e0f4 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37019.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37019.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:11.510", "lastModified": "2025-01-22T15:15:11.510", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37020.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37020.json index 8371ce73b85..612f6eb010a 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37020.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37020.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:11.613", "lastModified": "2025-01-22T15:15:11.613", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37021.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37021.json index e9da801beff..fd9a804e2e1 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37021.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37021.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:11.710", "lastModified": "2025-01-22T15:15:11.710", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37022.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37022.json index f11e711c18a..84abe02150a 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37022.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37022.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:11.817", "lastModified": "2025-01-23T15:15:09.430", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37023.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37023.json index c2a6fe5c981..66fbed142ca 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37023.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37023.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:11.913", "lastModified": "2025-01-22T15:15:11.913", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37398.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37398.json index 2b5b6537c37..3adcff97d60 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37398.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37398.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts." + }, + { + "lang": "es", + "value": "IBM Aspera Faspex 5.0.0 a 5.0.10 no requiere que los usuarios tengan contrase\u00f1as seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de usuario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37412.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37412.json index 904028710c8..9564af5e301 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37412.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37412.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls." + }, + { + "lang": "es", + "value": "IBM Aspera Faspex 5.0.0 a 5.0.10 podr\u00eda permitir que un usuario privilegiado realice cambios sistema sin los controles de acceso adecuados." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37413.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37413.json index e513241c963..5a5a8b31b24 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37413.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37413.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy." + }, + { + "lang": "es", + "value": "IBM Aspera Faspex 5.0.0 a 5.0.10 podr\u00edan revelar informaci\u00f3n confidencial del nombre de usuario debido a una discrepancia de respuesta observable." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38009.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38009.json index c43668cec3f..3e4606af588 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38009.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38009.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning." + }, + { + "lang": "es", + "value": "IBM Cognos Mobile Client 1.1 iOS puede ser vulnerable a la divulgaci\u00f3n de informaci\u00f3n mediante t\u00e9cnicas de intermediario (man in the middle) debido a la falta de fijaci\u00f3n de certificados." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38012.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38012.json index 6596efa273a..10d70962506 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38012.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38012.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system." + }, + { + "lang": "es", + "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1 y 2.3.4.0 podr\u00edan permitir que un atacante remoto recorra directorios en el directorio ra\u00edz sistema. Un atacante podr\u00eda enviar una solicitud de URL manipulado especial que contenga secuencias de \"punto punto\" (/../) para ver archivos arbitrarios sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38013.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38013.json index 188bc815a0f..77840592797 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38013.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38013.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 y 2.3.3.7 iFix1 podr\u00edan revelar informaci\u00f3n confidencial en respuestas HTTP que podr\u00eda ayudar en futuros ataques contra el tallo sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38271.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38271.json index 30723e6e8b9..f3e93a4476b 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38271.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38271.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could allow an authenticated user to obtain sensitive information from log files." + }, + { + "lang": "es", + "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 y 2.3.3.7 iFix1 podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n confidencial de los archivos de registro." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38713.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38713.json index a15ffda6a9f..e2dd1812327 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38713.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38713.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 y 2.3.3.7 iFix1 podr\u00edan revelar informaci\u00f3n confidencial sobre el tallo sistema que podr\u00eda ayudar en futuros ataques contra sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38714.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38714.json index 02a9fa4f480..bcf55ca81a9 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38714.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38714.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7 y 2.3.3.7 iFix1 podr\u00edan revelar informaci\u00f3n confidencial sobre el tallo sistema que podr\u00eda ayudar en futuros ataques contra sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38716.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38716.json index e50d7c3ef61..c18a7292c09 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38716.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38716.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1 y 2.3.4.0 podr\u00edan revelar informaci\u00f3n confidencial sobre el tallo sistema que podr\u00eda ayudar en futuros ataques contra sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46187.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46187.json index 22d7d341235..2e4ce483efe 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46187.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46187.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM InfoSphere Master Data Management 11.6, 12.0 y 14.0 es vulnerable a Cross-Site Scripting Almacenado. Esta vulnerabilidad permite a los usuarios incorporar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47159.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47159.json index 6e1164d00cc..6ce7652e312 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47159.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47159.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses." + }, + { + "lang": "es", + "value": "IBM Sterling File Gateway 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.1 podr\u00edan permitir que un usuario autenticado enumere nombres de usuario debido a una discrepancia observable en las respuestas de las solicitudes." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47188.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47188.json index 7d92560f23d..5a293b2a152 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47188.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47188.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-01-02T12:15:15.180", "lastModified": "2025-01-02T12:15:15.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47504.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47504.json index 98e19c64a07..3f4c1b61e70 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47504.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47504.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-24T16:15:07.913", "lastModified": "2024-11-21T08:30:21.103", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50309.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50309.json index 4053d221619..6e22c3ef998 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50309.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50309.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-23T03:15:08.573", "lastModified": "2025-01-23T03:15:08.573", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50316.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50316.json index 9efc68dc4ad..efd9c38bebb 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50316.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50316.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-28T01:15:08.410", "lastModified": "2025-01-28T01:15:08.410", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1\nis vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database." + }, + { + "lang": "es", + "value": "IBM Sterling B2B Integrator 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.1 es vulnerable a la inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar instrucciones SQL especialmente manipuladas, que podr\u00edan permitirle ver, agregar, modificar o eliminar informaci\u00f3n en la base de datos back-end." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50945.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50945.json index e72d09e6d72..32ddeec6a64 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50945.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50945.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user." + }, + { + "lang": "es", + "value": "IBM Common Licensing 9.0 almacena las credenciales de usuario en formato texto plano simple que puede ser le\u00eddo por un usuario local." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50946.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50946.json index c0920a76155..bf4b987c8fc 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50946.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50946.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism." + }, + { + "lang": "es", + "value": "IBM Common Licensing 9.0 podr\u00eda permitir que un usuario autenticado modifique un archivo de configuraci\u00f3n al que no deber\u00eda tener acceso debido a un mecanismo de autorizaci\u00f3n roto." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52292.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52292.json index d360f29c4cf..f2f94ebbaf8 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52292.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52292.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM Sterling File Gateway 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.3 es vulnerable a Cross-Site Scripting Almacenado. Esta vulnerabilidad permite a los usuarios incorporar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52583.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52583.json index fdda7230499..505a4029e33 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52583.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52583.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-06T07:15:06.553", "lastModified": "2024-11-21T08:40:07.307", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52638.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52638.json index 94a77f2ca53..8b70cd67623 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52638.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52638.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:51.417", "lastModified": "2024-11-21T08:40:15.537", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-527xx/CVE-2023-52780.json b/CVE-2023/CVE-2023-527xx/CVE-2023-52780.json index 38d5b4fc997..19e061a0223 100644 --- a/CVE-2023/CVE-2023-527xx/CVE-2023-52780.json +++ b/CVE-2023/CVE-2023-527xx/CVE-2023-52780.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:16.957", "lastModified": "2024-11-21T08:40:34.457", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-528xx/CVE-2023-52854.json b/CVE-2023/CVE-2023-528xx/CVE-2023-52854.json index ac4f4b11f28..fae7fd06ecf 100644 --- a/CVE-2023/CVE-2023-528xx/CVE-2023-52854.json +++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52854.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:22.377", "lastModified": "2024-11-21T08:40:43.647", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-528xx/CVE-2023-52857.json b/CVE-2023/CVE-2023-528xx/CVE-2023-52857.json index 961fe95087c..f474b630216 100644 --- a/CVE-2023/CVE-2023-528xx/CVE-2023-52857.json +++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52857.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:22.803", "lastModified": "2024-11-21T08:40:44.087", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-528xx/CVE-2023-52860.json b/CVE-2023/CVE-2023-528xx/CVE-2023-52860.json index 828056e6c9c..58fa41fa628 100644 --- a/CVE-2023/CVE-2023-528xx/CVE-2023-52860.json +++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52860.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:23.003", "lastModified": "2024-11-21T08:40:44.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5775.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5775.json index 55413279e7a..7cc1d30b0d0 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5775.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5775.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-02-26T16:27:49.230", "lastModified": "2024-11-21T08:42:27.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7060.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7060.json index 41f96bee49d..0d24b45e599 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7060.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7060.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-03-15T19:15:07.010", "lastModified": "2024-11-21T08:45:09.607", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7272.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7272.json index 90f1b8f642d..f764e8cc9dd 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7272.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7272.json @@ -3,7 +3,7 @@ "sourceIdentifier": "emo@eclipse.org", "published": "2024-07-17T15:15:10.457", "lastModified": "2024-11-21T08:45:38.900", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0131.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0131.json new file mode 100644 index 00000000000..a8c9f694539 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0131.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-0131", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2025-02-02T01:15:24.640", + "lastModified": "2025-02-02T01:15:24.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read \u00a0a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-805" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0135.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0135.json index 500540f6470..f7c65674220 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0135.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0135.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T03:15:07.283", "lastModified": "2025-01-28T03:15:07.283", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." + }, + { + "lang": "es", + "value": "NVIDIA Container Toolkit contiene una vulnerabilidad de aislamiento indebido en la que una imagen de contenedor manipulado especial podr\u00eda provocar la modificaci\u00f3n de un binario del host. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, la denegaci\u00f3n de servicio, la escalada de privilegios, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0136.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0136.json index d8aca7284cb..f21de2e7bdc 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0136.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0136.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T03:15:07.433", "lastModified": "2025-01-28T03:15:07.433", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." + }, + { + "lang": "es", + "value": "NVIDIA Container Toolkit contiene una vulnerabilidad de aislamiento inapropiado en la que una imagen de contenedor manipulado especial podr\u00eda provocar que un c\u00f3digo no confiable obtenga acceso de lectura y escritura a los dispositivos host. Esta vulnerabilidad solo est\u00e1 presente cuando NVIDIA Container Toolkit est\u00e1 configurado de una manera no predeterminada. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, la denegaci\u00f3n de servicio, la escalada de privilegios, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0137.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0137.json index 73b10665df4..d283c4470f7 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0137.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0137.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T03:15:07.567", "lastModified": "2025-01-28T03:15:07.567", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host\u2019s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges." + }, + { + "lang": "es", + "value": "NVIDIA Container Toolkit contiene una vulnerabilidad de aislamiento inapropiado en la que una imagen de contenedor manipulado especial podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo no confiable en el espacio de nombres de red del host. Esta vulnerabilidad solo est\u00e1 presente cuando NVIDIA Container Toolkit est\u00e1 configurado de una manera no predeterminada. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la denegaci\u00f3n de servicio y la escalada de privilegios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0140.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0140.json index d7b7dc02d8c..144883c4310 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0140.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0140.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T04:15:08.730", "lastModified": "2025-01-28T04:15:08.730", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure." + }, + { + "lang": "es", + "value": "NVIDIA RAPIDS contiene una vulnerabilidad en cuDF y cuML, donde un usuario podr\u00eda causar un problema de deserializaci\u00f3n de datos no confiables. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar ejecuci\u00f3n de c\u00f3digo, manipulaci\u00f3n de datos, denegaci\u00f3n de servicio y divulgaci\u00f3n de informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0146.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0146.json index 15dcf2ffda8..c556fc23687 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0146.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0146.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T04:15:09.447", "lastModified": "2025-01-28T04:15:09.447", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering." + }, + { + "lang": "es", + "value": "El software NVIDIA vGPU contiene una vulnerabilidad en el Administrador de GPU virtual, donde un invitado malintencionado podr\u00eda provocar da\u00f1os en la memoria. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la denegaci\u00f3n de servicio, la divulgaci\u00f3n de informaci\u00f3n o la manipulaci\u00f3n de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0147.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0147.json index dad9d40fe07..abf4e88384e 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0147.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0147.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T04:15:09.590", "lastModified": "2025-01-28T04:15:09.590", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering." + }, + { + "lang": "es", + "value": "El controlador de pantalla de la GPU NVIDIA para Windows y Linux contiene una vulnerabilidad donde hacer referencia a la memoria despu\u00e9s de haberla liberado puede provocar una denegaci\u00f3n de servicio o manipulaci\u00f3n de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0149.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0149.json index e4bedb9415e..78608b50591 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0149.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0149.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T04:15:09.733", "lastModified": "2025-01-28T04:15:09.733", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure." + }, + { + "lang": "es", + "value": "El controlador de pantalla de la GPU NVIDIA para Linux contiene una vulnerabilidad que podr\u00eda permitir a un atacante acceder sin autorizaci\u00f3n a los archivos. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda dar lugar a una divulgaci\u00f3n limitada de informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0150.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0150.json index 454f42cae9e..d77e29e055a 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0150.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0150.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T04:15:09.877", "lastModified": "2025-01-28T04:15:09.877", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering." + }, + { + "lang": "es", + "value": "El controlador de pantalla de la GPU NVIDIA para Windows y Linux contiene una vulnerabilidad en la que los datos se escriben despu\u00e9s del final o antes del comienzo de un b\u00fafer. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n, la denegaci\u00f3n de servicio o la manipulaci\u00f3n de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0157.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0157.json index b6efa697f28..d9f3ecf00d6 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0157.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0157.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-04-12T17:17:21.027", "lastModified": "2024-11-21T08:45:57.560", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0161.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0161.json index fb0bceb953b..d26dc56c017 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0161.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0161.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-03-13T16:15:10.143", "lastModified": "2024-11-21T08:45:58.623", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0162.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0162.json index 2b76c813b53..be0f146b924 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0162.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0162.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-03-13T17:15:46.617", "lastModified": "2024-11-21T08:45:58.750", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0172.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0172.json index 4f66ac7ed49..0049a47f78c 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0172.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0172.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-04-03T10:15:08.030", "lastModified": "2024-11-21T08:46:00.143", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0240.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0240.json index 5bf3d30efe8..31044fb6614 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0240.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0240.json @@ -3,7 +3,7 @@ "sourceIdentifier": "product-security@silabs.com", "published": "2024-02-15T21:15:08.673", "lastModified": "2024-11-21T08:46:07.790", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0740.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0740.json index 29138f16716..d7ce8f2d314 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0740.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0740.json @@ -3,7 +3,7 @@ "sourceIdentifier": "emo@eclipse.org", "published": "2024-04-26T10:15:10.960", "lastModified": "2024-11-21T08:47:15.553", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10001.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10001.json index 044bde36e9f..8389703fdb5 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10001.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10001.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This\u00a0enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens.\u00a0To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe.\u00a0This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled\u00a0identity property.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en GitHub Enterprise Server que permit\u00eda a los atacantes inyectar c\u00f3digo malicioso en el selector de consultas a trav\u00e9s de la propiedad de identidad en la funci\u00f3n de gesti\u00f3n de mensajes. Esto permiti\u00f3 la exfiltraci\u00f3n de datos confidenciales mediante la manipulaci\u00f3n de los tokens de autenticaci\u00f3n DOM, incluida. Para ejecutar el ataque, la v\u00edctima debe iniciar sesi\u00f3n en GitHub e interactuar con la p\u00e1gina web maliciosa controlada por el atacante que contiene el iframe oculto. Esta vulnerabilidad se produce debido a una secuencia incorrecta de validaci\u00f3n, donde la verificaci\u00f3n de origen se produce despu\u00e9s de aceptar la propiedad de identidad controlada por el usuario. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a 3.11.16, 3.12.10, 3.13.5, 3.14.2 y 3.15.0. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10026.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10026.json index 98bfee6e63e..425fb9a16e2 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10026.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10026.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances." + }, + { + "lang": "es", + "value": "Un algoritmo hash d\u00e9bil y tama\u00f1os peque\u00f1os de semillas/secretos en gVisor de Google permitieron a un atacante remoto calcular una direcci\u00f3n IP local y un identificador por arranque que podr\u00eda ayudar a rastrear un dispositivo en ciertas circunstancias." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10309.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10309.json index c7a600d0a7b..e7c96f51c20 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10309.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10309.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento Tracking Code Manager de WordPress anterior a la versi\u00f3n 2.4.0 no desinfecta ni escapa algunas de las configuraciones de su metabox al mostrarlas en la p\u00e1gina, lo que podr\u00eda permitir que los usuarios con un rol tan bajo como Colaborador realicen ataques de Cross-Site Scripting." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10324.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10324.json index ff0a6d0d1fc..9f1b2010fa7 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10324.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10324.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T14:15:30.837", "lastModified": "2025-01-24T14:15:30.837", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." + }, + { + "lang": "es", + "value": "El complemento RomethemeKit For Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.5.2 y incluida a trav\u00e9s de la funci\u00f3n register_controls en widgets/offcanvas-rometheme.php. Esto permite que atacantes autenticados, con acceso de nivel de colaborador o superior, extraigan datos confidenciales de plantillas privadas, pendientes y en borrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10552.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10552.json index ca8528e3334..8ddeafd1e3d 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10552.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10552.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Flexmls\u00ae IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018api_key\u2019 and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25." + }, + { + "lang": "es", + "value": "El complemento Flexmls\u00ae IDX Plugin para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los par\u00e1metros 'api_key' y 'api_secret' en todas las versiones hasta la 3.14.26 y incluida, debido a un escape de entrada desinfecci\u00f3n y salida insuficiente. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. La vulnerabilidad fue parcialmente corregida en la versi\u00f3n 3.14.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10574.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10574.json index ed1760ca09a..d363d33d3b4 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10574.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10574.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Because the 'client_id' parameter is not sanitized or escaped when used in output, this vulnerability could also be leveraged to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "Los complementos Quiz Maker Business, Developer y Agency para WordPress son vulnerables a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n 'ays_save_google_credentials' en todas las versiones hasta incluida, 8.8.0 (Business), hasta incluidag, 21.8.0 (Developer) y hasta incluidang, 31.8.0 (Agency). Esto permite que atacantes no autenticados modifiquen las credenciales de integraci\u00f3n de Google Sheets dentro de la configuraci\u00f3n del complemento. Debido a que el par\u00e1metro 'client_id' no se desinfecta ni se escapa cuando se usa en la salida, esta vulnerabilidad tambi\u00e9n podr\u00eda aprovecharse para inyectar scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10591.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10591.json index 069be7fa492..0d2db9a888c 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10591.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10591.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T14:15:30.737", "lastModified": "2025-01-30T14:15:30.737", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MWB HubSpot for WooCommerce \u2013 CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates() function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." + }, + { + "lang": "es", + "value": "El complemento HubSpot for WooCommerce \u2013 CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics de MWB para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos que puede provocar una escalada de privilegios debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n hubwoo_save_updates() en todas las versiones hasta la 1.5.9 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, actualicen opciones arbitrarias en el sitio de WordPress. Esto se puede aprovechar para actualizar el rol predeterminado para el registro como administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso de usuario administrativo a un sitio vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10603.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10603.json index 70aeeb3de25..51f3ae5fd1d 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10603.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10603.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances." + }, + { + "lang": "es", + "value": "Las debilidades en la generaci\u00f3n de puertos de origen TCP/UDP y algunos otros valores de encabezado en gVisor de Google permitieron que un atacante externo pudiera predecirlos en algunas circunstancias." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10604.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10604.json index b08eb77b10e..0bd420f7cc0 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10604.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10604.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances" + }, + { + "lang": "es", + "value": "Las vulnerabilidades en los algoritmos utilizados por Fuchsia para completar los campos de encabezado del protocolo de red, espec\u00edficamente TCP ISN, TCP timestamp, puertos de origen TCP y UDP y el ID de fragmento IPv4/IPv6 permiten adivinar estos valores en determinadas circunstancias." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10628.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10628.json index 117cc0d6605..9439358fc79 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10628.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10628.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "Los complementos Quiz Maker Business, Developer y Agency para WordPress son vulnerables a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro \"id\" en todas las versiones hasta incluida, 8.8.0 (Business), hasta incluidag, 21.8.0 (Developer) y hasta incluidang, 31.8.0 (Agency) debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10633.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10633.json index 9c94f4a8893..7399ef08ef5 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10633.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10633.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + }, + { + "lang": "es", + "value": "Los complementos Quiz Maker Business, Developer y Agency para WordPress son vulnerables a la ejecuci\u00f3n de c\u00f3digos cortos arbitrarios en todas las versiones hasta incluida, 8.8.0 (Business), hasta incluidag, 21.8.0 (Developer) y hasta incluidang, 31.8.0 (Agency). Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10636.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10636.json index c577efd0856..82e9af50a6f 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10636.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10636.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "Los complementos Quiz Maker Business, Developer y Agency para WordPress son vulnerables a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'content' en todas las versiones hasta incluida, 8.8.0 (Business), hasta incluidag, 21.8.0 (Developer) y hasta incluidang, 31.8.0 (Agency) debido a un escape de entrada desinfecci\u00f3n y de salida insuficiente. Esto permite que atacantes no autenticados inyecten scripts web arbitraria en p\u00e1ginas que se ejecutan si pueden enga\u00f1ar con \u00e9xito a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10705.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10705.json index 2cc81e99b96..171dc2ef56a 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10705.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10705.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + }, + { + "lang": "es", + "value": "El complemento Multiple Page Generator Plugin \u2013 MPG para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 4.0.5 y incluida a trav\u00e9s de la funci\u00f3n 'mpg_download_file_by_link'. Esto permite que atacantes autenticados, con acceso de nivel de editor o superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y se pueden usar para consultar y modificar informaci\u00f3n de servicios internos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10847.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10847.json index 8211d3b6072..7bff3cb57a6 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10847.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10847.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T14:15:30.893", "lastModified": "2025-01-30T14:15:30.893", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El tema Storely para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de un nombre de visualizaci\u00f3n malicioso en todas las versiones hasta la 16.6 y incluida, debido a un escape de entrada desinfecci\u00f3n y de salida insuficiente. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10929.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10929.json index 34e5e3e525a..1d44c6e4ebf 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10929.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10929.json @@ -3,7 +3,7 @@ "sourceIdentifier": "arm-security@arm.com", "published": "2025-01-22T16:15:28.790", "lastModified": "2025-01-22T16:15:28.790", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1041.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1041.json index 661c8c485ab..88246e10efc 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1041.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1041.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-04-10T05:15:47.820", "lastModified": "2024-11-21T08:49:39.917", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11036.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11036.json index 667f942ea7d..71f590fd06e 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11036.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11036.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T11:15:04.343", "lastModified": "2024-11-19T21:57:32.967", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11090.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11090.json index b2a4b20cdf9..0c123758435 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11090.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11090.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator." + }, + { + "lang": "es", + "value": "El complemento Membership Plugin \u2013 Restrict Content para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 3.2.13 y incluida, a trav\u00e9s de la funci\u00f3n de b\u00fasqueda principal de WordPress. Esto permite que atacantes no autenticados extraigan datos confidenciales de publicaciones que han sido restringidas a roles de nivel superior, como el de administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11166.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11166.json index ca1017eaba6..1f4d7f764f8 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11166.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11166.json @@ -3,7 +3,7 @@ "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-01-22T19:15:09.890", "lastModified": "2025-01-22T19:15:09.890", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11187.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11187.json index 1f908674eaa..d6bfd37122b 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11187.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11187.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1." + }, + { + "lang": "es", + "value": "Es posible construir una zona de manera que algunas consultas generen respuestas que contengan numerosos registros en la secci\u00f3n Adicional. Un atacante que env\u00ede muchas consultas de este tipo puede provocar que el servidor autorizado o un solucionador independiente utilicen recursos desproporcionados para procesar las consultas. Por lo general, ser\u00e1 necesario que las zonas hayan sido deliberadamente manipulado para atacar esta exposici\u00f3n. Este problema afecta a las versiones de BIND 9 9.11.0 a 9.11.37, 9.16.0 a 9.16.50, 9.18.0 a 9.18.32, 9.20.0 a 9.20.4, 9.21.0 a 9.21.3, 9.11.3-S1 a 9.11.37-S1, 9.16.8-S1 a 9.16.50-S1 y 9.18.11-S1 a 9.18.32-S1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11263.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11263.json index 3cd6780f1ca..13cf7959df5 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11263.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11263.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-11-15T23:15:10.557", "lastModified": "2024-11-18T17:11:17.393", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11348.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11348.json index 81f62bd76fa..3b2c53c5510 100644 --- a/CVE-2024/CVE-2024-113xx/CVE-2024-11348.json +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11348.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cvd@cert.pl", "published": "2025-01-27T14:15:27.973", "lastModified": "2025-01-27T14:15:27.973", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Eura7 CMSmanager in version 4.6 and below\u00a0is vulnerable to Reflected XSS attacks through manipulation of\u00a0return GET request parameter sent to a specific\u00a0endpoint.\nThe vulnerability has been fixed by a patche\u00a0patch 17012022 addressing all affected versions in use." + }, + { + "lang": "es", + "value": "Eura7 CMSmanager en la versi\u00f3n 4.6 y anteriores es vulnerable a ataques XSS reflejados mediante la manipulaci\u00f3n del par\u00e1metro de solicitud GET de retorno enviado a un endpoint espec\u00edfico. La vulnerabilidad ha sido corregida mediante un parche 17012022 que aborda todas las versiones afectadas en uso. " } ], "metrics": { diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11609.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11609.json index bb340136bcd..802cec4c2be 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11609.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11609.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24772." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en pila de an\u00e1lisis de archivos de AutomationDirect C-More EA9 EAP9. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de AutomationDirect C-More EA9. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos EAP9. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24772." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11610.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11610.json index 5143fa876b9..b8b63b1e220 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11610.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11610.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24773." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos de AutomationDirect C-More EA9 EAP9. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de AutomationDirect C-More EA9. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos EAP9. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24773." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11611.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11611.json index 41bd65a830b..d4159d09130 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11611.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11611.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24774." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos de AutomationDirect C-More EA9 EAP9. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de AutomationDirect C-More EA9. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos EAP9. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24774. Era ZDI-CAN-24774." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-116xx/CVE-2024-11641.json b/CVE-2024/CVE-2024-116xx/CVE-2024-11641.json index ed666ad2fd3..aff4468e6b6 100644 --- a/CVE-2024/CVE-2024-116xx/CVE-2024-11641.json +++ b/CVE-2024/CVE-2024-116xx/CVE-2024-11641.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento VikBooking Hotel Booking Engine & PMS para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.7.2 y incluida. Esto se debe a una validaci\u00f3n de nonce incorrecta o faltante en la funci\u00f3n \"guardar\". Esto hace posible que atacantes no autenticados cambien los privilegios de acceso del complemento a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace. Una explotaci\u00f3n exitosa permite a los atacantes con privilegios de suscriptor y superiores cargar archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-118xx/CVE-2024-11825.json b/CVE-2024/CVE-2024-118xx/CVE-2024-11825.json index 6b6815f98db..e51d35af3b2 100644 --- a/CVE-2024/CVE-2024-118xx/CVE-2024-11825.json +++ b/CVE-2024/CVE-2024-118xx/CVE-2024-11825.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018zone\u2019 parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Broadstreet para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro \u2018zone\u2019 en todas las versiones hasta la 1.50.3 y incluida, debido a un escape de entrada desinfecci\u00f3n y salida insuficiente. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11913.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11913.json index 0b8aa18afb0..2a291c8503e 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11913.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11913.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T14:15:31.117", "lastModified": "2025-01-24T14:15:31.117", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + }, + { + "lang": "es", + "value": "El complemento Activity Plus Reloaded para BuddyPress para WordPress es vulnerable a Blind Server-Side Request Forgery en todas las versiones hasta incluida, 1.1.1 a trav\u00e9s de la funci\u00f3n 'ajax_preview_link'. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y se pueden usar para consultar y modificar informaci\u00f3n de servicios internos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11931.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11931.json index 0d0ee47cc3c..4b2ea14246f 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11931.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11931.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@gitlab.com", "published": "2025-01-24T03:15:06.590", "lastModified": "2025-01-24T03:15:06.590", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11936.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11936.json index ea693c01927..f8423a17dc5 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11936.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11936.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." + }, + { + "lang": "es", + "value": "El tema Zox News para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos que puede provocar una escalada de privilegios debido a una falta de comprobaci\u00f3n de la capacidad de las funciones 'backup_options' y 'restore_options' en todas las versiones hasta la 3.16.0 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias en el sitio de WordPress. Esto se puede aprovechar para actualizar el rol predeterminado para el registro como administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso de usuario administrativo a un sitio vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11954.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11954.json index 7b5b2ff4a7a..45a5423d093 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11954.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11954.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "En Pimcore 11.4.2 se ha detectado una vulnerabilidad clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente Search Document. La manipulaci\u00f3n conduce a la ejecuci\u00f3n de Cross Site Scripting b\u00e1sica. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11956.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11956.json index 0e0d12050a2..112afc37242 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11956.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11956.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en Pimcore customer-data-framework hasta la versi\u00f3n 4.2.0. Este problema afecta a algunas funciones desconocidas del archivo /admin/customermanagementframework/customers/list. La manipulaci\u00f3n del argumento filterDefinition/filter provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 4.2.1 puede solucionar este problema. Se recomienda actualizar el componente afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12043.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12043.json index 788a8cf69c3..77b6ccd47a3 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12043.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12043.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-23T11:15:09.147", "lastModified": "2025-01-23T11:15:09.147", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12076.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12076.json index c8321a5777d..3da4100d263 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12076.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12076.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the resync_carousel(), seek_snapshot(), uploaded_cc(), and remove_cc() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Target Video Easy Publish para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.8.3 y incluida. Esto se debe a una validaci\u00f3n de nonce incorrecta o faltante en las funciones resync_carousel(), seek_snapshot(), uploaded_cc() y remove_cc(). Esto hace posible que atacantes no autenticados inyecten scripts web maliciosa a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12113.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12113.json index 8f09a8c2a0c..941f084c938 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12113.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12113.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's reviews." + }, + { + "lang": "es", + "value": "El complemento Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en las funciones delete_user_review() y delete_review() en todas las versiones hasta la 1.3.2 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen las rese\u00f1as de otros usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12129.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12129.json index c2feb9a66ae..dbe1bcc17a3 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12129.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12129.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T14:15:31.530", "lastModified": "2025-01-30T14:15:31.530", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." + }, + { + "lang": "es", + "value": "El complemento Royal Core para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos que puede provocar una escalada de privilegios debido a una falta de comprobaci\u00f3n de capacidad en la funci\u00f3n 'royal_restore_backup' en todas las versiones hasta la 2.9.2 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias en el sitio de WordPress. Esto se puede aprovechar para actualizar el rol predeterminado para el registro como administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso de usuario administrativo a un sitio vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12163.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12163.json index 308863e95f4..5896039a4bb 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12163.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12163.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads." + }, + { + "lang": "es", + "value": "El complemento goodlayers-core de WordPress anterior a la versi\u00f3n 2.1.3 permite a los usuarios con rol de suscriptor o superior cargar SVG que contengan payloads maliciosos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12321.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12321.json index 45e6cce9534..a79307caa0d 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12321.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12321.json @@ -3,12 +3,16 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2025-01-27T06:15:22.473", "lastModified": "2025-01-27T21:15:11.763", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." + }, + { + "lang": "es", + "value": "El complemento WC Affiliate de WordPress hasta la versi\u00f3n 2.3.9 no desinfecta ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera una Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios altos, como el administrador. " } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12334.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12334.json index 9893d597fb4..6bcb8c164ab 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12334.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12334.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The WC Affiliate \u2013 A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento WC Affiliate \u2013 A Complete WooCommerce Affiliate Plugin para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s de cualquier par\u00e1metro en todas las versiones hasta la 2.4 y incluida, debido a un escape de entrada desinfecci\u00f3n y de salida insuficiente. Esto hace posible que atacantes no autenticados inyecten scripts web arbitraria en p\u00e1ginas que se ejecutan si logran enga\u00f1ar con \u00e9xito a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12345.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12345.json index 30357445372..110fbf6724f 100644 --- a/CVE-2024/CVE-2024-123xx/CVE-2024-12345.json +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12345.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. It is possible to launch the attack on the local host. Other endpoints might be affected as well." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en INW Krbyyyzo 25.2002. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /gbo.aspx del componente Daily Huddle Site. La manipulaci\u00f3n del argumento s provoca el consumo de recursos. Es posible lanzar el ataque en el host local. Otros endpoints tambi\u00e9n podr\u00edan verse afectados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12400.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12400.json index 7bfd8b0896c..a3dbb9ec7b2 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12400.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12400.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting." + }, + { + "lang": "es", + "value": "El complemento tourmaster de WordPress anterior a la versi\u00f3n 5.3.5 no escapa de las URL generadas antes de mostrarlas en atributos, lo que genera Cross-Site Scripting Reflejado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12409.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12409.json index c10d1414cea..f9c61a682be 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12409.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12409.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T11:15:09.590", "lastModified": "2025-01-30T14:15:32.353", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Simple:Press Forum para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 's' en todas las versiones hasta la 6.10.11 y incluida, debido a un escape de entrada desinfecci\u00f3n y de salida insuficiente. Esto permite que atacantes no autenticados inyecten scripts web arbitraria en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12436.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12436.json index 4757623bb2f..cb7dd7fefee 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12436.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12436.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks" + }, + { + "lang": "es", + "value": "El complemento WP Customer Area de WordPress hasta la versi\u00f3n 8.2.4 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados realicen acciones no deseadas a trav\u00e9s de ataques CSRF." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12477.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12477.json index 7a1c7b83480..a84b3798860 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12477.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12477.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-22T22:15:08.683", "lastModified": "2025-01-22T22:15:08.683", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12494.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12494.json index 793f0e427b9..fb91847d44c 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12494.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12494.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T10:15:07.457", "lastModified": "2025-01-24T10:15:07.457", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12512.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12512.json index 31729f2291a..9d12fa335aa 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12512.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12512.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'askmeanythingpeople' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Ask Me Anything (Anonymously) para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'askmeanythingpeople' del complemento en todas las versiones hasta la 1.6 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12524.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12524.json index e0ab7e89cb5..fc178f9e5da 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12524.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12524.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T11:15:10.840", "lastModified": "2025-01-30T11:15:10.840", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Clinked Client Portal para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'clinked-login-button' del complemento en todas las versiones hasta la 1.9 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en las p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12529.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12529.json index 401f1b29459..8118ab4956c 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12529.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12529.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento brodos.net Onlineshop Plugin para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'BrodosCategory' del complemento en todas las versiones hasta la 2.0.2 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12539.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12539.json index b3488f82550..fbcb70a849c 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12539.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12539.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2024-12-17T21:15:07.183", "lastModified": "2024-12-17T21:15:07.183", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12600.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12600.json index 07373a3d26d..714ee3ed19e 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12600.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12600.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + }, + { + "lang": "es", + "value": "El complemento Custom Product Tabs Lite para WooCommerce para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 1.9.0 y incluida, mediante la deserializaci\u00f3n de la entrada no confiable del par\u00e1metro 'frs_woo_product_tabs'. Esto permite que atacantes autenticados, con acceso de nivel de administrador de tienda y superior, inyecten un objeto PHP. No hay ninguna cadena POP presente en el software vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12638.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12638.json index 2ec810abec0..361176aaf98 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12638.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12638.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." + }, + { + "lang": "es", + "value": "El complemento Bulk Me Now! de WordPress hasta la versi\u00f3n 2.0 no desinfecta ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera una Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12647.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12647.json index e6c386952d3..d488a3e775b 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12647.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12647.json @@ -3,12 +3,16 @@ "sourceIdentifier": "f98c90f0-e9bd-4fa7-911b-51993f3571fd", "published": "2025-01-28T01:15:08.560", "lastModified": "2025-01-28T01:15:08.560", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe." + }, + { + "lang": "es", + "value": "Desbordamiento de b\u00fafer en el procesamiento de descarga de fuentes CPCA de impresoras multifunci\u00f3n para peque\u00f1as oficinas e impresoras l\u00e1ser (*) que puede permitir que un atacante en el segmento de red provoque que el producto afectado deje de responder o ejecute c\u00f3digo arbitrario. *: Firmware v05.04 y anteriores de Satera MF656Cdw/Satera MF654Cdw vendido en Jap\u00f3n. Firmware v05.04 y anteriores de Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw vendido en EE. UU. Firmware v05.04 y anteriores de i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw vendidos en Europa." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12648.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12648.json index 2cdecd1553b..1b35258cd0a 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12648.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12648.json @@ -3,12 +3,16 @@ "sourceIdentifier": "f98c90f0-e9bd-4fa7-911b-51993f3571fd", "published": "2025-01-28T01:15:08.700", "lastModified": "2025-01-28T01:15:08.700", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe." + }, + { + "lang": "es", + "value": "Desbordamiento de b\u00fafer en el procesamiento de etiquetas EXIF ??de datos TIFF de impresoras multifunci\u00f3n para peque\u00f1as oficinas e impresoras l\u00e1ser (*) que puede permitir que un atacante en el segmento de red provoque que el producto afectado deje de responder o ejecute c\u00f3digo arbitrario. *: Firmware v05.04 y anteriores de Satera MF656Cdw/Satera MF654Cdw vendido en Jap\u00f3n. Firmware v05.04 y anteriores de Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw vendido en EE. UU. Firmware v05.04 y anteriores de i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw vendidos en Europa." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12649.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12649.json index 9d935319030..53b78a64817 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12649.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12649.json @@ -3,12 +3,16 @@ "sourceIdentifier": "f98c90f0-e9bd-4fa7-911b-51993f3571fd", "published": "2025-01-28T01:15:08.823", "lastModified": "2025-01-28T01:15:08.823", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe." + }, + { + "lang": "es", + "value": "Desbordamiento de b\u00fafer en el procesamiento de fuentes de datos XPS de impresoras multifunci\u00f3n para peque\u00f1as oficinas e impresoras l\u00e1ser (*) que puede permitir que un atacante en el segmento de red provoque que el producto afectado deje de responder o ejecute c\u00f3digo arbitrario. *: Firmware v05.04 y anteriores de Satera MF656Cdw/Satera MF654Cdw vendido en Jap\u00f3n. Firmware v05.04 y anteriores de Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw vendido en EE. UU. Firmware v05.04 y anteriores de i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw vendidos en Europa." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12705.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12705.json index cc06a5d1189..8537ae1ea17 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12705.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12705.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1." + }, + { + "lang": "es", + "value": "Los clientes que utilizan DNS sobre HTTPS (DoH) pueden agotar la CPU o la memoria de un solucionador de DNS inund\u00e1ndolo con tr\u00e1fico HTTP/2 v\u00e1lido o no v\u00e1lido manipulado. Este problema afecta a las versiones de BIND 9 9.18.0 a 9.18.32, 9.20.0 a 9.20.4, 9.21.0 a 9.21.3 y 9.18.11-S1 a 9.18.32-S1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12708.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12708.json index 613cb449505..e6793b73837 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12708.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12708.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento Bulk Me Now! de WordPress hasta la versi\u00f3n 2.0 no valida ni escapa algunos de los atributos de su c\u00f3digo corto antes de mostrarlos nuevamente en una p\u00e1gina o publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir que los usuarios con el rol de colaborador y superior realicen ataques Cross-Site Scripting Almacenado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12709.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12709.json index 36dcf640b84..742ba704954 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12709.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12709.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks." + }, + { + "lang": "es", + "value": "El complemento Bulk Me Now! de WordPress hasta la versi\u00f3n 2.0 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados realicen acciones no deseadas mediante ataques CSRF." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12723.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12723.json index 08731317d32..79839e4da3d 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12723.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12723.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." + }, + { + "lang": "es", + "value": "El complemento Infility Global para WordPress hasta la versi\u00f3n 2.9.8 no desinfecta ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera una Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios altos, como el administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12740.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12740.json index 7341a2d6318..904caa3bbb3 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12740.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12740.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file." + }, + { + "lang": "es", + "value": "El software de visi\u00f3n de NI utiliz\u00f3 un librer\u00eda de terceros para el procesamiento de im\u00e1genes que expone varias vulnerabilidades. Estas vulnerabilidades pueden provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Para explotarlas con \u00e9xito, un atacante debe conseguir que un usuario abra un archivo manipulado especial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12749.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12749.json index 52d9a3021ce..4d43ec17f7b 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12749.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12749.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." + }, + { + "lang": "es", + "value": "El complemento Competition Form de WordPress hasta la versi\u00f3n 2.0 no desinfecta ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera una Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios altos, como el administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12773.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12773.json index 83af2fabb07..e53f9864774 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12773.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12773.json @@ -3,12 +3,16 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2025-01-27T06:15:22.747", "lastModified": "2025-01-27T17:15:15.290", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks" + }, + { + "lang": "es", + "value": "El complemento Altra Side Menu de WordPress hasta la versi\u00f3n 2.0 no desinfecta ni escapa un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que permite a los administradores realizar ataques de inyecci\u00f3n SQL. " } ], "metrics": { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12774.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12774.json index 0b5925cc402..5dfa4026ee9 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12774.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12774.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack" + }, + { + "lang": "es", + "value": "El complemento Altra Side Menu de WordPress hasta la versi\u00f3n 2.0 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los administradores que hayan iniciado sesi\u00f3n eliminen un men\u00fa arbitrario mediante un ataque CSRF." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12807.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12807.json index 0ae08de6a7d..41e8b1f7edb 100644 --- a/CVE-2024/CVE-2024-128xx/CVE-2024-12807.json +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12807.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "El complemento Social Share Buttons para WordPress 2.7 no desinfecta ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir que usuarios con altos privilegios como el administrador realicen ataques Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12816.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12816.json index c52e87d8178..65f2a64b92d 100644 --- a/CVE-2024/CVE-2024-128xx/CVE-2024-12816.json +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12816.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento NOTICE BOARD BY TOWKIR para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'notice-board' del complemento en todas las versiones hasta la 3.1 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12817.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12817.json index 1d31da0998c..90bdf65e63a 100644 --- a/CVE-2024/CVE-2024-128xx/CVE-2024-12817.json +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12817.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_link' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Etsy Importer para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'product_link' del complemento en todas las versiones hasta la 1.4.2 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12821.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12821.json index 5ea9c5fcc58..3af16db3821 100644 --- a/CVE-2024/CVE-2024-128xx/CVE-2024-12821.json +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12821.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T14:15:32.843", "lastModified": "2025-01-30T14:15:32.843", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media() function in all versions up to, and including, 3.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." + }, + { + "lang": "es", + "value": "El complemento Media Manager for UserPro para WordPress es vulnerable a modificaciones no autorizadas de datos que pueden provocar una escalada de privilegios debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n upm_upload_media() en todas las versiones hasta la 3.12.0 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias en el sitio de WordPress. Esto se puede aprovechar para actualizar el rol predeterminado para el registro como administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso de usuario administrativo a un sitio vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12822.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12822.json index 8dc73a64cde..11ebc5e36a1 100644 --- a/CVE-2024/CVE-2024-128xx/CVE-2024-12822.json +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12822.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T14:15:33.017", "lastModified": "2025-01-30T14:15:33.017", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." + }, + { + "lang": "es", + "value": "El complemento Media Manager for UserPro para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos que puede provocar una escalada de privilegios debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n add_capto_img() en todas las versiones hasta la 3.11.0 y incluida. Esto permite que atacantes no autenticados actualicen opciones arbitrarias en el sitio de WordPress. Esto se puede aprovechar para actualizar la funci\u00f3n predeterminada de registro a administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso de usuario administrativo a un sitio vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12826.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12826.json index 911c24841a7..e9bb3cc9c5f 100644 --- a/CVE-2024/CVE-2024-128xx/CVE-2024-12826.json +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12826.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings." + }, + { + "lang": "es", + "value": "El complemento GoHero Store Customizer para WooCommerce para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n wooh_action_settings_save_frontend() en todas las versiones hasta la 3.5 y incluida. Esto permite que atacantes no autenticados actualicen configuraciones limitadas del complemento." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12885.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12885.json index f53f5889b4b..cba2978ba0b 100644 --- a/CVE-2024/CVE-2024-128xx/CVE-2024-12885.json +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12885.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content." + }, + { + "lang": "es", + "value": "El complemento Connections Business Directory para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de directorios debido a una validaci\u00f3n insuficiente de la ruta de archivo al eliminar un directorio de im\u00e1genes de Connections en todas las versiones hasta la 10.4.66 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de administrador o superior, eliminen carpetas arbitrarias en el servidor y todo su contenido." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-129xx/CVE-2024-12921.json b/CVE-2024/CVE-2024-129xx/CVE-2024-12921.json index 4437cfe1c47..4ab8aae1b4c 100644 --- a/CVE-2024/CVE-2024-129xx/CVE-2024-12921.json +++ b/CVE-2024/CVE-2024-129xx/CVE-2024-12921.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T06:15:29.653", "lastModified": "2025-01-30T06:15:29.653", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento EthereumICO para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado ethereum-ico del complemento en todas las versiones hasta la 2.4.6 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-129xx/CVE-2024-12957.json b/CVE-2024/CVE-2024-129xx/CVE-2024-12957.json index 46dce7a30bb..635a5eef839 100644 --- a/CVE-2024/CVE-2024-129xx/CVE-2024-12957.json +++ b/CVE-2024/CVE-2024-129xx/CVE-2024-12957.json @@ -3,7 +3,7 @@ "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "published": "2025-01-23T10:15:06.867", "lastModified": "2025-01-23T10:15:06.867", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13052.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13052.json index 33beaf66cd7..5c50d3e7ebf 100644 --- a/CVE-2024/CVE-2024-130xx/CVE-2024-13052.json +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13052.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." + }, + { + "lang": "es", + "value": "El complemento Dental Optimizer Patient Generator App de WordPress hasta la versi\u00f3n 1.0 no desinfecta ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera una Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios altos, como el administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13055.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13055.json index ab6a708e309..9b4099714ef 100644 --- a/CVE-2024/CVE-2024-130xx/CVE-2024-13055.json +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13055.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." + }, + { + "lang": "es", + "value": "El complemento Dyn Business Panel para WordPress hasta la versi\u00f3n 1.0.0 no desinfecta ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera una Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios altos, como el administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13056.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13056.json index 8de224576fe..ce15d970cb7 100644 --- a/CVE-2024/CVE-2024-130xx/CVE-2024-13056.json +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13056.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." + }, + { + "lang": "es", + "value": "El complemento Dyn Business Panel para WordPress hasta la versi\u00f3n 1.0.0 no desinfecta ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera una Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios altos, como el administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13057.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13057.json index 460895ef68c..9a168b876e2 100644 --- a/CVE-2024/CVE-2024-130xx/CVE-2024-13057.json +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13057.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." + }, + { + "lang": "es", + "value": "El complemento Dyn Business Panel para WordPress hasta la versi\u00f3n 1.0.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue XSS almacenado payloads a trav\u00e9s de un ataque CSRF." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13094.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13094.json index e33e3afdb44..005e2b86eb2 100644 --- a/CVE-2024/CVE-2024-130xx/CVE-2024-13094.json +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13094.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." + }, + { + "lang": "es", + "value": "El complemento WP Triggers Lite para WordPress hasta la versi\u00f3n 2.5.3 no desinfecta ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera una Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios altos, como el administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13116.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13116.json index 87a62312d08..0125f80f0f9 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13116.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13116.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "El complemento Crelly Slider para WordPress anterior a la versi\u00f3n 1.4.7 no desinfecta ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir que usuarios con privilegios elevados como el administrador realicen ataques Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13117.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13117.json index 32f1a9a58db..f127826d76d 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13117.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13117.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded" + }, + { + "lang": "es", + "value": "El complemento Social Share Buttons de WordPress hasta la versi\u00f3n 2.7 permite que un usuario no autenticado cargue im\u00e1genes arbitrarias y cambie la ruta donde se cargan." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13234.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13234.json index f2fe397a74d..461e58a19cd 100644 --- a/CVE-2024/CVE-2024-132xx/CVE-2024-13234.json +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13234.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-23T11:15:10.373", "lastModified": "2025-01-23T11:15:10.373", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13335.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13335.json index a2a74efed3b..cd0ac2160d9 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13335.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13335.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T11:15:07.973", "lastModified": "2025-01-24T11:15:07.973", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Spexo Addons for Elementor \u2013 Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme." + }, + { + "lang": "es", + "value": "El complemento Spexo Addons for Elementor \u2013 Free Elementor Addons, Widgets and Templates para WordPress es vulnerable al acceso no autorizado debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n tmpcoder_theme_install_func() en todas las versiones hasta la 1.0.14 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, instalen un tema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13354.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13354.json index 5e0a6833a70..15b31458e4d 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13354.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13354.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T11:15:08.887", "lastModified": "2025-01-24T11:15:08.887", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Responsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates para WordPress son vulnerables a Cross-Site Scripting Almacenado a trav\u00e9s de etiquetas HTML en varios widgets en todas las versiones hasta incluida, 1.6.4 debido a un escape de entrada desinfecci\u00f3n y salida insuficiente. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13368.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13368.json index ed2255f949d..3654cbe8782 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13368.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13368.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary site options to a value of one." + }, + { + "lang": "es", + "value": "El complemento Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin para WordPress es vulnerable al acceso no autorizado debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n youzify_offer_banner() en todas las versiones hasta la 1.3.2 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias del sitio a un valor de uno." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13370.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13370.json index c149e59e511..2ab0349312d 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13370.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13370.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key." + }, + { + "lang": "es", + "value": "El complemento Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin para WordPress es vulnerable al acceso no autorizado debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n save_addon_key_license() en todas las versiones hasta la 1.3.2 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias a un valor de una clave de licencia v\u00e1lida." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13380.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13380.json index 95b1073907a..b2d4852feed 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13380.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13380.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T13:15:09.107", "lastModified": "2025-01-30T14:15:33.513", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Alex Reservations: Smart Restaurant Booking para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'rr_form' del complemento en todas las versiones hasta la 2.0.5 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13408.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13408.json index 5da2b5fc7ba..28dc8e4513b 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13408.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13408.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T11:15:09.043", "lastModified": "2025-01-24T11:15:09.043", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included." + }, + { + "lang": "es", + "value": "El complemento Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 1.6.10 y incluida, a trav\u00e9s del atributo 'theme' del shortcode `pgcu`. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, incluyan y ejecuten archivos arbitrarios en el servidor, lo que permite la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en casos en los que se puedan cargar e incluir archivos PHP." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13409.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13409.json index 592a049d721..5dcf5e70750 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13409.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13409.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T11:15:09.213", "lastModified": "2025-01-24T11:15:09.213", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included." + }, + { + "lang": "es", + "value": "El complemento Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 1.6.10 y incluida, a trav\u00e9s del par\u00e1metro 'theme' de la funci\u00f3n post_type_ajax_handler(). Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, incluyan y ejecuten archivos arbitrarios en el servidor, lo que permite la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en casos en los que se puedan cargar e incluir im\u00e1genes y otros tipos de archivos \"seguros\"." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13422.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13422.json index 5aa37380b02..6f3de30867d 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13422.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13422.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-23T12:15:28.163", "lastModified": "2025-01-23T12:15:28.163", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13441.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13441.json index a6163df3eb3..06f6f092e50 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13441.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13441.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Bilingual Linker para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro bl_otherlang_link_1 en todas las versiones hasta la 2.4 y incluida, debido a un escape de entrada y salida insuficiente. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13449.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13449.json index a6614755636..d51a9ef3237 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13449.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13449.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings that change the appearance of the website." + }, + { + "lang": "es", + "value": "El complemento Boom Fest para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'bf_admin_action' en todas las versiones hasta la 2.2.1 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen las configuraciones del complemento que cambian la apariencia del sitio web." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13450.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13450.json index 10048f0e63d..9914a77252f 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13450.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13450.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments." + }, + { + "lang": "es", + "value": "El complemento Contact Form de Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 2.17.4 y incluida a trav\u00e9s de la integraci\u00f3n de Webhooks. Esto permite que atacantes autenticados, con acceso de nivel de administrador o superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y se pueden usar para consultar y modificar informaci\u00f3n de servicios internos. La vulnerabilidad tambi\u00e9n se puede explotar en entornos multisitio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13453.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13453.json index befcfe37ad5..d4aaff7ad67 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13453.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13453.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T11:15:10.993", "lastModified": "2025-01-30T14:15:33.873", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + }, + { + "lang": "es", + "value": "El complemento The Contact Form & SMTP Plugin for WordPress de PirateForms para WordPress es vulnerable a la ejecuci\u00f3n de c\u00f3digos cortos arbitrarios en todas las versiones hasta la 2.6.0 y incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13457.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13457.json index 019f941fef5..f798c46cf38 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13457.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13457.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T07:15:07.067", "lastModified": "2025-01-30T07:15:07.067", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view order details of orders they did not place, which includes ticket prices, user emails and order date." + }, + { + "lang": "es", + "value": "El complemento Event Tickets and Registration para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 5.18.1 y incluida a trav\u00e9s del par\u00e1metro tc-order-id debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite que atacantes no autenticados vean los detalles de pedidos que no realizaron, lo que incluye precios de entradas, correos electr\u00f3nicos de usuarios y fecha de pedido." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13458.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13458.json index bda03968464..0016481eab8 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13458.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13458.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'noticefaq' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WordPress SEO Friendly Accordion FAQ with AI assisted content generation para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'noticefaq' del complemento en todas las versiones hasta incluida, 2.2.1 debido a la falta de entrada desinfecci\u00f3n y a la salida que se escapa en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13466.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13466.json index 00684718bc0..9d925f81f36 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13466.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13466.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T13:15:09.253", "lastModified": "2025-01-30T14:15:34.217", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Automatically Hierarchic Categories in Menu para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'autocategorymenu' del complemento en todas las versiones hasta incluida, 2.0.7 debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13467.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13467.json index db57852d03f..0ae38a80898 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13467.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13467.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento WP Contact Form7 Email Spam Blocker para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'post' en todas las versiones hasta la 1.0.0 y incluida, debido a un escape de entrada desinfecci\u00f3n y de salida insuficiente. Esto hace posible que atacantes no autenticados inyecten scripts web arbitraria en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13470.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13470.json index 3cb7509b7cb..6bccd92dfc3 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13470.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13470.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T08:15:26.690", "lastModified": "2025-01-30T08:15:26.690", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Ninja Forms \u2013 The Contact Form Builder That Grows With You para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto del complemento en todas las versiones hasta la 3.8.24 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13484.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13484.json index 6564e08b6fd..a7a4ff66864 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13484.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13484.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A flaw was found in ArgoCD. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en ArgoCD. La etiqueta openshift.io/cluster-monitoring se aplica a todos los espacios de nombres que implementan una instancia CR de ArgoCD, lo que permite que el espacio de nombres cree una PrometheusRule no autorizada. Este problema puede tener efectos adversos en la pila de monitoreo de la plataforma, ya que la regla se implementa en todo el cl\u00faster cuando se aplica la etiqueta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13505.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13505.json index 3f4f698e6ce..b62bde34cd0 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13505.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13505.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ays_sections[5][questions][8][title]\u2019 parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento Survey Maker para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro \u2018ays_sections[5][questions][8][title]\u2019 en todas las versiones hasta la 5.1.3.3 y incluida, debido a un escape de entrada desinfecci\u00f3n y de salida insuficiente. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a instalaciones multisitio e instalaciones donde se ha deshabilitado unfiltered_html." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13511.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13511.json index df43407cba6..a8eb21e9341 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13511.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13511.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-23T10:15:07.253", "lastModified": "2025-01-23T10:15:07.253", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13542.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13542.json index 46b50dd2c85..ae37ba4c11f 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13542.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13542.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T11:15:09.377", "lastModified": "2025-01-24T11:15:09.377", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Google Street View (with 360\u00b0 virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WP Google Street View (con recorrido virtual de 360\u00b0) y Google maps + Local SEO para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'wpgsv' del complemento en todas las versiones hasta la 1.1.3 y incluida, debido a la falta de desinfecci\u00f3n de entrada y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13545.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13545.json index eb38b1e5ffc..1240a0f445f 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13545.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13545.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T09:15:22.797", "lastModified": "2025-01-24T09:15:22.797", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13548.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13548.json index 8d6b90a676e..89afc66eb64 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13548.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13548.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Power Ups for Elementor para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado \"magic-button\" del complemento en todas las versiones hasta incluida, 1.2.2 debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en las p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13550.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13550.json index 844f0607470..cd63137b844 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13550.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13550.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information." + }, + { + "lang": "es", + "value": "El complemento ABC Notation para WordPress es vulnerable a Path Traversal en todas las versiones hasta la 6.1.3 y incluida a trav\u00e9s del atributo 'file' del shortcode 'abcjs'. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13551.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13551.json index f2c2bcad91d..38a297aa29d 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13551.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13551.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento ABC Notation para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del shortcode 'abcjs' del complemento en todas las versiones hasta incluida, 6.1.3 debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13561.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13561.json index fde1734ec84..44ef5db9065 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13561.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13561.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's brid_override_yt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Target Video Easy Publish para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado brid_override_yt del complemento en todas las versiones hasta la 3.8.3 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13562.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13562.json index 42af33fe712..5f5ec86b67f 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13562.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13562.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Import WP \u2013 Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files." + }, + { + "lang": "es", + "value": "El complemento Import WP \u2013 Export and Import CSV and XML files to WordPress para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.14.5 y incluida a trav\u00e9s del directorio de cargas. Esto permite que atacantes no autenticados extraigan datos confidenciales almacenados de forma insegura en el directorio /wp-content/uploads/, que puede contener informaci\u00f3n como datos y archivos de usuarios locales o importados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13572.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13572.json index 2853ee7ce9c..ba5b2b5282b 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13572.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13572.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T11:15:09.520", "lastModified": "2025-01-24T11:15:09.520", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Precious Metals Charts and Widgets for WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'nfusion-widget' del complemento en todas las versiones hasta incluida, 1.2.8 debido a la falta de entrada desinfecci\u00f3n y la salida que se escapa en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13583.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13583.json index 7c28c2ada14..8aa687c07b7 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13583.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13583.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T10:15:07.770", "lastModified": "2025-01-24T10:15:07.770", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13586.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13586.json index 980837acf2e..90cdefe8d93 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13586.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13586.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Masy Gallery para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'justified-gallery' del complemento en todas las versiones hasta la 1.7 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13593.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13593.json index 1841d64a85f..73e989ec533 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13593.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13593.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-23T10:15:07.737", "lastModified": "2025-01-23T10:15:07.737", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13594.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13594.json index ed93328cb55..9b515b5a9b4 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13594.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13594.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T11:15:09.667", "lastModified": "2025-01-24T11:15:09.667", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofix_sdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Simple Downloads List para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del atributo 'category' del shortcode 'neofix_sdl' en todas las versiones hasta la 1.4.2 y incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-135xx/CVE-2024-13599.json b/CVE-2024/CVE-2024-135xx/CVE-2024-13599.json index 05ae5a64743..f45c009d4df 100644 --- a/CVE-2024/CVE-2024-135xx/CVE-2024-13599.json +++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13599.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP Instructor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento LearnPress \u2013 WordPress LMS Plugin para WordPress es vulnerable a Cross-Site Scripting Almacenado en todas las versiones hasta 4.2.7.5 y incluida, debido a un escape insuficiente de entrada desinfecci\u00f3n y salida de un nombre de lecci\u00f3n. Esto hace posible que atacantes autenticados, con acceso de nivel de instructor LP y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13642.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13642.json index aff581e856b..1d05754bd83 100644 --- a/CVE-2024/CVE-2024-136xx/CVE-2024-13642.json +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13642.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T07:15:08.700", "lastModified": "2025-01-30T07:15:08.700", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Stratum \u2013 Elementor Widgets para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del widget Image Hotspot del complemento en todas las versiones hasta la 1.4.7 y incluida, debido a la falta de entrada desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13659.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13659.json index 20f14dba41b..3dbae5c5a74 100644 --- a/CVE-2024/CVE-2024-136xx/CVE-2024-13659.json +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13659.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T06:15:26.557", "lastModified": "2025-01-24T06:15:26.557", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13680.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13680.json index b61fe6b12df..0995331b9c2 100644 --- a/CVE-2024/CVE-2024-136xx/CVE-2024-13680.json +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13680.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T07:15:06.930", "lastModified": "2025-01-24T07:15:06.930", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13683.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13683.json index cb6be38381c..31d0ae1758e 100644 --- a/CVE-2024/CVE-2024-136xx/CVE-2024-13683.json +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13683.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-24T07:15:08.523", "lastModified": "2025-01-24T07:15:08.523", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13694.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13694.json index b9e7775be82..1844ae0856b 100644 --- a/CVE-2024/CVE-2024-136xx/CVE-2024-13694.json +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13694.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T09:15:08.180", "lastModified": "2025-01-30T09:15:08.180", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to extract data from wishlists that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Wishlist (alta personalizaci\u00f3n, configuraci\u00f3n r\u00e1pida, lista de deseos gratuita de Elementor, la mayor\u00eda de las funciones) para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta incluida, 1.8.7 a trav\u00e9s de la funci\u00f3n download_pdf_file() debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite que atacantes no autenticados extraigan datos de listas de deseos a los que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13696.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13696.json index aec1e82c3c6..fc9030870e1 100644 --- a/CVE-2024/CVE-2024-136xx/CVE-2024-13696.json +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13696.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wishlist_name\u2019 parameter in all versions up to, and including, 1.2.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save for later para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro \u2018wishlist_name\u2019 en todas las versiones hasta incluida, 1.2.25 debido a una entrada desinfecci\u00f3n y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13698.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13698.json index 64b62e5fcaa..13f7c558816 100644 --- a/CVE-2024/CVE-2024-136xx/CVE-2024-13698.json +++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13698.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site's OpenAI key." + }, + { + "lang": "es", + "value": "El tema Jobify - Job Board WordPress para WordPress es vulnerable al acceso no autorizado y a la modificaci\u00f3n de datos debido a una falta de comprobaci\u00f3n de capacidad en las funciones 'download_image_via_ai' y 'generate_image_via_ai' en todas las versiones hasta la 4.2.7 y incluida. Esto permite que atacantes no autenticados realicen solicitudes web a ubicaciones arbitrarias que se originan desde la aplicaci\u00f3n web para cargar archivos en formato de imagen y generar im\u00e1genes de IA utilizando la clave OpenAI del sitio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13706.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13706.json index 43b19a341c7..f018733996d 100644 --- a/CVE-2024/CVE-2024-137xx/CVE-2024-13706.json +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13706.json @@ -3,12 +3,16 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-01-30T11:15:11.143", "lastModified": "2025-01-30T14:15:36.180", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento WP Image Uploader para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'file' en todas las versiones hasta la 1.0.1 y incluida, debido a un escape de entrada desinfecci\u00f3n y de salida insuficiente. Esto hace posible que atacantes no autenticados inyecten scripts web arbitraria en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13709.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13709.json index 3f0492332f7..065244d8f2e 100644 --- a/CVE-2024/CVE-2024-137xx/CVE-2024-13709.json +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13709.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Linear para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.8.1 y incluida. Esto se debe a una validaci\u00f3n de nonce incorrecta o faltante en 'linear-debug'. Esto hace posible que atacantes no autenticados restablezcan la cach\u00e9 del complemento a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13715.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13715.json index fba782fe12e..42a6745ffda 100644 --- a/CVE-2024/CVE-2024-137xx/CVE-2024-13715.json +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13715.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's cache." + }, + { + "lang": "es", + "value": "El complemento zStore Manager Basic para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n zstore_clear_cache() en todas las versiones hasta la 3.311 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, borren la memoria cach\u00e9 del complemento." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13720.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13720.json index ffaf0f6fd31..eac8bf963de 100644 --- a/CVE-2024/CVE-2024-137xx/CVE-2024-13720.json +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13720.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)." + }, + { + "lang": "es", + "value": "El complemento WP Image Uploader para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n insuficiente de la ruta de archivo en la funci\u00f3n gky_image_uploader_main_function() en todas las versiones hasta la 1.0.1 y incluida. Esto hace posible que atacantes no autenticados eliminen archivos arbitrarios en el servidor, lo que puede provocar f\u00e1cilmente la ejecuci\u00f3n remota de c\u00f3digo cuando se elimina el archivo correcto (como wp-config.php)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13721.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13721.json index 737dedf7c6b..302c3d7fbef 100644 --- a/CVE-2024/CVE-2024-137xx/CVE-2024-13721.json +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13721.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Plethora Plugins Tabs + Accordions para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro de anclaje en todas las versiones hasta la 1.1.8 y incluida, debido a un escape de entrada y salida insuficiente de desinfecci\u00f3n. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-137xx/CVE-2024-13742.json b/CVE-2024/CVE-2024-137xx/CVE-2024-13742.json index c3716156953..6f88a6dc3db 100644 --- a/CVE-2024/CVE-2024-137xx/CVE-2024-13742.json +++ b/CVE-2024/CVE-2024-137xx/CVE-2024-13742.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The iControlWP \u2013 Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present." + }, + { + "lang": "es", + "value": "El complemento iControlWP \u2013 Multiple WordPress Site Manager para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 4.4.5 y incluida, mediante la deserializaci\u00f3n de la entrada no confiable del par\u00e1metro reqpars. Esto hace posible que atacantes no autenticados inyecten un objeto PHP. No hay ninguna cadena POP conocida presente en el software vulnerable, lo que significa que esta vulnerabilidad no tiene impacto a menos que se instale en el sitio otro complemento o tema que contenga una cadena POP. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el objetivo sistema, puede permitir al atacante realizar acciones como eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo seg\u00fan la cadena POP presente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1360.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1360.json index 4bc89a97179..97a4d40ec19 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1360.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1360.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-02-23T11:15:08.310", "lastModified": "2024-11-21T08:50:24.707", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json index cee83c6d831..37c90cacd5d 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-02-20T03:15:08.077", "lastModified": "2024-11-21T08:50:44.030", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1516.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1516.json index f8c0e9f7bbd..757b2281039 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1516.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1516.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-02-28T09:15:43.200", "lastModified": "2024-11-21T08:50:44.537", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1767.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1767.json index fdb8c451d90..7a997900d4f 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1767.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1767.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-09T07:15:09.173", "lastModified": "2024-11-21T08:51:16.067", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1799.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1799.json index 22521c09fd4..5a79f1379e8 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1799.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1799.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-20T03:15:08.160", "lastModified": "2024-11-21T08:51:20.813", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1810.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1810.json index 85355174be5..c9ac006e889 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1810.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1810.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-02-24T05:15:43.977", "lastModified": "2024-11-21T08:51:22.260", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1860.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1860.json index 1959b3b0ca4..85091acd33b 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1860.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1860.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-02-28T10:15:09.320", "lastModified": "2024-11-21T08:51:28.567", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21598.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21598.json index 03342086baf..fc0803d8824 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21598.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21598.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T15:15:23.377", "lastModified": "2024-11-21T08:54:41.350", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21605.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21605.json index 9f64cf471cd..33141c0cf99 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21605.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21605.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T15:15:23.577", "lastModified": "2024-11-21T08:54:42.320", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21615.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21615.json index cdbd977363c..7c481a07af8 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21615.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21615.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T15:15:24.153", "lastModified": "2024-11-21T08:54:43.647", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21618.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21618.json index 11b623b06ba..ec5cf3fa0a1 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21618.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21618.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T15:15:24.350", "lastModified": "2024-11-21T08:54:44.067", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22127.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22127.json index e8367ad1873..0dbfbc29893 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22127.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22127.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@sap.com", "published": "2024-03-12T01:15:49.060", "lastModified": "2024-11-21T08:55:38.160", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22315.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22315.json index 045421f45e0..a12cb8c4fbc 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22315.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22315.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-28T02:15:28.603", "lastModified": "2025-01-28T02:15:28.603", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection." + }, + { + "lang": "es", + "value": "IBM Fusion e IBM Fusion HCI 2.3.0 a 2.8.2 son vulnerables a una conexi\u00f3n de red insegura al permitir que un atacante que obtenga acceso a un contenedor de Fusion establezca una conexi\u00f3n de red externa." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22316.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22316.json index b2016d8e68a..c8febcfaa90 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22316.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22316.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls." + }, + { + "lang": "es", + "value": "IBM Sterling File Gateway 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.1 podr\u00edan permitir que un usuario autenticado realice acciones no autorizadas en los datos de otro usuario debido a controles de acceso inadecuados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22448.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22448.json index d43542dbc56..54627e39c80 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22448.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22448.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-04-10T08:15:06.913", "lastModified": "2024-11-21T08:56:18.567", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22453.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22453.json index 5089420ea0c..d83d1347f5b 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22453.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22453.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-03-19T08:15:06.480", "lastModified": "2024-11-21T08:56:19.133", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22460.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22460.json index 9deaee233ce..71fe267709f 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22460.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22460.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-05-08T16:15:07.970", "lastModified": "2024-11-21T08:56:20.010", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22461.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22461.json index fbc92353247..6b6b871d3a2 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22461.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22461.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-13T14:15:21.383", "lastModified": "2024-12-13T14:15:21.383", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2212.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2212.json index de976b84c14..e8f456b2a54 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2212.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2212.json @@ -3,7 +3,7 @@ "sourceIdentifier": "emo@eclipse.org", "published": "2024-03-26T16:15:13.233", "lastModified": "2024-11-21T09:09:16.010", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2214.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2214.json index 0539682257c..d71fce11e12 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2214.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2214.json @@ -3,7 +3,7 @@ "sourceIdentifier": "emo@eclipse.org", "published": "2024-03-26T16:15:13.430", "lastModified": "2024-11-21T09:09:16.287", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23151.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23151.json index f64f2dcf45e..5330707d7c7 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23151.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23151.json @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "psirt@autodesk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23155.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23155.json index 90263355d7e..b39063167e4 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23155.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23155.json @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "psirt@autodesk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23156.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23156.json index 2fefcf4722e..14d79eda8bc 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23156.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23156.json @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "psirt@autodesk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23444.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23444.json index 7a56db4f727..93d0fef357a 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23444.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23444.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2024-07-31T18:15:11.983", "lastModified": "2024-08-01T12:42:36.933", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23449.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23449.json index 3aaa4ba156e..77470374a5d 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23449.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23449.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2024-03-29T12:15:08.177", "lastModified": "2024-11-21T08:57:43.903", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23450.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23450.json index 4f3068976b8..8d6cc8b09ed 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23450.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23450.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2024-03-27T17:15:53.857", "lastModified": "2024-11-21T08:57:44.030", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23451.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23451.json index a87b12b93ee..66339722c4d 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23451.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23451.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2024-03-27T18:15:10.330", "lastModified": "2024-11-21T08:57:44.157", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23953.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23953.json index 5a549ed6f0c..53dd41fa511 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23953.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23953.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Use of Arrays.equals() in LlapSignerImpl in\u00a0Apache Hive to compare message signatures\u00a0allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack.\u00a0Users are recommended to upgrade to version 4.0.0, which fixes this issue.\n\nThe problem occurs when an application doesn\u2019t use a constant-time algorithm for validating a signature.\u00a0The method Arrays.equals()\u00a0returns false\u00a0right away when it sees that one of the input\u2019s bytes are different. It means that the comparison time depends on the contents of the arrays. This little thing may allow an attacker to forge a valid signature for an arbitrary message byte by byte.\u00a0So it might allow malicious users to submit splits/work with selected signatures to LLAP without running as a privileged user, potentially leading to DDoS attack.\n\nMore details in the reference section." + }, + { + "lang": "es", + "value": "El uso de Arrays.equals() en LlapSignerImpl en Apache Hive para comparar firmas de mensajes permite a un atacante falsificar una firma v\u00e1lida para un mensaje arbitrario byte a byte. El atacante debe ser un usuario autorizado del producto para realizar este ataque. Se recomienda a los usuarios que actualicen a la versi\u00f3n 4.0.0, que soluciona este problema. El problema ocurre cuando una aplicaci\u00f3n no utiliza un algoritmo de tiempo constante para validar una firma. El m\u00e9todo Arrays.equals() devuelve falso de inmediato cuando ve que uno de los bytes de entrada es diferente. Significa que el tiempo de comparaci\u00f3n depende del contenido de las matrices. Esta peque\u00f1a cosa puede permitir a un atacante falsificar una firma v\u00e1lida para un mensaje arbitrario byte a byte. Por lo tanto, podr\u00eda permitir que los usuarios malintencionados env\u00eden divisiones/trabajos con firmas seleccionadas a LLAP sin ejecutarse como un usuario privilegiado, lo que podr\u00eda conducir a un ataque DDoS. M\u00e1s detalles en la secci\u00f3n de referencia." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2352.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2352.json index 747b5913165..bfd3bb38689 100644 --- a/CVE-2024/CVE-2024-23xx/CVE-2024-2352.json +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2352.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2024-03-10T02:16:08.767", "lastModified": "2024-11-21T09:09:34.573", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24420.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24420.json index aab803a8620..d4c173357a7 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24420.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24420.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-21T23:15:12.030", "lastModified": "2025-01-23T16:15:34.687", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24421.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24421.json index 7b83ab4890c..94334e3b7cb 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24421.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24421.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-21T23:15:12.147", "lastModified": "2025-01-23T16:15:34.883", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24424.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24424.json index 6b285b4f5a0..c468147c869 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24424.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24424.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-21T23:15:12.527", "lastModified": "2025-01-23T16:15:35.453", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24429.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24429.json index aef6cd66d72..efe66fcb13e 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24429.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24429.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T16:15:28.907", "lastModified": "2025-01-22T16:15:28.907", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24430.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24430.json index a43a990bd9f..c70c646a6ef 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24430.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24430.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:12.680", "lastModified": "2025-01-23T18:15:29.850", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24883.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24883.json index a286dd69d34..4dde1fe5904 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24883.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24883.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-11T01:24:53.977", "lastModified": "2024-11-21T08:59:54.990", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24902.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24902.json index 202a49b6d04..8705f27a12b 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24902.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24902.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-13T15:15:26.810", "lastModified": "2024-12-13T15:15:26.810", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24908.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24908.json index d07da05080d..9df5f44dd61 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24908.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24908.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-05-08T16:15:08.303", "lastModified": "2024-11-21T08:59:57.640", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-24xx/CVE-2024-2452.json b/CVE-2024/CVE-2024-24xx/CVE-2024-2452.json index d5e1d1816c6..4918ab82e79 100644 --- a/CVE-2024/CVE-2024-24xx/CVE-2024-2452.json +++ b/CVE-2024/CVE-2024-24xx/CVE-2024-2452.json @@ -3,7 +3,7 @@ "sourceIdentifier": "emo@eclipse.org", "published": "2024-03-26T16:15:13.623", "lastModified": "2024-11-21T09:09:47.030", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-250xx/CVE-2024-25034.json b/CVE-2024/CVE-2024-250xx/CVE-2024-25034.json index b6043074e5e..858a3714b85 100644 --- a/CVE-2024/CVE-2024-250xx/CVE-2024-25034.json +++ b/CVE-2024/CVE-2024-250xx/CVE-2024-25034.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks." + }, + { + "lang": "es", + "value": "IBM Planning Analytics 2.0 y 2.1 podr\u00edan ser vulnerables a la carga de archivos maliciosos al no validar el tipo de archivo en el proceso T1 de File Manager. Los atacantes pueden aprovechar esta debilidad y cargar archivos ejecutables maliciosos en sistema que pueden enviarse a las v\u00edctimas para realizar ataques posteriores." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25645.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25645.json index 875167aa445..0283cc19139 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25645.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25645.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@sap.com", "published": "2024-03-12T01:15:49.780", "lastModified": "2024-11-21T09:01:08.843", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25942.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25942.json index b6ffa41f959..f7bc0576281 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25942.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25942.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-03-19T08:15:06.713", "lastModified": "2024-11-21T09:01:37.290", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25943.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25943.json index f2d06b19212..d79da0481f0 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25943.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25943.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-06-29T13:15:10.403", "lastModified": "2024-11-21T09:01:37.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25944.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25944.json index 6af83efb986..ccb8c895a39 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25944.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25944.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-03-29T17:15:11.837", "lastModified": "2024-11-21T09:01:37.533", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26654.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26654.json index e7d8740e327..ee01fd3c664 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26654.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26654.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-01T09:15:51.063", "lastModified": "2024-11-21T09:02:46.457", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26658.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26658.json index 4cfbf895f1f..70efd7adc6e 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26658.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26658.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-02T07:15:42.903", "lastModified": "2024-11-21T09:02:46.957", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26719.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26719.json index 243f9de7361..41b93836249 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26719.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26719.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T15:15:53.947", "lastModified": "2024-11-21T09:02:54.847", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-267xx/CVE-2024-26732.json b/CVE-2024/CVE-2024-267xx/CVE-2024-26732.json index ac0a9680d55..6c5b6068e82 100644 --- a/CVE-2024/CVE-2024-267xx/CVE-2024-26732.json +++ b/CVE-2024/CVE-2024-267xx/CVE-2024-26732.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-03T17:15:50.977", "lastModified": "2024-11-21T09:02:56.510", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26817.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26817.json index 8474726e617..02fc565646e 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26817.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26817.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-13T12:15:11.730", "lastModified": "2024-11-21T09:03:08.580", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26849.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26849.json index 88c9dd2ea1d..36a4d69997a 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26849.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26849.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T11:15:08.377", "lastModified": "2024-11-21T09:03:12.467", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26917.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26917.json index 6b8e73c1ebe..835ee715535 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26917.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26917.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T16:15:08.247", "lastModified": "2024-11-21T09:03:22.663", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-26xx/CVE-2024-2658.json b/CVE-2024/CVE-2024-26xx/CVE-2024-2658.json index fd583ba4cf1..722a3fb499b 100644 --- a/CVE-2024/CVE-2024-26xx/CVE-2024-2658.json +++ b/CVE-2024/CVE-2024-26xx/CVE-2024-2658.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to\u00a02024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges." + }, + { + "lang": "es", + "value": "Una configuraci\u00f3n incorrecta en lmadmin.exe de las versiones de FlexNet Publisher anteriores a 2024 R1 (11.19.6.0) permite que el archivo de configuraci\u00f3n de OpenSSL se cargue desde un directorio inexistente. Un usuario no autorizado, autenticado localmente y con privilegios bajos puede crear el directorio y cargar un archivo openssl.conf manipulado especial, lo que lleva a la ejecuci\u00f3n de una DLL maliciosa (Dynamic-Link librer\u00eda) con privilegios elevados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27256.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27256.json index 7a250303e4a..584e47dda17 100644 --- a/CVE-2024/CVE-2024-272xx/CVE-2024-27256.json +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27256.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and\u00a02.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information." + }, + { + "lang": "es", + "value": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 a 3.1.3 CD, 2.0.0 LTS a 2.0.22 LTS y 2.4.0 a 2.4.8, 2.3.0 a 2.3.3, 2.2.0 a 2.2.2 utilizan algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27263.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27263.json index b23c86b9cdc..ff4ac156956 100644 --- a/CVE-2024/CVE-2024-272xx/CVE-2024-27263.json +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27263.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-28T01:15:08.950", "lastModified": "2025-01-28T01:15:08.950", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques." + }, + { + "lang": "es", + "value": "IBM Sterling B2B Integrator 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.1 podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n confidencial de la interfaz de usuario del panel de control mediante t\u00e9cnicas de intermediario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27288.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27288.json index c0a70a58491..daa0e4d9dfc 100644 --- a/CVE-2024/CVE-2024-272xx/CVE-2024-27288.json +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27288.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-03-06T19:15:07.933", "lastModified": "2024-11-21T09:04:15.310", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-274xx/CVE-2024-27433.json b/CVE-2024/CVE-2024-274xx/CVE-2024-27433.json index 569a3aa3d30..3aa5903c382 100644 --- a/CVE-2024/CVE-2024-274xx/CVE-2024-27433.json +++ b/CVE-2024/CVE-2024-274xx/CVE-2024-27433.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T13:15:57.927", "lastModified": "2024-11-21T09:04:35.857", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-278xx/CVE-2024-27898.json b/CVE-2024/CVE-2024-278xx/CVE-2024-27898.json index 23f92c25180..ff0a72ba3c7 100644 --- a/CVE-2024/CVE-2024-278xx/CVE-2024-27898.json +++ b/CVE-2024/CVE-2024-278xx/CVE-2024-27898.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@sap.com", "published": "2024-04-09T01:15:48.583", "lastModified": "2024-11-21T09:05:22.490", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-27xx/CVE-2024-2783.json b/CVE-2024/CVE-2024-27xx/CVE-2024-2783.json index a41d46dd665..4d32bb2df40 100644 --- a/CVE-2024/CVE-2024-27xx/CVE-2024-2783.json +++ b/CVE-2024/CVE-2024-27xx/CVE-2024-2783.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:36.483", "lastModified": "2024-11-21T09:10:30.537", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28163.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28163.json index 6241a266314..1d96bcdf5df 100644 --- a/CVE-2024/CVE-2024-281xx/CVE-2024-28163.json +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28163.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@sap.com", "published": "2024-03-12T01:15:50.390", "lastModified": "2024-11-21T09:05:56.313", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28766.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28766.json index 8a472c8bdfc..a98170a755a 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28766.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28766.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-27T02:15:28.253", "lastModified": "2025-01-27T02:15:28.253", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Security Directory Integrator 7.2.0 e IBM Security Verify Directory Integrator 10.0.0 podr\u00edan revelar informaci\u00f3n confidencial sobre el contenido del directorio que podr\u00eda ayudar en futuros ataques contra sistema. " } ], "metrics": { diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28770.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28770.json index 95c1c0cc8d6..00d4641cc62 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28770.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28770.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-27T02:15:28.407", "lastModified": "2025-01-27T02:15:28.407", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic." + }, + { + "lang": "es", + "value": "IBM Security Directory Integrator 7.2.0 e IBM Security Verify Directory Integrator 10.0.0 no establecen el atributo seguro en tokens de autorizaci\u00f3n o cookies de sesi\u00f3n. Los atacantes pueden obtener los valores de las cookies enviando un enlace http:// a un usuario o colocando este enlace en un sitio al que accede el usuario. La cookie se enviar\u00e1 al enlace inseguro y el atacante podr\u00e1 obtener el valor de la cookie espiando el tr\u00e1fico. " } ], "metrics": { diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28771.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28771.json index fa4986e7f21..e5a477cd78a 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28771.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28771.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic." + }, + { + "lang": "es", + "value": "IBM Security Directory Integrator 7.2.0 e IBM Security Verify Directory Integrator 10.0.0 no establecen el atributo seguro en tokens de autorizaci\u00f3n o cookies de sesi\u00f3n. Los atacantes pueden obtener los valores de las cookies enviando un enlace http:// a un usuario o colocando este enlace en un sitio al que accede el usuario. La cookie se enviar\u00e1 al enlace inseguro y el atacante podr\u00e1 obtener el valor de la cookie espiando el tr\u00e1fico." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28786.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28786.json index cf058f89062..2f999797336 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28786.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28786.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-28T00:15:06.680", "lastModified": "2025-01-28T00:15:06.680", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques." + }, + { + "lang": "es", + "value": "IBM QRadar SIEM 7.5 transmite datos confidenciales o cr\u00edticos para la seguridad en texto plano en un canal de comunicaci\u00f3n que podr\u00eda ser obtenido por un actor no autorizado mediante t\u00e9cnicas de intermediario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28961.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28961.json index 9927c362941..c299f238690 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28961.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28961.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-04-29T09:15:07.477", "lastModified": "2024-11-21T09:07:16.467", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28963.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28963.json index 0ad8fb4c6cd..7a639748cb4 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28963.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28963.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-04-24T08:15:37.400", "lastModified": "2024-11-21T09:07:16.740", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28973.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28973.json index 371f5bc6244..5e45b8450cb 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28973.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28973.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-06-26T03:15:09.640", "lastModified": "2024-11-21T09:07:18.133", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28974.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28974.json index 4f031175735..df6f16ae226 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28974.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28974.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-05-29T16:15:09.550", "lastModified": "2024-11-21T09:07:18.270", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-289xx/CVE-2024-28980.json b/CVE-2024/CVE-2024-289xx/CVE-2024-28980.json index 91f24cbf84c..cb7d3c3720b 100644 --- a/CVE-2024/CVE-2024-289xx/CVE-2024-28980.json +++ b/CVE-2024/CVE-2024-289xx/CVE-2024-28980.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-13T15:15:26.953", "lastModified": "2024-12-13T15:15:26.953", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29169.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29169.json index 641e7150506..0887d2440ad 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29169.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29169.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-06-13T16:15:10.610", "lastModified": "2024-11-21T09:07:43.060", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29173.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29173.json index 8d2b5ef7e55..de80ba5cd36 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29173.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29173.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-06-26T03:15:09.877", "lastModified": "2024-11-21T09:07:43.383", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30186.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30186.json index 6735749c039..3a3cb37b3cb 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30186.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30186.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-27T12:15:14.173", "lastModified": "2024-11-21T09:11:23.400", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-302xx/CVE-2024-30257.json b/CVE-2024/CVE-2024-302xx/CVE-2024-30257.json index b0e96dd57f1..d7e7d760dc2 100644 --- a/CVE-2024/CVE-2024-302xx/CVE-2024-30257.json +++ b/CVE-2024/CVE-2024-302xx/CVE-2024-30257.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-18T15:15:30.043", "lastModified": "2024-11-21T09:11:34.003", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30380.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30380.json index 6a2fe4cec4f..6d99849c727 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30380.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30380.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-16T20:15:09.887", "lastModified": "2024-11-21T09:11:48.667", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30382.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30382.json index 4392c870ec3..a8dace88115 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30382.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30382.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T16:15:37.207", "lastModified": "2024-11-21T09:11:48.950", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30386.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30386.json index 88e97ed0667..63cb6c26e62 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30386.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30386.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T16:15:37.650", "lastModified": "2024-11-21T09:11:49.213", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30387.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30387.json index 8cda70dbfc8..b6460cc4cac 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30387.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30387.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T16:15:37.867", "lastModified": "2024-11-21T09:11:49.347", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30390.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30390.json index 1f9a0e56b65..d4ce00badaf 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30390.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30390.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T16:15:38.540", "lastModified": "2024-11-21T09:11:49.743", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30394.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30394.json index 643522789b5..70a85ba7453 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30394.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30394.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T15:15:24.730", "lastModified": "2024-11-21T09:11:50.160", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30395.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30395.json index 698a9c1c82b..2e059763e0a 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30395.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30395.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T15:15:24.930", "lastModified": "2024-11-21T09:11:50.303", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30397.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30397.json index fac902f29cd..ec8c42cd776 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30397.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30397.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T16:15:39.267", "lastModified": "2024-11-21T09:11:50.447", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30398.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30398.json index b151d2dffe6..c759b484656 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30398.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30398.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T16:15:39.497", "lastModified": "2024-11-21T09:11:50.580", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-304xx/CVE-2024-30402.json b/CVE-2024/CVE-2024-304xx/CVE-2024-30402.json index d376469c64e..38153db5945 100644 --- a/CVE-2024/CVE-2024-304xx/CVE-2024-30402.json +++ b/CVE-2024/CVE-2024-304xx/CVE-2024-30402.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T16:15:39.930", "lastModified": "2024-11-21T09:11:50.863", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-304xx/CVE-2024-30403.json b/CVE-2024/CVE-2024-304xx/CVE-2024-30403.json index d9f03e376a4..d04ae62ac74 100644 --- a/CVE-2024/CVE-2024-304xx/CVE-2024-30403.json +++ b/CVE-2024/CVE-2024-304xx/CVE-2024-30403.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T16:15:40.123", "lastModified": "2024-11-21T09:11:51.013", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-304xx/CVE-2024-30409.json b/CVE-2024/CVE-2024-304xx/CVE-2024-30409.json index 8cc4f38573a..44df4794fa9 100644 --- a/CVE-2024/CVE-2024-304xx/CVE-2024-30409.json +++ b/CVE-2024/CVE-2024-304xx/CVE-2024-30409.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-04-12T15:15:25.740", "lastModified": "2024-11-21T09:11:51.607", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3046.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3046.json index 8fca047c4b1..8604007a027 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3046.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3046.json @@ -3,7 +3,7 @@ "sourceIdentifier": "emo@eclipse.org", "published": "2024-04-09T10:15:08.600", "lastModified": "2024-11-21T09:28:45.457", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31903.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31903.json index a4a5b98612a..72af6dd6ee6 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31903.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31903.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-22T16:15:29.030", "lastModified": "2025-01-22T16:15:29.030", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31906.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31906.json index 4d687244cd8..0e6cef18c8d 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31906.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31906.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system." + }, + { + "lang": "es", + "value": "IBM Automation Decision Services 23.0.2 permite que las p\u00e1ginas web se almacenen localmente y que otro usuario pueda leerlas en sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32681.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32681.json index 8a4d5f926f7..5e7df329cd8 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32681.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32681.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-22T11:15:46.287", "lastModified": "2024-11-21T09:15:27.957", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32682.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32682.json index 05a9a574264..8c60eb512df 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32682.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32682.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-22T11:15:46.630", "lastModified": "2024-11-21T09:15:28.090", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32855.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32855.json index 105a7668044..b33ec543eda 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32855.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32855.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-06-25T04:15:14.600", "lastModified": "2024-11-21T09:15:51.863", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3213.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3213.json index 02eb009e86e..4ba19cb3912 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3213.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3213.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:40.203", "lastModified": "2024-11-21T09:29:09.650", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3332.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3332.json index 867ff3c7f18..6e6aac87f63 100644 --- a/CVE-2024/CVE-2024-33xx/CVE-2024-3332.json +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3332.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-07-03T17:15:04.470", "lastModified": "2024-11-21T09:29:24.363", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-342xx/CVE-2024-34235.json b/CVE-2024/CVE-2024-342xx/CVE-2024-34235.json index 5cd3415424f..0b05fb4a8ef 100644 --- a/CVE-2024/CVE-2024-342xx/CVE-2024-34235.json +++ b/CVE-2024/CVE-2024-342xx/CVE-2024-34235.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T15:15:12.900", "lastModified": "2025-01-22T15:15:12.900", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-343xx/CVE-2024-34352.json b/CVE-2024/CVE-2024-343xx/CVE-2024-34352.json index 995b40783e8..dbca44971f2 100644 --- a/CVE-2024/CVE-2024-343xx/CVE-2024-34352.json +++ b/CVE-2024/CVE-2024-343xx/CVE-2024-34352.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-14T15:38:43.160", "lastModified": "2024-11-21T09:18:29.253", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34732.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34732.json index 76ecd41cd07..e437b67a9d1 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34732.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34732.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En RGXMMUCacheInvalidate de rgxmem.c, existe la posibilidad de ejecuci\u00f3n de c\u00f3digo arbitrario debido a una condici\u00f3n ejecuci\u00f3n. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34733.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34733.json index c8414550cdc..f9919383729 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34733.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34733.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En DevmemXIntMapPages de devicemem_server.c, existe la posibilidad de que se ejecute un c\u00f3digo arbitrario debido a un desbordamiento de n\u00fameros enteros. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34748.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34748.json index ab03acce246..c491093d0d7 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34748.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34748.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En _DevmemXReservationPageAddress de devicemem_server.c, existe una posible use-after-free debido a una conversi\u00f3n incorrecta. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35111.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35111.json index 5ef8666b9f8..5ea1abd5267 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35111.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35111.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Control Center 6.2.1 y 6.3.1 podr\u00edan permitir que un atacante remoto obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda utilizarse en futuros ataques contra sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35112.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35112.json index 4e517dfb673..e5d3ed48f8b 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35112.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35112.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Control Center 6.2.1 and 6.3.1 \n\ncould allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Control Center 6.2.1 y 6.3.1 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda utilizarse en futuros ataques contra el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35113.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35113.json index fbb2d21dc01..e78517d4500 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35113.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35113.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Control Center 6.2.1 and 6.3.1 \n\n\n\ncould allow an authenticated user to obtain sensitive information exposed through a directory listing." + }, + { + "lang": "es", + "value": "IBM Control Center 6.2.1 y 6.3.1 podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n confidencial expuesta a trav\u00e9s de una lista de directorios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35114.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35114.json index 7657e8ddc8d..17dcbe32015 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35114.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35114.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Control Center 6.2.1 and 6.3.1 \n\n\n\n\n\ncould allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts." + }, + { + "lang": "es", + "value": "IBM Control Center 6.2.1 y 6.3.1 podr\u00edan permitir que un atacante remoto enumere nombres de usuario debido a una discrepancia observable entre los intentos de inicio de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35122.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35122.json index 544fe73cff1..db07935a554 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35122.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35122.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file." + }, + { + "lang": "es", + "value": "IBM i 7.2, 7.3, 7.4 y 7.5 es vulnerable a una denegaci\u00f3n de servicio local a nivel de archivo causada por un requisito de autoridad insuficiente. Un usuario local sin privilegios puede configurar una restricci\u00f3n referencial con los privilegios de un usuario dise\u00f1ado socialmente para acceder al archivo de destino." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35134.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35134.json index 72760fede0b..c6358df03c2 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35134.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35134.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Analytics Content Hub 2.0 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda utilizarse en futuros ataques contra sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35144.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35144.json index d3f2726a2b3..e2d60cd8178 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35144.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35144.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM Maximo Application Suite 8.10, 8.11 y 9.0: el componente Monitor almacena el c\u00f3digo fuente en el servidor web que podr\u00eda ayudar en futuros ataques contra sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35145.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35145.json index 076a842e3b9..8dabd182452 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35145.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35145.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM Maximo Application Suite 9.0.0 - Monitor Component es vulnerable a ataques de cross-site scripting. Esta vulnerabilidad permite que un atacante no autenticado incorpore c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35148.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35148.json index 8438dad43fa..dc5282d0f0d 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35148.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35148.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database." + }, + { + "lang": "es", + "value": "IBM Maximo Application Suite 8.10.10, 8.11.7 y 9.0: el componente de monitorizaci\u00f3n es vulnerable a la inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar instrucciones SQL manipulado especiales, que podr\u00edan permitirle ver, agregar, modificar o eliminar informaci\u00f3n en la base de datos back-end." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35150.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35150.json index a648b279d32..f5b0a7ad919 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35150.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35150.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries." + }, + { + "lang": "es", + "value": "IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1 y 9.1.0: el componente Monitor no neutraliza la salida que se escribe en los registros, lo que podr\u00eda permitir que un atacante inyecte entradas de registro falsas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35247.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35247.json index 9f96fbe30be..ad0d57d4ce9 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35247.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35247.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-24T14:15:12.050", "lastModified": "2024-11-21T09:20:00.830", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35827.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35827.json index d6568e6dab9..184ebde0030 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35827.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35827.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T14:15:18.670", "lastModified": "2024-11-21T09:20:59.340", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35849.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35849.json index 6cafe9aebf7..fb2a4a7d139 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35849.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35849.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:21.777", "lastModified": "2024-11-21T09:21:02.527", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-358xx/CVE-2024-35885.json b/CVE-2024/CVE-2024-358xx/CVE-2024-35885.json index eac1b940342..2fff70fe142 100644 --- a/CVE-2024/CVE-2024-358xx/CVE-2024-35885.json +++ b/CVE-2024/CVE-2024-358xx/CVE-2024-35885.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:09.683", "lastModified": "2024-11-21T09:21:07.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-359xx/CVE-2024-35904.json b/CVE-2024/CVE-2024-359xx/CVE-2024-35904.json index 39b38c4bf87..02a2b54699f 100644 --- a/CVE-2024/CVE-2024-359xx/CVE-2024-35904.json +++ b/CVE-2024/CVE-2024-359xx/CVE-2024-35904.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:11.190", "lastModified": "2024-11-21T09:21:10.303", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-359xx/CVE-2024-35915.json b/CVE-2024/CVE-2024-359xx/CVE-2024-35915.json index 0ddb7258e19..27b3c64ad25 100644 --- a/CVE-2024/CVE-2024-359xx/CVE-2024-35915.json +++ b/CVE-2024/CVE-2024-359xx/CVE-2024-35915.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T09:15:11.987", "lastModified": "2024-11-21T09:21:11.757", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3548.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3548.json index 540c3336181..caca780326b 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3548.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3548.json @@ -3,7 +3,7 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2024-05-15T06:15:12.147", "lastModified": "2024-11-21T09:29:51.210", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3550.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3550.json index bfedae83667..515e5d1bfec 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3550.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3550.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-05-02T17:15:26.757", "lastModified": "2024-11-21T09:29:51.433", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36003.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36003.json index 714ef2e032e..b82bc34da89 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36003.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36003.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-20T10:15:14.360", "lastModified": "2024-11-21T09:21:24.537", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-364xx/CVE-2024-36479.json b/CVE-2024/CVE-2024-364xx/CVE-2024-36479.json index 42a5e84db33..5ba91900ca2 100644 --- a/CVE-2024/CVE-2024-364xx/CVE-2024-36479.json +++ b/CVE-2024/CVE-2024-364xx/CVE-2024-36479.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-24T14:15:12.157", "lastModified": "2024-12-14T21:15:18.730", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36903.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36903.json index 8c9ea13816f..bafcc6729d1 100644 --- a/CVE-2024/CVE-2024-369xx/CVE-2024-36903.json +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36903.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-30T16:15:13.867", "lastModified": "2024-11-21T09:22:46.660", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36927.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36927.json index 07154adb8ab..29216dda17d 100644 --- a/CVE-2024/CVE-2024-369xx/CVE-2024-36927.json +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36927.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-30T16:15:15.957", "lastModified": "2024-11-21T09:22:50.220", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36942.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36942.json index 605d527a7ca..51068b4c70f 100644 --- a/CVE-2024/CVE-2024-369xx/CVE-2024-36942.json +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36942.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-30T16:15:17.227", "lastModified": "2024-11-21T09:22:52.297", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36970.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36970.json index d54e581b802..dffd4de7046 100644 --- a/CVE-2024/CVE-2024-369xx/CVE-2024-36970.json +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36970.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-08T13:15:58.260", "lastModified": "2024-11-21T09:22:56.290", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3607.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3607.json index 0f49f86c2e3..4801c3ed486 100644 --- a/CVE-2024/CVE-2024-36xx/CVE-2024-3607.json +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3607.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-05-02T17:15:28.230", "lastModified": "2024-11-21T09:29:58.630", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-370xx/CVE-2024-37007.json b/CVE-2024/CVE-2024-370xx/CVE-2024-37007.json index 117112b679b..8b2b1998ed3 100644 --- a/CVE-2024/CVE-2024-370xx/CVE-2024-37007.json +++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37007.json @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "psirt@autodesk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", diff --git a/CVE-2024/CVE-2024-370xx/CVE-2024-37021.json b/CVE-2024/CVE-2024-370xx/CVE-2024-37021.json index f7b3b8c0526..ed742ed98bb 100644 --- a/CVE-2024/CVE-2024-370xx/CVE-2024-37021.json +++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37021.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-24T14:15:12.237", "lastModified": "2024-12-14T21:15:18.940", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37131.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37131.json index 9a9a2fd5d8c..4a7f3e4b3a8 100644 --- a/CVE-2024/CVE-2024-371xx/CVE-2024-37131.json +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37131.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-06-13T15:15:52.740", "lastModified": "2024-11-21T09:23:15.980", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37137.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37137.json index a00bd81f715..9e9ea6f793b 100644 --- a/CVE-2024/CVE-2024-371xx/CVE-2024-37137.json +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37137.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-06-28T02:15:03.780", "lastModified": "2024-11-21T09:23:16.737", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-375xx/CVE-2024-37526.json b/CVE-2024/CVE-2024-375xx/CVE-2024-37526.json index 19e6a577b57..b7b6415de82 100644 --- a/CVE-2024/CVE-2024-375xx/CVE-2024-37526.json +++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37526.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-27T22:15:11.770", "lastModified": "2025-01-27T22:15:11.770", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism." + }, + { + "lang": "es", + "value": "IBM Watson Query en Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2 y 3.0.0) podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n confidencial de objetos publicados mediante Watson Query debido a un mecanismo de protecci\u00f3n de datos inadecuado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-375xx/CVE-2024-37527.json b/CVE-2024/CVE-2024-375xx/CVE-2024-37527.json index 98506982fd8..6c210a33af3 100644 --- a/CVE-2024/CVE-2024-375xx/CVE-2024-37527.json +++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37527.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM OpenPages with Watson 8.3 y 9.0 es vulnerable a ataques de cross-site scripting. Esta vulnerabilidad permite que un usuario autenticado incorpore c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3747.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3747.json index b6113f7a18f..d38ffef6fe4 100644 --- a/CVE-2024/CVE-2024-37xx/CVE-2024-3747.json +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3747.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-05-02T17:15:31.223", "lastModified": "2024-11-21T09:30:18.343", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38296.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38296.json index c4ebc0ec0ac..2e0b918bd50 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38296.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38296.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-22T03:15:04.160", "lastModified": "2024-12-09T15:15:13.993", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38302.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38302.json index 26fcb4698e2..cacaa23a7cf 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38302.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38302.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-07-18T16:15:07.057", "lastModified": "2024-11-21T09:25:20.210", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38320.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38320.json index 9128ea4bb70..ef27ba09ad5 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38320.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38320.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Storage Protect for Virtual Environments: Data Protection for VMware\u00a0and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information." + }, + { + "lang": "es", + "value": "IBM Storage Protect for Virtual Environments: Data Protection for VMware y Storage Protect Backup-Archive Client 8.1.0.0 a 8.1.23.0 utilizan algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38325.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38325.json index 0ecfec5dc9d..1cc5ab60a33 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38325.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38325.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI \n\ncould allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques." + }, + { + "lang": "es", + "value": "La interfaz de l\u00ednea de comandos (CLI) de IBM Storage Defender 2.0.0 a 2.0.7 on-prem defend-sensor-cmd podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial mediante el env\u00edo de solicitudes de red a trav\u00e9s de un canal inseguro. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial mediante t\u00e9cnicas de intermediario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-384xx/CVE-2024-38488.json b/CVE-2024/CVE-2024-384xx/CVE-2024-38488.json index fbe2f538c53..6c724def180 100644 --- a/CVE-2024/CVE-2024-384xx/CVE-2024-38488.json +++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38488.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-13T14:15:21.993", "lastModified": "2024-12-13T14:15:21.993", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39511.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39511.json index 207a41b67a9..13ecb0447b8 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39511.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39511.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:10.127", "lastModified": "2024-11-21T09:27:53.120", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39512.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39512.json index 1fc7ff6fd55..6f74d69be8a 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39512.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39512.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:10.393", "lastModified": "2024-11-21T09:27:53.347", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39513.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39513.json index 467782f2b3c..a23536406ff 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39513.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39513.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:10.640", "lastModified": "2024-11-21T09:27:53.553", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39514.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39514.json index e220d7ef53d..738305bba95 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39514.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39514.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:10.877", "lastModified": "2024-11-21T09:27:53.747", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39517.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39517.json index 738ec998f9b..7b8f8f7e516 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39517.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39517.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:11.127", "lastModified": "2024-11-21T09:27:54.420", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39554.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39554.json index 3719dde17f5..b6777103df6 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39554.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39554.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:11.607", "lastModified": "2024-11-21T09:27:59.993", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39555.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39555.json index ad6564968d6..53801b0da04 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39555.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39555.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:11.863", "lastModified": "2024-11-21T09:28:00.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39556.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39556.json index 5f8575e8186..fc755ab2799 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39556.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39556.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:12.133", "lastModified": "2024-11-21T09:28:00.333", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39557.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39557.json index e39dd0a974a..02190df49a1 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39557.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39557.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:12.370", "lastModified": "2024-11-21T09:28:00.497", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39558.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39558.json index 7f49f506ead..1adc3cdd196 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39558.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39558.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:12.617", "lastModified": "2024-11-21T09:28:00.643", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39559.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39559.json index d2a467c3cc3..f87bc5adac9 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39559.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39559.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:12.863", "lastModified": "2024-11-21T09:28:00.807", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39562.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39562.json index 7d92992dc86..af535cfcce3 100644 --- a/CVE-2024/CVE-2024-395xx/CVE-2024-39562.json +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39562.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sirt@juniper.net", "published": "2024-07-10T23:15:13.670", "lastModified": "2024-11-21T09:28:01.273", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39750.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39750.json index 610b97ea270..539bb22a6ab 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39750.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39750.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash." + }, + { + "lang": "es", + "value": "IBM Analytics Content Hub 2.0 es vulnerable a un desbordamiento de b\u00fafer debido a una comprobaci\u00f3n incorrecta de la longitud de retorno. Un atacante remoto autenticado podr\u00eda desbordar un b\u00fafer y ejecutar c\u00f3digo arbitrario en sistema o provocar un bloqueo del servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40649.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40649.json index 4968b6985b0..be2783655f4 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40649.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40649.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En TBD de TBD, existe una posible use-after-free debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40651.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40651.json index 9534b0d8fb4..167aaaf92dd 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40651.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40651.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En TBD de TBD, existe una posible use-after-free debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40669.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40669.json index 52b0aac9507..6eefb589730 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40669.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40669.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En TBD de TBD, existe un posible use after free debido a una condici\u00f3n ejecuci\u00f3n. Esto podr\u00eda llevar a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40670.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40670.json index f5f697e20c3..dabe0c1262c 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40670.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40670.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En TBD de TBD, existe un posible use after free debido a una condici\u00f3n ejecuci\u00f3n. Esto podr\u00eda llevar a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40672.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40672.json index 4b4cc9ec607..7188afcfd0f 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40672.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40672.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En onCreate de ChooserActivity.java, existe una forma posible de eludir las protecciones de restablecimiento de f\u00e1brica debido a la falta de una verificaci\u00f3n de permisos. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40673.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40673.json index a4410866a70..a7af215e767 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40673.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40673.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Source de ZipFile.java, existe una forma posible de que un atacante ejecute c\u00f3digo arbitrario manipulando la carga de c\u00f3digo din\u00e1mico debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40674.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40674.json index 115bae08eca..1a14ef0ccf1 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40674.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40674.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En validateSsid de WifiConfigurationUtil.java, existe una forma posible de desbordar el archivo de configuraci\u00f3n sistema debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40675.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40675.json index ef0592e5883..663a6c45e37 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40675.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40675.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En parseUriInternal de Intent.java, existe un posible bucle infinito debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40676.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40676.json index 84bbcf8e956..a2a5070b197 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40676.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40676.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En checkKeyIntent de AccountManagerService.java, existe una forma posible de eludir la comprobaci\u00f3n de seguridad de intent e instalar una aplicaci\u00f3n desconocida debido a un subordinado confundido. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40677.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40677.json index 4cc91789cc2..ffb87423dad 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40677.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40677.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En shouldSkipForInitialSUW de AdvancedPowerUsageDetail.java, existe una forma posible de eludir las protecciones de restablecimiento de f\u00e1brica debido a una verificaci\u00f3n de permisos faltante. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-406xx/CVE-2024-40693.json b/CVE-2024/CVE-2024-406xx/CVE-2024-40693.json index 0503afd19fc..340bdae6178 100644 --- a/CVE-2024/CVE-2024-406xx/CVE-2024-40693.json +++ b/CVE-2024/CVE-2024-406xx/CVE-2024-40693.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks." + }, + { + "lang": "es", + "value": "IBM Planning Analytics 2.0 y 2.1 podr\u00edan ser vulnerables a la carga de archivos maliciosos al no validar el contenido del archivo cargado en la interfaz web. Los atacantes pueden aprovechar esta debilidad y cargar archivos ejecutables maliciosos en sistema, que pueden enviarse a la v\u00edctima para realizar otros ataques." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40706.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40706.json index 161b51a07de..86b8b93bda5 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40706.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40706.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system." + }, + { + "lang": "es", + "value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un usuario remoto obtenga informaci\u00f3n confidencial sobre la versi\u00f3n que podr\u00eda ayudar en futuros ataques contra sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40919.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40919.json index 7d9daead727..882107b1419 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40919.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40919.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:14.937", "lastModified": "2024-11-21T09:31:51.540", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40928.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40928.json index be1894b712b..5e09fdec4c0 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40928.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40928.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:15.550", "lastModified": "2024-11-21T09:31:53.337", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40933.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40933.json index 2889c87901b..0edf3e49134 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40933.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40933.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:15.913", "lastModified": "2024-11-21T09:31:53.963", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40936.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40936.json index 31f8bc50cd0..58b11312854 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40936.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40936.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:16.123", "lastModified": "2024-11-21T09:31:54.373", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40945.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40945.json index afcd4be0dc1..35815fb25f7 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40945.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40945.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:16.853", "lastModified": "2024-11-21T09:31:55.457", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40947.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40947.json index d80a1a7ce3a..c5060950655 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40947.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40947.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:17.073", "lastModified": "2024-11-21T09:31:55.580", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-409xx/CVE-2024-40972.json b/CVE-2024/CVE-2024-409xx/CVE-2024-40972.json index 679d05ff6eb..1daea52b13b 100644 --- a/CVE-2024/CVE-2024-409xx/CVE-2024-40972.json +++ b/CVE-2024/CVE-2024-409xx/CVE-2024-40972.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-12T13:15:18.820", "lastModified": "2024-11-21T09:31:58.800", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41025.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41025.json index 3b2613fd11f..68cb6b1b132 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41025.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41025.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T15:15:11.343", "lastModified": "2024-11-21T09:32:05.460", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41048.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41048.json index 233e1691bb6..daaa964acb0 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41048.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41048.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T15:15:13.103", "lastModified": "2024-11-21T09:32:08.240", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-410xx/CVE-2024-41077.json b/CVE-2024/CVE-2024-410xx/CVE-2024-41077.json index fcc6dc8ab22..170f977990c 100644 --- a/CVE-2024/CVE-2024-410xx/CVE-2024-41077.json +++ b/CVE-2024/CVE-2024-410xx/CVE-2024-41077.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T15:15:15.303", "lastModified": "2024-11-21T09:32:11.893", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41140.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41140.json index 65ffef84f66..2b3ac143b33 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41140.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41140.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Zohocorp ManageEngine Applications Manager versions\u00a0174000 and prior are vulnerable to the incorrect authorization in the update user function." + }, + { + "lang": "es", + "value": "Las versiones 174000 y anteriores de Zohocorp ManageEngine Applications Manager son vulnerables a la autorizaci\u00f3n incorrecta en la funci\u00f3n de actualizaci\u00f3n de usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41739.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41739.json index 70db6afef07..2928283c902 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41739.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41739.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-24T14:15:31.397", "lastModified": "2025-01-24T14:15:31.397", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion." + }, + { + "lang": "es", + "value": "IBM Cognos Dashboards 4.0.7 y 5.0.0 en Cloud Pak for Data podr\u00eda permitir que un atacante remoto realice acciones no autorizadas debido a una confusi\u00f3n de dependencias." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41757.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41757.json index 6f153e7d847..c7c9d5a1af6 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41757.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41757.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques." + }, + { + "lang": "es", + "value": "IBM Concert Software 1.0.0 y 1.0.1 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial, debido a la falla en la habilitaci\u00f3n correcta de HTTP Strict Transport Security. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial mediante t\u00e9cnicas de intermediario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41967.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41967.json index 76011c92a15..2fbdd2359f0 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41967.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41967.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41968.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41968.json index ac473c683a4..918e9dee177 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41968.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41968.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41969.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41969.json index ec8e13f20d7..de052d6bc1f 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41969.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41969.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41970.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41970.json index d32bf9cbd89..cd75c365f3c 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41970.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41970.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41971.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41971.json index ddfb36863fb..7ad8fdf3b6f 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41971.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41971.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41972.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41972.json index 9e45b9179d1..a0a21240496 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41972.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41972.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41973.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41973.json index 7667d397c39..31e10b0b5ff 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41973.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41973.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41974.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41974.json index 91eb79936ef..21eedcd95b7 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41974.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41974.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42012.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42012.json index 926f73bab8e..c72fd35ef01 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42012.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42012.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T16:15:29.183", "lastModified": "2025-01-22T16:15:29.183", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42013.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42013.json index f8f5713433b..768eac1250b 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42013.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42013.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T16:15:29.303", "lastModified": "2025-01-22T16:15:29.303", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42089.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42089.json index 59a25fb883b..4a6f09ca88d 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42089.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42089.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T17:15:11.520", "lastModified": "2024-11-21T09:33:34.470", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42106.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42106.json index d851b09b099..dbdacca3b93 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42106.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42106.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:03.100", "lastModified": "2024-11-21T09:33:36.830", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42182.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42182.json index 472a6b5a83e..08efd851e44 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42182.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42182.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@hcl.com", "published": "2025-01-23T01:15:26.580", "lastModified": "2025-01-23T01:15:26.580", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42183.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42183.json index e94eab93faa..f1205b025a7 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42183.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42183.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@hcl.com", "published": "2025-01-23T02:15:35.933", "lastModified": "2025-01-23T02:15:35.933", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42184.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42184.json index b96d5670076..204dc85f548 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42184.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42184.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@hcl.com", "published": "2025-01-23T03:15:08.727", "lastModified": "2025-01-23T03:15:08.727", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42185.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42185.json index 50aa5445ec6..aec43806f82 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42185.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42185.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@hcl.com", "published": "2025-01-23T03:15:08.860", "lastModified": "2025-01-23T03:15:08.860", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42186.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42186.json index e0615cad2a4..ece1a7a8521 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42186.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42186.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@hcl.com", "published": "2025-01-23T03:15:08.983", "lastModified": "2025-01-23T03:15:08.983", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42187.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42187.json index 0280cbf3e31..ad15454b8df 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42187.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42187.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@hcl.com", "published": "2025-01-23T03:15:09.103", "lastModified": "2025-01-23T03:15:09.103", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42422.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42422.json index 166b07660a4..aeda98633fb 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42422.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42422.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-03T13:15:04.987", "lastModified": "2024-12-03T13:15:04.987", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43098.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43098.json index 98a87350335..896fc17fd6f 100644 --- a/CVE-2024/CVE-2024-430xx/CVE-2024-43098.json +++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43098.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-11T13:15:21.240", "lastModified": "2025-01-11T13:15:21.240", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43445.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43445.json index c3be5db1843..9cb7f20759a 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43445.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43445.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad en OTRS y ((OTRS Community Edition)) que no configura el encabezado de respuesta HTTP X-Content-Type-Options como nosniff. Un atacante podr\u00eda aprovechar esta vulnerabilidad al cargar o insertar contenido que se tratar\u00eda como un tipo MIME diferente al previsto. Este problema afecta a: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Los productos basados ??en ((OTRS)) Community Edition tambi\u00e9n son muy propensos a verse afectados" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43446.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43446.json index f5df0a4e4ee..ccb29156769 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43446.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43446.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de administraci\u00f3n de privilegios incorrecta en el m\u00f3dulo de interfaz gen\u00e9rica de OTRS permite cambiar el estado del ticket incluso si el usuario solo tiene permisos ro. Este problema afecta a: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Es muy probable que los productos basados ??en ((OTRS)) Community Edition tambi\u00e9n se vean afectados" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43485.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43485.json index b2d1d470ac1..7b193b06464 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43485.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43485.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43498.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43498.json index 6088a1cc4d7..62889326164 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43498.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43498.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43499.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43499.json index 20328a8c953..923398e6375 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43499.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43499.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-437xx/CVE-2024-43707.json b/CVE-2024/CVE-2024-437xx/CVE-2024-43707.json index 4b8781af056..6f72741cc12 100644 --- a/CVE-2024/CVE-2024-437xx/CVE-2024-43707.json +++ b/CVE-2024/CVE-2024-437xx/CVE-2024-43707.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2025-01-23T06:15:27.380", "lastModified": "2025-01-23T06:15:27.380", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-437xx/CVE-2024-43708.json b/CVE-2024/CVE-2024-437xx/CVE-2024-43708.json index 64232029dcd..23f31c3d36d 100644 --- a/CVE-2024/CVE-2024-437xx/CVE-2024-43708.json +++ b/CVE-2024/CVE-2024-437xx/CVE-2024-43708.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2025-01-23T11:15:10.553", "lastModified": "2025-01-23T11:15:10.553", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-437xx/CVE-2024-43710.json b/CVE-2024/CVE-2024-437xx/CVE-2024-43710.json index f4a3c6396b2..d5f7c510517 100644 --- a/CVE-2024/CVE-2024-437xx/CVE-2024-43710.json +++ b/CVE-2024/CVE-2024-437xx/CVE-2024-43710.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2025-01-23T06:15:27.550", "lastModified": "2025-01-23T06:15:27.550", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43815.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43815.json index 1be13fe8cce..3c63f300f23 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43815.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43815.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-17T10:15:07.870", "lastModified": "2024-08-19T12:59:59.177", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-450xx/CVE-2024-45077.json b/CVE-2024/CVE-2024-450xx/CVE-2024-45077.json index 752ca1e8c78..cb4cb425e58 100644 --- a/CVE-2024/CVE-2024-450xx/CVE-2024-45077.json +++ b/CVE-2024/CVE-2024-450xx/CVE-2024-45077.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system." + }, + { + "lang": "es", + "value": "La API MXAPIASSET de IBM Maximo Asset Management 7.6.1.3 es vulnerable a la carga de archivos sin restricciones, lo que permite que usuarios autenticados con pocos privilegios carguen tipos de archivos restringidos con un m\u00e9todo simple de agregar un punto al final del nombre del archivo si Maximo est\u00e1 instalado en el sistema operativo Windows sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45336.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45336.json index 7baec480355..25d5b9adf56 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45336.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45336.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2." + }, + { + "lang": "es", + "value": "El cliente HTTP descarta los encabezados confidenciales despu\u00e9s de seguir una redirecci\u00f3n entre dominios. Por ejemplo, una solicitud a a.com/ que contiene un encabezado de autorizaci\u00f3n que se redirige a b.com/ no enviar\u00e1 ese encabezado a b.com. Sin embargo, en el caso de que el cliente reciba una redirecci\u00f3n posterior al mismo dominio, los encabezados confidenciales se restaurar\u00e1n. Por ejemplo, una cadena de redirecciones desde a.com/, a b.com/1 y, finalmente, a b.com/2 enviar\u00eda incorrectamente el encabezado de autorizaci\u00f3n a b.com/2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45339.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45339.json index 9262a30076d..76c18ef6554 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45339.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45339.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists." + }, + { + "lang": "es", + "value": "Cuando los registros se escriben en un directorio de amplia escritura (el predeterminado), un atacante sin privilegios puede predecir la ruta del archivo de registro de un proceso privilegiado y crear previamente un enlace simb\u00f3lico a un archivo confidencial en su lugar. Cuando se ejecuta ese proceso privilegiado, seguir\u00e1 el enlace simb\u00f3lico plantado y sobrescribir\u00e1 ese archivo confidencial. Para solucionarlo, glog ahora hace que el programa salga (con el c\u00f3digo de estado 2) cuando descubre que el archivo de registro configurado ya existe." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45340.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45340.json index 408ad18e2f6..939e3a4f919 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45340.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45340.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file." + }, + { + "lang": "es", + "value": "Las credenciales proporcionadas a trav\u00e9s de la nueva funci\u00f3n GOAUTH no se segmentaban correctamente por dominio, lo que permit\u00eda que un servidor malintencionado solicitara credenciales a las que no deber\u00eda tener acceso. De forma predeterminada, a menos que se configure lo contrario, esto solo afectaba a las credenciales almacenadas en el archivo .netrc de los usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45341.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45341.json index 24e835b764c..dd379bf5101 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45341.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45341.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs." + }, + { + "lang": "es", + "value": "Un certificado con un URI que tiene una direcci\u00f3n IPv6 con un ID de zona puede satisfacer incorrectamente una restricci\u00f3n de nombre de URI que se aplica a la cadena de certificados. Los certificados que contienen URI no est\u00e1n permitidos en la PKI web, por lo que esto solo afecta a los usuarios de PKI privadas que utilizan URI." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45598.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45598.json index a0d728ebcb5..2d2035a68e8 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45598.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45598.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29." + }, + { + "lang": "es", + "value": "Cacti es un sistema de gesti\u00f3n de errores y rendimiento de c\u00f3digo abierto framework. Antes de la versi\u00f3n 1.2.29, un administrador pod\u00eda cambiar el par\u00e1metro `Poller Standard Error Log Path` en el Paso 5 de instalaci\u00f3n o en la pesta\u00f1a Configuraci\u00f3n->Configuraci\u00f3n->Rutas a un archivo local dentro del servidor. Luego, simplemente yendo a la pesta\u00f1a Registros y seleccionando el nombre del archivo local se mostrar\u00e1 su contenido en la interfaz de usuario web. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.2.29." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-45xx/CVE-2024-4536.json b/CVE-2024/CVE-2024-45xx/CVE-2024-4536.json index 5c6f0567aa0..2a2d625aba9 100644 --- a/CVE-2024/CVE-2024-45xx/CVE-2024-4536.json +++ b/CVE-2024/CVE-2024-45xx/CVE-2024-4536.json @@ -3,7 +3,7 @@ "sourceIdentifier": "emo@eclipse.org", "published": "2024-05-07T13:15:48.513", "lastModified": "2024-11-21T09:43:03.563", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46881.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46881.json index 7a06debd91f..9dad897d35a 100644 --- a/CVE-2024/CVE-2024-468xx/CVE-2024-46881.json +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46881.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable versions) does not include the projects section of the configuration. This leads to all of the project settings being reset to their defaults when the old schema is loaded. In the case of projects.enabled, the default is false. Thus, using an enterprise config v8 results in Project level access control being disabled, even if it was previously enabled, and previously restricted project information disclosed. Most commonly, this occurs when a Develocity instance is upgraded from an earlier version. Specifically, this occurs if: Develocity 2023.3.X is upgraded to 2023.4.X; Develocity 2023.3.X is upgraded to 2024.1.X up to and including 2024.1.7; or Develocity 2023.4.X is upgraded to 2024.1.X up to and including 2024.1.7. The flaw does not occur when upgrading to a fixed version. An upgrade can only be triggered via administrator access, and cannot be forced by an external attacker." + }, + { + "lang": "es", + "value": "Develocity (anteriormente Gradle Enterprise) antes de 2024.1.8 tiene un control de acceso incorrecto. La configuraci\u00f3n de control de acceso a nivel de proyecto se introdujo en la versi\u00f3n 8 del esquema de Enterprise Config. La funcionalidad de migraci\u00f3n de la versi\u00f3n 8 del esquema a las versiones 9 y 10 (en las versiones vulnerables afectadas) no incluye la secci\u00f3n de proyectos de la configuraci\u00f3n. Esto hace que todas las configuraciones del proyecto se restablezcan a sus valores predeterminados cuando se carga el esquema anterior. En el caso de projects.enabled, el valor predeterminado es false. Por lo tanto, el uso de una configuraci\u00f3n empresarial v8 da como resultado que el control de acceso a nivel de proyecto se deshabilite, incluso si estaba habilitado anteriormente, y que se revele informaci\u00f3n del proyecto restringida anteriormente. Lo m\u00e1s com\u00fan es que esto ocurra cuando una instancia de Develocity se actualiza desde una versi\u00f3n anterior. Espec\u00edficamente, esto ocurre si: Develocity 2023.3.X se actualiza a 2023.4.X; Develocity 2023.3.X se actualiza a 2024.1.X hasta incluida 2024.1.7; o Develocity 2023.4.X se actualiza a 2024.1.X hasta incluida 2024.1.7. La falla no ocurre cuando se actualiza a versi\u00f3n correctora. Una actualizaci\u00f3n solo se puede activar a trav\u00e9s del acceso de administrador y no puede ser forzada por un atacante externo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4629.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4629.json index 42dac5e24bc..e93b7909d41 100644 --- a/CVE-2024/CVE-2024-46xx/CVE-2024-4629.json +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4629.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47143.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47143.json index a70bc9e3e0b..a0fc7f52df8 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47143.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47143.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-11T13:15:22.007", "lastModified": "2025-01-11T13:15:22.007", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47238.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47238.json index d70df0f70b9..51ce22c9a26 100644 --- a/CVE-2024/CVE-2024-472xx/CVE-2024-47238.json +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47238.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-12T18:15:25.250", "lastModified": "2024-12-12T18:15:25.250", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47239.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47239.json index f639beab1b9..6244303437f 100644 --- a/CVE-2024/CVE-2024-472xx/CVE-2024-47239.json +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47239.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2025-01-08T03:15:08.413", "lastModified": "2025-01-08T03:15:08.413", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47476.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47476.json index ecd3a435d76..8dee8879d90 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47476.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47476.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-03T10:15:05.883", "lastModified": "2024-12-03T10:15:05.883", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47480.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47480.json index 745ed1ae22f..31649668fc7 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47480.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47480.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-18T03:15:26.583", "lastModified": "2024-12-18T03:15:26.583", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47484.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47484.json index 02de19d3fb5..732b9089b00 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47484.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47484.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-10T11:15:07.400", "lastModified": "2024-12-16T11:15:06.110", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47977.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47977.json index cacfbcf09f9..c3aea734a4d 100644 --- a/CVE-2024/CVE-2024-479xx/CVE-2024-47977.json +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47977.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-10T11:15:07.550", "lastModified": "2024-12-16T11:15:06.370", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47984.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47984.json index a701d9685c6..0a6d1bdf6a9 100644 --- a/CVE-2024/CVE-2024-479xx/CVE-2024-47984.json +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47984.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-13T15:15:27.110", "lastModified": "2024-12-13T15:15:27.110", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4785.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4785.json index 25a5f84d1e2..6e95fefd32c 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4785.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4785.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-08-19T22:15:05.893", "lastModified": "2024-08-20T15:44:20.567", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48007.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48007.json index e015373c854..cc35e42a139 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48007.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48007.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-13T14:15:22.147", "lastModified": "2024-12-13T14:15:22.147", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48008.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48008.json index bd9c7bfcddd..2ca1a8acdaf 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48008.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48008.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-13T14:15:22.273", "lastModified": "2024-12-13T14:15:22.273", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-483xx/CVE-2024-48310.json b/CVE-2024/CVE-2024-483xx/CVE-2024-48310.json index 18bf7eca4c8..dae09e83b74 100644 --- a/CVE-2024/CVE-2024-483xx/CVE-2024-48310.json +++ b/CVE-2024/CVE-2024-483xx/CVE-2024-48310.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Attackers may use these keys to access the backend API or other sensitive information." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el AutoLib Software Systems OPAC v20.10 tiene varias claves API expuestas dentro del c\u00f3digo fuente. Los atacantes pueden usar estas claves para acceder a la API de backend o a otra informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48662.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48662.json index 60ce7dc8e69..b077d44eb05 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48662.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48662.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component." + }, + { + "lang": "es", + "value": "La vulnerabilidad Cross Site Scripting en AdGuard Application v.7.18.1 (4778) y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el componente fontMatrix." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-487xx/CVE-2024-48761.json b/CVE-2024/CVE-2024-487xx/CVE-2024-48761.json index 781de21676c..494b549ee58 100644 --- a/CVE-2024/CVE-2024-487xx/CVE-2024-48761.json +++ b/CVE-2024/CVE-2024-487xx/CVE-2024-48761.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the \"erro\" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system." + }, + { + "lang": "es", + "value": "El componente espec\u00edfico de Celk Saude 3.1.252.1 que procesa la entrada del usuario y devuelve mensajes de error al cliente es vulnerable debido a una validaci\u00f3n incorrecta o desinfecci\u00f3n del par\u00e1metro \"erro\". Este par\u00e1metro aparece como respuesta cuando se ingresan credenciales incorrectas durante el inicio de sesi\u00f3n. La falta de una validaci\u00f3n o desinfecci\u00f3n adecuada hace que el componente sea susceptible a ataques de inyecci\u00f3n, lo que potencialmente permite a los atacantes manipular la entrada y explotar sistema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48841.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48841.json index 3c003f066a5..e24336d9ead 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48841.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48841.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2025-01-27T20:15:34.090", "lastModified": "2025-01-27T20:15:34.090", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Network access can be used to execute arbitrary code with elevated privileges. \n\n\n\n\n\nThis\nissue affects FLXEON 9.3.4 and older." + }, + { + "lang": "es", + "value": "El acceso a la red se puede utilizar para ejecutar c\u00f3digo arbitrario con privilegios elevados. Este problema afecta a FLXEON 9.3.4 y versiones anteriores." } ], "metrics": { @@ -82,7 +86,7 @@ "weaknesses": [ { "source": "cybersecurity@ch.abb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48849.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48849.json index 5fb4225127b..b7e3b2bdf0d 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48849.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48849.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Origin Validation in WebSockets vulnerability in\u00a0FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests.\u00a0This issue affects FLXEON: through <= 9.3.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de validaci\u00f3n de origen en WebSockets en FLXEON. La gesti\u00f3n de sesiones no era suficiente para evitar solicitudes HTTPS no autorizadas. Este problema afecta a FLXEON: hasta <= 9.3.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48852.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48852.json index 20844aa9c20..c6c571e4c74 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48852.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48852.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access.\n \n\nThis issue affects FLXEON through <= 9.3.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro observada en FLEXON. Es posible que se divulgue cierta informaci\u00f3n de forma indebida mediante el acceso https. Este problema afecta a FLXEON hasta la versi\u00f3n <= 9.3.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48875.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48875.json index 481e6c11a41..fb72df0f79f 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48875.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48875.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-11T13:15:22.933", "lastModified": "2025-01-11T13:15:22.933", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49600.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49600.json index 181895d8b81..20bd26f46c3 100644 --- a/CVE-2024/CVE-2024-496xx/CVE-2024-49600.json +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49600.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-09T15:15:17.387", "lastModified": "2024-12-09T15:15:17.387", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50051.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50051.json index 1d69129ca9b..1d42e7b03d8 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50051.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50051.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-11T13:15:24.427", "lastModified": "2025-01-11T13:15:24.427", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50690.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50690.json index 0ad924e3aaa..831b57b5da3 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50690.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50690.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates." + }, + { + "lang": "es", + "value": "SunGrow WiNet-SV200.001.00.P027 y versiones anteriores contienen una contrase\u00f1a codificada que se puede utilizar para descifrar todas las actualizaciones de firmware." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50692.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50692.json index c7997d5748c..2b5682d95c7 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50692.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50692.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level." + }, + { + "lang": "es", + "value": "SunGrow WiNet-SV200.001.00.P027 y versiones anteriores contienen credenciales MQTT codificadas que permiten a un atacante enviar comandos arbitrarios a un inversor arbitrario. Tambi\u00e9n es posible hacerse pasar por el br\u00f3ker, ya que no se utiliza TLS para identificar al br\u00f3ker MQTT real. Esto significa que las comunicaciones MQTT son vulnerables a ataques MitM a nivel TCP/IP." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50694.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50694.json index a1ca540097f..3634ee76765 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50694.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50694.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow." + }, + { + "lang": "es", + "value": "En SunGrow WiNet-SV200.001.00.P027 y versiones anteriores, al copiar la lectura timestamp de un mensaje MQTT, el c\u00f3digo subyacente no comprueba los l\u00edmites del b\u00fafer que se utiliza para almacenar el mensaje. Esto puede provocar un desbordamiento del b\u00fafer basado en la pila." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50695.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50695.json index 76d5e77a779..e90299d2cf3 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50695.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50695.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks." + }, + { + "lang": "es", + "value": "SunGrow WiNet-SV200.001.00.P027 y versiones anteriores son vulnerables al desbordamiento de b\u00fafer basado en pila al analizar mensajes MQTT, debido a la falta de comprobaciones de los l\u00edmites de temas MQTT." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50698.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50698.json index 904ce63940e..e13a4b7ddbb 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50698.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50698.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content." + }, + { + "lang": "es", + "value": "SunGrow WiNet-SV200.001.00.P027 y versiones anteriores son vulnerables al desbordamiento del b\u00fafer basado en el mont\u00f3n debido a las comprobaciones de los l\u00edmites del contenido del mensaje MQTT." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51457.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51457.json index 90d0244d1b2..d51e9b810e6 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51457.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51457.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-22T17:15:12.390", "lastModified": "2025-01-22T17:15:12.390", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52012.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52012.json index 1cebc51c6b1..0391daed6be 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52012.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52012.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Relative Path Traversal vulnerability in Apache Solr.\n\nSolr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the \"configset upload\" API.\u00a0 Commonly known as a \"zipslip\", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.\u00a0\u00a0\nThis issue affects Apache Solr: from 6.6 through 9.7.0.\n\nUsers are recommended to upgrade to version 9.8.0, which fixes the issue.\u00a0 Users unable to upgrade may also safely prevent the issue by using Solr's \"Rule-Based Authentication Plugin\" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Relative Path Traversal en Apache Solr. Las instancias de Solr que se ejecutan en Windows son vulnerables al acceso de escritura a rutas de archivo arbitrarias, debido a la falta de desinfecci\u00f3n de entrada en la API de \"carga de conjuntos de configuraci\u00f3n\". Los archivos ZIP creados de forma malintencionada, conocidos com\u00fanmente como \"zipslip\", pueden usar rutas de archivo relativas para escribir datos en partes no previstas del sistema de archivos. Este problema afecta a Apache Solr: desde la versi\u00f3n 6.6 hasta la 9.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 9.8.0, que soluciona el problema. Los usuarios que no puedan actualizar tambi\u00e9n pueden evitar el problema de forma segura utilizando el \"complemento de autenticaci\u00f3n basada en reglas\" de Solr para restringir el acceso a la API de carga de conjuntos de configuraci\u00f3n, de modo que solo pueda acceder a ella un conjunto confiable de administradores/usuarios." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52537.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52537.json index 3185487e02d..bf6493cd5a1 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52537.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52537.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-11T08:15:05.747", "lastModified": "2024-12-11T08:15:05.747", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52538.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52538.json index e6a1c0d25b4..4f4ed37f52f 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52538.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52538.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-10T11:15:07.690", "lastModified": "2024-12-16T11:15:06.523", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json index e3323b10936..8a0e721cce6 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52542.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-17T12:15:20.703", "lastModified": "2024-12-17T12:15:20.703", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52807.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52807.json index 9db65501445..d86e8d7fec2 100644 --- a/CVE-2024/CVE-2024-528xx/CVE-2024-52807.json +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52807.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available." + }, + { + "lang": "es", + "value": "El HL7 FHIR IG publisher es una herramienta que toma un conjunto de entradas y crea un FHIR IG est\u00e1ndar. Antes de la versi\u00f3n 1.7.4, las transformaciones XSLT realizadas por varios componentes son vulnerables a las inyecciones de entidades externas XML. Un archivo XML procesado con una etiqueta DTD maliciosa `( ]>` podr\u00eda producir XML que contenga datos del host sistema. Esto afecta los casos de uso en los que se utiliza org.hl7.fhir.publisher dentro de un host donde los clientes externos pueden enviar XML. Una versi\u00f3n anterior proporcion\u00f3 una soluci\u00f3n incompleta revelada por nuevas pruebas. Este problema se ha solucionado a partir de la versi\u00f3n 1.7.4. No hay workarounds disponibles." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52972.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52972.json index 09f55cbae49..9e38ecf2d5d 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52972.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52972.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2025-01-23T07:15:08.700", "lastModified": "2025-01-23T07:15:08.700", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52975.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52975.json index 3d292cfacaf..93dbdc3ac9e 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52975.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52975.json @@ -3,7 +3,7 @@ "sourceIdentifier": "bressers@elastic.co", "published": "2025-01-23T08:15:16.990", "lastModified": "2025-01-23T08:15:16.990", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53161.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53161.json index e00472e1eab..2cc48682902 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53161.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53161.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-24T12:15:24.453", "lastModified": "2024-12-24T12:15:24.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53168.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53168.json index 23be63c5ceb..3310c8f3c4f 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53168.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53168.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:23.940", "lastModified": "2024-12-27T14:15:23.940", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-531xx/CVE-2024-53175.json b/CVE-2024/CVE-2024-531xx/CVE-2024-53175.json index 64c29cd727c..72c2f951b5c 100644 --- a/CVE-2024/CVE-2024-531xx/CVE-2024-53175.json +++ b/CVE-2024/CVE-2024-531xx/CVE-2024-53175.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:24.820", "lastModified": "2024-12-27T14:15:24.820", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53215.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53215.json index 4125378f189..2f50b71ac99 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53215.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53215.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:29.467", "lastModified": "2024-12-27T14:15:29.467", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53224.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53224.json index 4aacb8f061d..b3fb2a20a48 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53224.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53224.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:30.583", "lastModified": "2024-12-27T14:15:30.583", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53232.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53232.json index d6e69ef5470..5024b018d0c 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53232.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53232.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:31.510", "lastModified": "2024-12-27T14:15:31.510", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53239.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53239.json index 212ace099c3..339de0a835f 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53239.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53239.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:32.373", "lastModified": "2024-12-27T14:15:32.373", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53289.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53289.json index a986429116c..c0d41a08296 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53289.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53289.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-11T08:15:06.010", "lastModified": "2024-12-11T08:15:06.010", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53290.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53290.json index f92f9a8a292..f5ca66bd96b 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53290.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53290.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-11T08:15:06.250", "lastModified": "2024-12-11T08:15:06.250", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53292.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53292.json index f7be1e99d01..3e7e6d1c11a 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53292.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53292.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security_alert@emc.com", "published": "2024-12-11T08:15:06.423", "lastModified": "2024-12-11T08:15:06.423", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json index 490a56dd179..6c2a9636dac 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53299.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2025-01-23T09:15:07.033", "lastModified": "2025-01-23T18:15:30.777", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53379.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53379.json index 930199e6048..8bc6abf2691 100644 --- a/CVE-2024/CVE-2024-533xx/CVE-2024-53379.json +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53379.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-23T23:15:07.993", "lastModified": "2025-01-23T23:15:07.993", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53615.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53615.json index b54112da43a..4579d6f3553 100644 --- a/CVE-2024/CVE-2024-536xx/CVE-2024-53615.json +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53615.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el componente de representaci\u00f3n de miniaturas de video de files.gallery v0.3.0 a 0.11.0 de Karl Ward permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de video manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53869.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53869.json index 9be301dc19a..992ba5cf9fb 100644 --- a/CVE-2024/CVE-2024-538xx/CVE-2024-53869.json +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53869.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T04:15:10.023", "lastModified": "2025-01-28T04:15:10.023", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure." + }, + { + "lang": "es", + "value": "El controlador de NVIDIA Unified Memory para Linux contiene una vulnerabilidad que permite a un atacante filtrar memoria no inicializada. Si se explota esta vulnerabilidad con \u00e9xito, se podr\u00eda divulgar informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53881.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53881.json index 9a19a5036f3..c8a99d6c46a 100644 --- a/CVE-2024/CVE-2024-538xx/CVE-2024-53881.json +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53881.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@nvidia.com", "published": "2025-01-28T04:15:10.170", "lastModified": "2025-01-28T04:15:10.170", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service." + }, + { + "lang": "es", + "value": "El software NVIDIA vGPU contiene una vulnerabilidad en el controlador del host, donde puede permitir que un invitado provoque una tormenta de interrupciones en el host, lo que puede provocar una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54145.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54145.json index 962169db859..873afc3de35 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54145.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54145.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29." + }, + { + "lang": "es", + "value": "Cacti es un sistema de gesti\u00f3n de errores y rendimiento de c\u00f3digo abierto framework. Cacti tiene una vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n get_discovery_results de automation_devices.php mediante el par\u00e1metro network. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.2.29." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54146.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54146.json index 039538b0413..43cf2fddd8f 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54146.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54146.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29." + }, + { + "lang": "es", + "value": "Cacti es un sistema de gesti\u00f3n de errores y rendimiento de c\u00f3digo abierto framework. Cacti tiene una vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n de plantilla de host_templates.php mediante el par\u00e1metro graph_template. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.2.29." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54461.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54461.json index cd95b8634e0..a32ed5f3c4f 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54461.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54461.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The file names constructed within file_selector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.5.1+12. It is recommended to update to the latest version of file_selector_android that contains the changes to address this vulnerability." + }, + { + "lang": "es", + "value": "Los nombres de archivo creados dentro de file_selector no cumplen con las comprobaciones desinfecci\u00f3n, lo que los deja vulnerables a proveedores de documentos maliciosos. Esto puede generar casos en los que un usuario con un proveedor de documentos malicioso instalado pueda seleccionar un archivo de documento de ese proveedor mientras usa su aplicaci\u00f3n y podr\u00eda anular archivos internos en la memoria cach\u00e9 de su aplicaci\u00f3n. Problema corregido en 0.5.1+12. Se recomienda actualizar a la \u00faltima versi\u00f3n de file_selector_android que contiene los cambios para solucionar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54462.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54462.json index b5d9645a4f2..252bbfce4ee 100644 --- a/CVE-2024/CVE-2024-544xx/CVE-2024-54462.json +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54462.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.8.12+18. It is recommended to update to the latest version of image_picker_android that contains the changes to address this vulnerability." + }, + { + "lang": "es", + "value": "Los nombres de archivo creados dentro de image_picker no cumplen con las comprobaciones desinfecci\u00f3n, lo que los deja vulnerables a proveedores de documentos maliciosos. Esto puede generar casos en los que un usuario con un proveedor de documentos malicioso instalado pueda seleccionar un archivo de imagen de ese proveedor mientras usa su aplicaci\u00f3n y podr\u00eda anular archivos internos en la memoria cach\u00e9 de su aplicaci\u00f3n. Problema corregido en 0.8.12+18. Se recomienda actualizar a la \u00faltima versi\u00f3n de image_picker_android que contiene los cambios para solucionar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-547xx/CVE-2024-54728.json b/CVE-2024/CVE-2024-547xx/CVE-2024-54728.json index 1c0c7ab25bc..6e28a288813 100644 --- a/CVE-2024/CVE-2024-547xx/CVE-2024-54728.json +++ b/CVE-2024/CVE-2024-547xx/CVE-2024-54728.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs." + }, + { + "lang": "es", + "value": "El control de acceso incorrecto en BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 permite a atacantes no autorizados acceder a los registros logcat de sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-548xx/CVE-2024-54852.json b/CVE-2024/CVE-2024-548xx/CVE-2024-54852.json index a88a68e66d6..f10b220527d 100644 --- a/CVE-2024/CVE-2024-548xx/CVE-2024-54852.json +++ b/CVE-2024/CVE-2024-548xx/CVE-2024-54852.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords." + }, + { + "lang": "es", + "value": "Cuando se activa la conexi\u00f3n LDAP en las versiones de Teedy entre 1.9 y 1.12, el campo de nombre de usuario del formulario de inicio de sesi\u00f3n es vulnerable a la inyecci\u00f3n LDAP. Debido a la introducci\u00f3n incorrecta de desinfecci\u00f3n en la entrada del usuario, un atacante no autenticado puede realizar varias acciones maliciosas, como crear cuentas arbitrarias y difundir contrase\u00f1as." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-552xx/CVE-2024-55227.json b/CVE-2024/CVE-2024-552xx/CVE-2024-55227.json index 81bcc4f013b..032e16b2c9e 100644 --- a/CVE-2024/CVE-2024-552xx/CVE-2024-55227.json +++ b/CVE-2024/CVE-2024-552xx/CVE-2024-55227.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-27T17:15:16.523", "lastModified": "2025-01-27T17:15:16.523", - "vulnStatus": "Received", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) en el m\u00f3dulo Eventos/Agenda de Dolibarr v21.0.0-beta permite a los atacantes ejecutar web scripts o HTMl arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro T\u00edtulo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-552xx/CVE-2024-55228.json b/CVE-2024/CVE-2024-552xx/CVE-2024-55228.json index d45c7c6588e..1d4f3386000 100644 --- a/CVE-2024/CVE-2024-552xx/CVE-2024-55228.json +++ b/CVE-2024/CVE-2024-552xx/CVE-2024-55228.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-27T17:15:16.633", "lastModified": "2025-01-28T20:15:51.017", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-554xx/CVE-2024-55415.json b/CVE-2024/CVE-2024-554xx/CVE-2024-55415.json index 96cdfab2dc5..ce6c0a72a62 100644 --- a/CVE-2024/CVE-2024-554xx/CVE-2024-55415.json +++ b/CVE-2024/CVE-2024-554xx/CVE-2024-55415.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass." + }, + { + "lang": "es", + "value": "DevDojo Voyager hasta 1.8.0 es vulnerable a Path Traversal en /admin/compass." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-554xx/CVE-2024-55416.json b/CVE-2024/CVE-2024-554xx/CVE-2024-55416.json index 3ef1abb20c5..55518d00c9a 100644 --- a/CVE-2024/CVE-2024-554xx/CVE-2024-55416.json +++ b/CVE-2024/CVE-2024-554xx/CVE-2024-55416.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed." + }, + { + "lang": "es", + "value": "DevDojo Voyager hasta la versi\u00f3n 1.8.0 es vulnerable a XSS reflejado a trav\u00e9s de /admin/compass. Al manipular a un usuario autenticado para que haga clic en un enlace, se puede ejecutar c\u00f3digo JavaScript arbitrario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-554xx/CVE-2024-55417.json b/CVE-2024/CVE-2024-554xx/CVE-2024-55417.json index 2c2180ddf4d..a9c1e73e4a3 100644 --- a/CVE-2024/CVE-2024-554xx/CVE-2024-55417.json +++ b/CVE-2024/CVE-2024-554xx/CVE-2024-55417.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server." + }, + { + "lang": "es", + "value": "DevDojo Voyager hasta la versi\u00f3n 1.8.0 es vulnerable a la omisi\u00f3n de la verificaci\u00f3n del tipo de archivo cuando un usuario autenticado carga un archivo a trav\u00e9s de /admin/media/upload. Un usuario autenticado puede cargar un shell web y provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el servidor." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-554xx/CVE-2024-55488.json b/CVE-2024/CVE-2024-554xx/CVE-2024-55488.json index 3acd4dec9c9..89452026bf1 100644 --- a/CVE-2024/CVE-2024-554xx/CVE-2024-55488.json +++ b/CVE-2024/CVE-2024-554xx/CVE-2024-55488.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T16:15:29.770", "lastModified": "2025-01-22T16:15:29.770", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55957.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55957.json index e0ae8cf720f..2c104eec0c1 100644 --- a/CVE-2024/CVE-2024-559xx/CVE-2024-55957.json +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55957.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T18:15:20.237", "lastModified": "2025-01-23T15:15:11.663", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56178.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56178.json index 7f5ac357cd6..56c19c364f4 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56178.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56178.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Couchbase Server 7.6.x a 7.6.3. Un usuario con el rol security_admin_local puede crear un nuevo usuario en un grupo que tenga el rol de administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56316.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56316.json index 41f33f36d56..2ca05079ad9 100644 --- a/CVE-2024/CVE-2024-563xx/CVE-2024-56316.json +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56316.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service." + }, + { + "lang": "es", + "value": "En AXESS ACS (Auto Configuration Server) hasta 5.2.0, la entrada de usuario no desinfectada en la API TR069 permite que atacantes remotos no autenticados provoquen una denegaci\u00f3n de servicio permanente a trav\u00e9s de solicitudes manipulado TR069 en el puerto TCP 9675 o 7547. Reiniciar no resuelve la denegaci\u00f3n de servicio permanente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-564xx/CVE-2024-56404.json b/CVE-2024/CVE-2024-564xx/CVE-2024-56404.json index 0928bd16efe..d69f64cd8e6 100644 --- a/CVE-2024/CVE-2024-564xx/CVE-2024-56404.json +++ b/CVE-2024/CVE-2024-564xx/CVE-2024-56404.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected." + }, + { + "lang": "es", + "value": "En One Identity Identity Manager 9.x anterior a 9.3, una vulnerabilidad de referencia directa a objetos (IDOR) insegura permite la escalada de privilegios. Solo se ven afectadas las instalaciones locales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56529.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56529.json index 40dbcf7e817..d33f3e403ec 100644 --- a/CVE-2024/CVE-2024-565xx/CVE-2024-56529.json +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56529.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote attacker can access the victim's web panel with the same session identifier." + }, + { + "lang": "es", + "value": "Mailcow hasta 2024-11b tiene una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el panel web. Permite a atacantes remotos establecer un identificador de sesi\u00f3n cuando HSTS est\u00e1 deshabilitado en el navegador de la v\u00edctima. Despu\u00e9s de que un usuario inicia sesi\u00f3n, se autentica y el identificador de sesi\u00f3n es v\u00e1lido. Luego, un atacante remoto puede acceder al panel web de la v\u00edctima con el mismo identificador de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56540.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56540.json index 36dea6d6561..046ed13ec24 100644 --- a/CVE-2024/CVE-2024-565xx/CVE-2024-56540.json +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56540.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:33.670", "lastModified": "2024-12-27T14:15:33.670", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56544.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56544.json index 84073601e43..5fdc831d322 100644 --- a/CVE-2024/CVE-2024-565xx/CVE-2024-56544.json +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56544.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T14:15:34.153", "lastModified": "2024-12-27T14:15:34.153", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56568.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56568.json index 2feab2b68a7..cbd16b0ea28 100644 --- a/CVE-2024/CVE-2024-565xx/CVE-2024-56568.json +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56568.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T15:15:15.733", "lastModified": "2024-12-27T15:15:15.733", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-566xx/CVE-2024-56635.json b/CVE-2024/CVE-2024-566xx/CVE-2024-56635.json index 48a2ddcaf24..488f5d90350 100644 --- a/CVE-2024/CVE-2024-566xx/CVE-2024-56635.json +++ b/CVE-2024/CVE-2024-566xx/CVE-2024-56635.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-27T15:15:23.207", "lastModified": "2024-12-27T15:15:23.207", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-567xx/CVE-2024-56702.json b/CVE-2024/CVE-2024-567xx/CVE-2024-56702.json index 6b5da217ee5..027d1f23721 100644 --- a/CVE-2024/CVE-2024-567xx/CVE-2024-56702.json +++ b/CVE-2024/CVE-2024-567xx/CVE-2024-56702.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-12-28T10:15:17.980", "lastModified": "2024-12-28T10:15:17.980", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-569xx/CVE-2024-56914.json b/CVE-2024/CVE-2024-569xx/CVE-2024-56914.json index 52f556157f8..9710c8f04c6 100644 --- a/CVE-2024/CVE-2024-569xx/CVE-2024-56914.json +++ b/CVE-2024/CVE-2024-569xx/CVE-2024-56914.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T20:15:30.737", "lastModified": "2025-01-23T17:15:16.230", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-569xx/CVE-2024-56924.json b/CVE-2024/CVE-2024-569xx/CVE-2024-56924.json index 303f9c936cf..36f85be76f3 100644 --- a/CVE-2024/CVE-2024-569xx/CVE-2024-56924.json +++ b/CVE-2024/CVE-2024-569xx/CVE-2024-56924.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T21:15:09.987", "lastModified": "2025-01-23T17:15:16.710", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-570xx/CVE-2024-57041.json b/CVE-2024/CVE-2024-570xx/CVE-2024-57041.json index 8a9a1aa5b8e..7f2f50ac0dc 100644 --- a/CVE-2024/CVE-2024-570xx/CVE-2024-57041.json +++ b/CVE-2024/CVE-2024-570xx/CVE-2024-57041.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile." + }, + { + "lang": "es", + "value": "Una vulnerabilidad persistente de cross-site scripting(XSS) en NodeBB v3.11.0 permite a atacantes remotos almacenar c\u00f3digo arbitrario en la secci\u00f3n \u201cacerca de m\u00ed\u201d de su perfil." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-570xx/CVE-2024-57052.json b/CVE-2024/CVE-2024-570xx/CVE-2024-57052.json index 9f712866f1d..7e59f59a638 100644 --- a/CVE-2024/CVE-2024-570xx/CVE-2024-57052.json +++ b/CVE-2024/CVE-2024-570xx/CVE-2024-57052.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file." + }, + { + "lang": "es", + "value": "Un problema en youdiancms v.9.5.20 y anteriores permite que un atacante remoto escale privilegios a trav\u00e9s del par\u00e1metro sessionID en el archivo index.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-570xx/CVE-2024-57095.json b/CVE-2024/CVE-2024-570xx/CVE-2024-57095.json index 637801980c8..6fd1e355fd6 100644 --- a/CVE-2024/CVE-2024-570xx/CVE-2024-57095.json +++ b/CVE-2024/CVE-2024-570xx/CVE-2024-57095.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n SQL en Go-CMS v.1.1.10 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-571xx/CVE-2024-57184.json b/CVE-2024/CVE-2024-571xx/CVE-2024-57184.json index 4ed31c97c4c..0c3ceead97c 100644 --- a/CVE-2024/CVE-2024-571xx/CVE-2024-57184.json +++ b/CVE-2024/CVE-2024-571xx/CVE-2024-57184.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en GPAC v0.8.0, como lo demuestra MP4Box. Contiene un desbordamiento de b\u00fafer basado en el mont\u00f3n en gf_m2ts_process_pmt en media_tools/mpegts.c:2163 que puede causar una denegaci\u00f3n de servicio (DOS) a trav\u00e9s de un archivo MP4 manipulado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57277.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57277.json index cfa737c7bd3..a9a09b162a9 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57277.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57277.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload." + }, + { + "lang": "es", + "value": "InnoShop V.0.3.8 y versiones anteriores son vulnerables a Cross Site Scripting (XSS) a trav\u00e9s de la carga de archivos SVG." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-573xx/CVE-2024-57373.json b/CVE-2024/CVE-2024-573xx/CVE-2024-57373.json index e156b765559..99fa171d373 100644 --- a/CVE-2024/CVE-2024-573xx/CVE-2024-57373.json +++ b/CVE-2024/CVE-2024-573xx/CVE-2024-57373.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross Site Request Forgery vulnerability in LifestyleStore v.1.0 allows a remote attacker to execute arbitrary cod and obtain sensitive information." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery en LifestyleStore v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-574xx/CVE-2024-57436.json b/CVE-2024/CVE-2024-574xx/CVE-2024-57436.json index 28fcda61a77..92c5745336e 100644 --- a/CVE-2024/CVE-2024-574xx/CVE-2024-57436.json +++ b/CVE-2024/CVE-2024-574xx/CVE-2024-57436.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que RuoYi v4.8.0 permit\u00eda a atacantes no autorizados ver el ID de sesi\u00f3n del administrador en la supervisi\u00f3n sistema. Este problema puede permitir a los atacantes hacerse pasar por usuarios administradores mediante el uso de una cookie manipulado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-574xx/CVE-2024-57437.json b/CVE-2024/CVE-2024-574xx/CVE-2024-57437.json index e7101fbe81c..84e8a7fa20f 100644 --- a/CVE-2024/CVE-2024-574xx/CVE-2024-57437.json +++ b/CVE-2024/CVE-2024-574xx/CVE-2024-57437.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que RuoYi v4.8.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro orderby en /monitor/online/list." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-574xx/CVE-2024-57438.json b/CVE-2024/CVE-2024-574xx/CVE-2024-57438.json index a290048908c..921583c08a7 100644 --- a/CVE-2024/CVE-2024-574xx/CVE-2024-57438.json +++ b/CVE-2024/CVE-2024-574xx/CVE-2024-57438.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles." + }, + { + "lang": "es", + "value": "Los permisos inseguros en RuoYi v4.8.0 permiten a atacantes autenticados escalar privilegios al asignarse roles de nivel superior." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-574xx/CVE-2024-57439.json b/CVE-2024/CVE-2024-574xx/CVE-2024-57439.json index 0ecf9678d94..3df63cbdee0 100644 --- a/CVE-2024/CVE-2024-574xx/CVE-2024-57439.json +++ b/CVE-2024/CVE-2024-574xx/CVE-2024-57439.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account." + }, + { + "lang": "es", + "value": "Un problema en la interfaz de restablecimiento de contrase\u00f1a de ruoyi v4.8.0 permite a atacantes con privilegios de administrador provocar una denegaci\u00f3n de servicio (DoS) al duplicar el nombre de inicio de sesi\u00f3n de la cuenta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57510.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57510.json index 114e22cfc24..7e9164dcd6c 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57510.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57510.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial." + }, + { + "lang": "es", + "value": "La vulnerabilidad de desbordamiento de b\u00fafer en Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de AP4_MemoryByteStream::WritePartial." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57519.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57519.json index 1947812a4d0..5e88a8b23b7 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57519.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57519.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file." + }, + { + "lang": "es", + "value": "Un problema en Open5GS v.2.7.2 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n ogs_dbi_auth_info en el archivo lib/dbi/subscription.c." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57546.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57546.json index 9f23cc0cd66..6d02af2e8e6 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57546.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57546.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-27T23:15:09.947", "lastModified": "2025-01-28T20:15:55.203", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function." + }, + { + "lang": "es", + "value": "Un problema en CMSimple v.5.16 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un script manipulado a la funci\u00f3n de enlace de validaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57547.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57547.json index ca84fc09613..e16f3d0538c 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57547.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57547.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-27T23:15:10.057", "lastModified": "2025-01-28T20:15:55.367", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files." + }, + { + "lang": "es", + "value": "La vulnerabilidad de permisos inseguros en CMSimple v.5.16 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un script manipulado a la funcionalidad de descarga de archivos de respaldo php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57548.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57548.json index 779dfe65e17..72490676297 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57548.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57548.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-27T23:15:10.180", "lastModified": "2025-01-28T20:15:55.547", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CMSimple 5.16 allows the user to edit log.php file via print page." + }, + { + "lang": "es", + "value": "CMSimple 5.16 permite al usuario editar el archivo log.php a trav\u00e9s de la p\u00e1gina de impresi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57549.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57549.json index 900ce09516c..33d454d1f33 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57549.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57549.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-27T23:15:10.303", "lastModified": "2025-01-28T20:15:55.810", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request." + }, + { + "lang": "es", + "value": "CMSimple 5.16 permite al usuario leer el c\u00f3digo fuente de CMS mediante la manipulaci\u00f3n del nombre del archivo en el par\u00e1metro de archivo de una solicitud GET." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-575xx/CVE-2024-57595.json b/CVE-2024/CVE-2024-575xx/CVE-2024-57595.json index bf4dcf177da..8005a4763f9 100644 --- a/CVE-2024/CVE-2024-575xx/CVE-2024-57595.json +++ b/CVE-2024/CVE-2024-575xx/CVE-2024-57595.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter \"wps_pin\" passed to the apc_client_pin.cgi binary through a POST request." + }, + { + "lang": "es", + "value": "Los dispositivos DLINK DIR-825 REVB 2.03 tienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la interfaz CGl apc_client_pin.cgi, que permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro \"wps_pin\" pasado al binario apc_client_pin.cgi mediante una solicitud POST." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-576xx/CVE-2024-57665.json b/CVE-2024/CVE-2024-576xx/CVE-2024-57665.json index 68b9f1c448e..f4b9dca1ef4 100644 --- a/CVE-2024/CVE-2024-576xx/CVE-2024-57665.json +++ b/CVE-2024/CVE-2024-576xx/CVE-2024-57665.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-29T23:15:22.597", "lastModified": "2025-01-29T23:15:22.597", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering." + }, + { + "lang": "es", + "value": "JFinalCMS 1.0 es vulnerable a la inyecci\u00f3n SQL en rc/main/java/com/cms/entity/Content.java. La causa de la vulnerabilidad es que el par\u00e1metro de t\u00edtulo es controlable y se concatena directamente en filterSql sin filtrar." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-577xx/CVE-2024-57719.json b/CVE-2024/CVE-2024-577xx/CVE-2024-57719.json index a6576f97bb8..f0fe8bfe20e 100644 --- a/CVE-2024/CVE-2024-577xx/CVE-2024-57719.json +++ b/CVE-2024/CVE-2024-577xx/CVE-2024-57719.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-23T01:15:26.740", "lastModified": "2025-01-23T15:15:11.920", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-577xx/CVE-2024-57720.json b/CVE-2024/CVE-2024-577xx/CVE-2024-57720.json index e1fc559ab40..5a27b9f4014 100644 --- a/CVE-2024/CVE-2024-577xx/CVE-2024-57720.json +++ b/CVE-2024/CVE-2024-577xx/CVE-2024-57720.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-23T01:15:26.847", "lastModified": "2025-01-23T15:15:12.177", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-577xx/CVE-2024-57721.json b/CVE-2024/CVE-2024-577xx/CVE-2024-57721.json index c931cfaa9ef..ff0a0f7c879 100644 --- a/CVE-2024/CVE-2024-577xx/CVE-2024-57721.json +++ b/CVE-2024/CVE-2024-577xx/CVE-2024-57721.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-23T01:15:26.990", "lastModified": "2025-01-23T15:15:12.387", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-577xx/CVE-2024-57722.json b/CVE-2024/CVE-2024-577xx/CVE-2024-57722.json index e5ca04ea40f..a11694d3b86 100644 --- a/CVE-2024/CVE-2024-577xx/CVE-2024-57722.json +++ b/CVE-2024/CVE-2024-577xx/CVE-2024-57722.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-23T01:15:27.137", "lastModified": "2025-01-23T15:15:12.610", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-577xx/CVE-2024-57723.json b/CVE-2024/CVE-2024-577xx/CVE-2024-57723.json index 7cd9cd4e1e3..ba020b2cf6b 100644 --- a/CVE-2024/CVE-2024-577xx/CVE-2024-57723.json +++ b/CVE-2024/CVE-2024-577xx/CVE-2024-57723.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-23T01:15:27.270", "lastModified": "2025-01-23T15:15:12.820", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-577xx/CVE-2024-57724.json b/CVE-2024/CVE-2024-577xx/CVE-2024-57724.json index c92995407a1..66240fcea90 100644 --- a/CVE-2024/CVE-2024-577xx/CVE-2024-57724.json +++ b/CVE-2024/CVE-2024-577xx/CVE-2024-57724.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-23T01:15:27.387", "lastModified": "2025-01-23T15:15:13.020", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-577xx/CVE-2024-57798.json b/CVE-2024/CVE-2024-577xx/CVE-2024-57798.json index 9b34bfc3a23..eb5c8e0366c 100644 --- a/CVE-2024/CVE-2024-577xx/CVE-2024-57798.json +++ b/CVE-2024/CVE-2024-577xx/CVE-2024-57798.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-11T13:15:29.743", "lastModified": "2025-01-11T13:15:29.743", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-578xx/CVE-2024-57874.json b/CVE-2024/CVE-2024-578xx/CVE-2024-57874.json index 4f1d75c1242..d41e88dc422 100644 --- a/CVE-2024/CVE-2024-578xx/CVE-2024-57874.json +++ b/CVE-2024/CVE-2024-578xx/CVE-2024-57874.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-11T15:15:07.680", "lastModified": "2025-01-11T15:15:07.680", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-578xx/CVE-2024-57877.json b/CVE-2024/CVE-2024-578xx/CVE-2024-57877.json index 7ed3b4b17ec..cecc425f50c 100644 --- a/CVE-2024/CVE-2024-578xx/CVE-2024-57877.json +++ b/CVE-2024/CVE-2024-578xx/CVE-2024-57877.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-11T15:15:08.063", "lastModified": "2025-01-11T15:15:08.063", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-578xx/CVE-2024-57878.json b/CVE-2024/CVE-2024-578xx/CVE-2024-57878.json index 937a599951a..252b5c811d4 100644 --- a/CVE-2024/CVE-2024-578xx/CVE-2024-57878.json +++ b/CVE-2024/CVE-2024-578xx/CVE-2024-57878.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-11T15:15:08.190", "lastModified": "2025-01-11T15:15:08.190", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57910.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57910.json index 4785788aa5b..9a1ccdb46c2 100644 --- a/CVE-2024/CVE-2024-579xx/CVE-2024-57910.json +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57910.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-19T12:15:25.187", "lastModified": "2025-01-23T17:15:19.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57911.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57911.json index a960091d6a0..96151094941 100644 --- a/CVE-2024/CVE-2024-579xx/CVE-2024-57911.json +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57911.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-19T12:15:25.277", "lastModified": "2025-01-23T17:15:19.550", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57934.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57934.json index 8fb094eadb2..6dbfa884f7f 100644 --- a/CVE-2024/CVE-2024-579xx/CVE-2024-57934.json +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57934.json @@ -3,7 +3,7 @@ "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-01-21T12:15:27.047", "lastModified": "2025-01-21T12:15:27.047", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57965.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57965.json index d74588eca81..e6e9068678c 100644 --- a/CVE-2024/CVE-2024-579xx/CVE-2024-57965.json +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57965.json @@ -16,6 +16,10 @@ { "lang": "en", "value": "In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability." + }, + { + "lang": "es", + "value": "En axios anterior a la versi\u00f3n 1.7.8, lib/helpers/isURLSameOrigin.js no utiliza un objeto URL al determinar un origen y tiene una llamada setAttribute('href',href) potencialmente no deseada. NOTA: algunas partes consideran que el cambio de c\u00f3digo solo soluciona un mensaje de advertencia de una herramienta SAST y no corrige una vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6351.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6351.json index 03e167e3486..d3482f54be7 100644 --- a/CVE-2024/CVE-2024-63xx/CVE-2024-6351.json +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6351.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert" + }, + { + "lang": "es", + "value": "Un paquete malformado puede provocar un desbordamiento de b\u00fafer en la capa NWK/APS de la pila Ember ZNet y generar una aserci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-76xx/CVE-2024-7695.json b/CVE-2024/CVE-2024-76xx/CVE-2024-7695.json index 1cf5ef5b514..deba717687d 100644 --- a/CVE-2024/CVE-2024-76xx/CVE-2024-7695.json +++ b/CVE-2024/CVE-2024-76xx/CVE-2024-7695.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. \n\nThis vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent its potential exploitation." + }, + { + "lang": "es", + "value": "Varios conmutadores se ven afectados por una vulnerabilidad de escritura fuera de los l\u00edmites. Esta vulnerabilidad es causada por una validaci\u00f3n de entrada insuficiente, que permite que los datos se escriban en la memoria fuera de los l\u00edmites del b\u00fafer. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda resultar en un ataque de denegaci\u00f3n de servicio. Esta vulnerabilidad plantea una amenaza remota significativa si los productos afectados est\u00e1n expuestos a redes de acceso p\u00fablico. Los atacantes podr\u00edan interrumpir las operaciones apagando los sistemas afectados. Debido a la naturaleza cr\u00edtica de este riesgo de seguridad, recomendamos encarecidamente tomar medidas inmediatas para evitar su posible explotaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7881.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7881.json index 0b095d91173..0f475d2396a 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7881.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7881.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An unprivileged context can trigger a data\nmemory-dependent prefetch engine to fetch the contents of a privileged location\nand consume those contents as an address that is also dereferenced." + }, + { + "lang": "es", + "value": "Un contexto sin privilegios puede activar un motor de precarga dependiente de la memoria de datos para obtener el contenido de una ubicaci\u00f3n privilegiada y consumir ese contenido como una direcci\u00f3n que tambi\u00e9n est\u00e1 desreferenciada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8401.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8401.json index 9d964b2d91e..c96a1517e5d 100644 --- a/CVE-2024/CVE-2024-84xx/CVE-2024-8401.json +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8401.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u2018Cross-site Scripting\u2019)\nvulnerability exists when an authenticated attacker modifies folder names within the context of\nthe product." + }, + { + "lang": "es", + "value": "CWE-79: Existe una vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u2018Cross-site Scripting\u2019) cuando un atacante autenticado modifica los nombres de las carpetas dentro del contexto del producto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8494.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8494.json index 14623ad3f5b..7c8b5d3bba0 100644 --- a/CVE-2024/CVE-2024-84xx/CVE-2024-8494.json +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8494.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of Private, Pending, and Draft Templates. The vulnerability was partially patched in version 3.24.4." + }, + { + "lang": "es", + "value": "El complemento Elementor Website Builder Pro para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 3.25.10 y incluida, a trav\u00e9s del c\u00f3digo corto 'elementor-template'. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos confidenciales incluido del contenido de plantillas privadas, pendientes y de borrador. La vulnerabilidad fue parcialmente corregida en la versi\u00f3n 3.24.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8798.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8798.json index 7b3da9d57af..26d54d22989 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8798.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8798.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-12-16T00:15:05.913", "lastModified": "2024-12-16T00:15:05.913", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9310.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9310.json index a3b93d557f2..b9dac3cf4e5 100644 --- a/CVE-2024/CVE-2024-93xx/CVE-2024-9310.json +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9310.json @@ -3,7 +3,7 @@ "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-01-22T19:15:10.277", "lastModified": "2025-01-22T19:15:10.277", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9490.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9490.json index c7f639d9802..8466ffec3cf 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9490.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9490.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por un uncontrolled search path en el instalador IDE de Silicon Labs (8 bits), pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9491.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9491.json index d93c90e4815..68d674cc77a 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9491.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9491.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por un uncontrolled search path en el instalador de Configuration Wizard 2, pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9492.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9492.json index 3d50c39270d..8e7c7c8740f 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9492.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9492.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por un uncontrolled search path en el instalador de Flash Programming Utility, pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9493.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9493.json index 6e0e0a7310d..1b22e961092 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9493.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9493.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0\n\nToolStick\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por una ruta de b\u00fasqueda no controlada en el instalador de ToolStick, pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9494.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9494.json index cc9c3e38983..d8640b7448b 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9494.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9494.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0\n\n\n\nCP210 VCP Win 2k\n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por una ruta de b\u00fasqueda no controlada en el instalador CP210 VCP Win 2k, pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9495.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9495.json index fe5a8d7159c..91a26699e78 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9495.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9495.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0CP210x VCP Windows \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por una ruta de b\u00fasqueda no controlada en el instalador de Windows CP210x VCP, pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9496.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9496.json index 900d856e453..1b2ce3715dc 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9496.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9496.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0USBXpress Dev Kit\n\n \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por una ruta de b\u00fasqueda no controlada en el instalador de USBXpress Dev Kit, pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9497.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9497.json index ca2c6e69da3..b5820c1c157 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9497.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9497.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0USBXpress 4 SDK\n\n \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por una ruta de b\u00fasqueda no controlada en el instalador del SDK USBXpress 4, pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9498.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9498.json index 8ce0f3848f4..0f6bfde5d91 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9498.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9498.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0USBXpress SDK\n\n \n\n\n\n installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por una ruta de b\u00fasqueda no controlada en el instalador del SDK de USBXpress, pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9499.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9499.json index 245d1138c46..81951bda636 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9499.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9499.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "DLL hijacking vulnerabilities, caused by an uncontrolled search path in the\u00a0USBXpress Win 98SE Dev Kit\u00a0installer can lead to privilege escalation and arbitrary code execution when running the impacted installer." + }, + { + "lang": "es", + "value": "Las vulnerabilidades de secuestro de DLL, causadas por un uncontrolled search path en el instalador USBXpress Win 98SE Dev Kit, pueden provocar una escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario al ejecutar el instalador afectado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-00xx/CVE-2025-0065.json b/CVE-2025/CVE-2025-00xx/CVE-2025-0065.json index 47db74e46f9..fd061463b67 100644 --- a/CVE-2025/CVE-2025-00xx/CVE-2025-0065.json +++ b/CVE-2025/CVE-2025-00xx/CVE-2025-0065.json @@ -3,12 +3,16 @@ "sourceIdentifier": "psirt@teamviewer.com", "published": "2025-01-28T11:15:07.413", "lastModified": "2025-01-28T11:15:07.413", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection." + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de delimitadores de argumentos en el componente TeamViewer_service.exe de TeamViewer Clients anteriores a la versi\u00f3n 15.62 para Windows permite que un atacante con acceso local sin privilegios en un sistema de Windows eleve los privilegios mediante la inyecci\u00f3n de argumentos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0142.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0142.json index dac453fc96e..ff1921b109c 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0142.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0142.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access." + }, + { + "lang": "es", + "value": "Texto plano en almacenamiento de informaci\u00f3n confidencial en el complemento Zoom Jenkins Marketplace anterior a la versi\u00f3n 1.4 puede permitir que un usuario autenticado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0143.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0143.json index 08f5172fd74..902d39d0073 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0143.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0143.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access." + }, + { + "lang": "es", + "value": "Fuera de los l\u00edmites escrito en la aplicaci\u00f3n Zoom Workplace para Linux anterior a la versi\u00f3n 6.2.5 puede permitir que un usuario no autorizado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0144.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0144.json index c943b4fbb32..55e49350e9e 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0144.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0144.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access." + }, + { + "lang": "es", + "value": "Fuera de los l\u00edmites la escritura en algunas aplicaciones de Zoom Workplace puede permitir que un usuario autorizado realice una p\u00e9rdida de integridad a trav\u00e9s del acceso a la red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0145.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0145.json index 9c6a8e685e0..7e068d50f39 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0145.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0145.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access." + }, + { + "lang": "es", + "value": "La ruta de b\u00fasqueda no confiable en el instalador de algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autorizado realice una escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0146.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0146.json index 446f3d17416..9111215f009 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0146.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0146.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access." + }, + { + "lang": "es", + "value": "El enlace simb\u00f3lico que sigue en el instalador de la aplicaci\u00f3n Zoom Workplace para macOS anterior a la versi\u00f3n 6.2.10 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso local." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0147.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0147.json index cf45921fe43..d01da96dc99 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0147.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0147.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access." + }, + { + "lang": "es", + "value": "La confusi\u00f3n de tipos en la aplicaci\u00f3n Zoom Workplace para Linux anterior a la versi\u00f3n 6.2.10 puede permitir que un usuario autorizado realice una escalada de privilegios a trav\u00e9s del acceso a la red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0290.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0290.json index fbb8a598c51..b4849e668b2 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0290.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0290.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@gitlab.com", "published": "2025-01-28T09:15:09.363", "lastModified": "2025-01-28T09:15:09.363", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 15.0 anterior a la 17.5.5, de la 17.6 anterior a la 17.6.3 y de la 17.7 anterior a la 17.7.1. En determinadas condiciones, el procesamiento de metadatos de artefactos de CI podr\u00eda provocar que los trabajos en segundo plano dejaran de responder." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0314.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0314.json index c41692d71cd..3bd71fa276b 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0314.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0314.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@gitlab.com", "published": "2025-01-24T03:15:07.320", "lastModified": "2025-01-24T03:15:07.320", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0350.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0350.json index d174fd5602e..ba5d2ae8113 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0350.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0350.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Divi Carousel Maker \u2013 Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Divi Carousel Maker \u2013 Image, Logo, Testimonial, Post Carousel & More para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del carrusel de im\u00e1genes y el carrusel de logotipos del complemento en todas las versiones hasta incluida, 2.0.4 debido a la falta de desinfecci\u00f3n de entrada y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en las p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0353.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0353.json index 92cb6d556c1..1738ecf1da1 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0353.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0353.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Divi Torque Lite \u2013 Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Divi Torque Lite \u2013 Best Divi Addon, Extensions, Modules & Social Modules para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de varios widgets en todas las versiones hasta incluida, 4.1.0 debido a la falta de entrada desinfecci\u00f3n y la salida que se escapa en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json index 564cd1709d2..8ff70ce0a17 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0357.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento WPBookit para WordPress es vulnerable a la carga de archivos arbitrarios debido a una validaci\u00f3n insuficiente del tipo de archivo en la funci\u00f3n 'WPB_Profile_controller::handle_image_upload' en versiones hasta la 1.6.9 y incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0367.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0367.json index cf4c735d504..5ea9efd3d00 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0367.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0367.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service (ReDoS) attack." + }, + { + "lang": "es", + "value": "En las versiones 3.1.0 y anteriores del complemento de soporte de Splunk para Active Directory, tambi\u00e9n conocido como SA-ldapsearch, un patr\u00f3n de expresi\u00f3n regular vulnerable podr\u00eda provocar un ataque de denegaci\u00f3n de servicio de expresi\u00f3n regular (ReDoS)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0373.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0373.json index 860f30edf98..b203dafea19 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0373.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0373.json @@ -3,12 +3,16 @@ "sourceIdentifier": "secteam@freebsd.org", "published": "2025-01-30T05:15:09.590", "lastModified": "2025-01-30T05:15:09.590", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow.\n\nA NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with an NFS client. Further exploitation (e.g., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated. In particular, release kernels are compiled with stack protection enabled, and some instances of the overflow are caught by this mechanism, causing a panic." + }, + { + "lang": "es", + "value": "En sistemas de 64 bits, la implementaci\u00f3n de VOP_VPTOFH() en los sistemas de archivos cd9660, tarfs y ext2fs desborda el b\u00fafer FID de destino en 4 bytes, lo que genera un desbordamiento del b\u00fafer de pila. Se puede hacer que un servidor NFS que exporta un sistema de archivos cd9660, tarfs o ext2fs entre en p\u00e1nico montando y accediendo a la exportaci\u00f3n con un cliente NFS. Es posible que se produzcan m\u00e1s explotaciones (por ejemplo, omitiendo la comprobaci\u00f3n de permisos de archivos o la ejecuci\u00f3n remota de c\u00f3digo del n\u00facleo), aunque esto no se ha demostrado. En particular, los n\u00facleos de lanzamiento se compilan con la protecci\u00f3n de pila habilitada, y este mecanismo detecta algunas instancias del desbordamiento, lo que genera un p\u00e1nico." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0374.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0374.json index 22cc2414d6f..8b04cbdc528 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0374.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0374.json @@ -3,12 +3,16 @@ "sourceIdentifier": "secteam@freebsd.org", "published": "2025-01-30T05:15:10.527", "lastModified": "2025-01-30T05:15:10.527", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as /etc/master.passwd.\n\nAn unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts. This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved." + }, + { + "lang": "es", + "value": "Cuando etcupdate encuentra conflictos al fusionar archivos, guarda una versi\u00f3n que contiene marcadores de conflicto en /var/db/etcupdate/conflicts. Esta versi\u00f3n no conserva el modo del archivo de entrada y es legible por todo el mundo. Esto se aplica a archivos que normalmente tendr\u00edan visibilidad restringida, como /etc/master.passwd. Un usuario local sin privilegios puede leer contrase\u00f1as de usuario y ra\u00edz cifradas desde el archivo temporal master.passwd manipulado en /var/db/etcupdate/conflicts. Esto es posible solo cuando surgen conflictos dentro del archivo de contrase\u00f1as durante una actualizaci\u00f3n y el archivo desprotegido se elimina cuando se resuelven los conflictos." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0432.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0432.json index 48f54104616..31dc035b057 100644 --- a/CVE-2025/CVE-2025-04xx/CVE-2025-0432.json +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0432.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage." + }, + { + "lang": "es", + "value": "EWON Flexy 202 transmite las credenciales de usuario en texto plano sin cifrado cuando se agrega un usuario o se cambian las credenciales de usuario a trav\u00e9s de su p\u00e1gina web." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0477.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0477.json index 084c4d1426d..743831710a8 100644 --- a/CVE-2025/CVE-2025-04xx/CVE-2025-0477.json +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0477.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk\u00ae AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de cifrado en todas las versiones anteriores a la V15.00.001 de Rockwell Automation FactoryTalk\u00ae AssetCentre. La vulnerabilidad existe debido a una metodolog\u00eda de cifrado d\u00e9bil y podr\u00eda permitir que un actor de amenazas extraiga contrase\u00f1as pertenecientes a otros usuarios de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0497.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0497.json index 986c905fa8f..9aa7e3dc1c2 100644 --- a/CVE-2025/CVE-2025-04xx/CVE-2025-0497.json +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0497.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk\u00ae AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de exposici\u00f3n de datos en todas las versiones anteriores a V15.00.001 de Rockwell Automation FactoryTalk\u00ae AssetCentre. La vulnerabilidad existe debido al almacenamiento de credenciales en el archivo de configuraci\u00f3n de los paquetes EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp o ArchiveLogCleanUp." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0498.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0498.json index 0d6686721e7..dc431a913fe 100644 --- a/CVE-2025/CVE-2025-04xx/CVE-2025-0498.json +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0498.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk\u00ae AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk\u00ae Security user tokens, which could allow a threat actor to steal a token and, impersonate another user." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de exposici\u00f3n de datos en todas las versiones anteriores a la V15.00.001 de Rockwell Automation FactoryTalk\u00ae AssetCentre. La vulnerabilidad existe debido al almacenamiento inseguro de tokens de usuario de FactoryTalk\u00ae Security, lo que podr\u00eda permitir que un actor de amenazas robe un token y se haga pasar por otro usuario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0542.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0542.json index 5f9de155947..6335e123a8b 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0542.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0542.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write." + }, + { + "lang": "es", + "value": "Escalada de privilegios locales debido a la asignaci\u00f3n incorrecta de privilegios de archivos temporales en el mecanismo de actualizaci\u00f3n de G DATA Management Server. Esta vulnerabilidad permite a un atacante local sin privilegios escalar privilegios en las instalaciones afectadas colocando un archivo ZIP manipulado en un directorio con permisos de escritura globales, que se descomprime en el contexto de SYSTEM y da como resultado la escritura arbitraria de archivos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0543.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0543.json index a1af91d765a..c673c393850 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0543.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0543.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM." + }, + { + "lang": "es", + "value": "Escalada de privilegios locales en G DATA Security Client debido a la asignaci\u00f3n incorrecta de privilegios a directorios. Esta vulnerabilidad permite a un atacante local sin privilegios escalar privilegios en las instalaciones afectadas colocando un ejecutable arbitrario en un directorio con permisos de escritura globales, lo que da como resultado la ejecuci\u00f3n por parte del servicio SetupSVC.exe en el contexto de SYSTEM." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0568.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0568.json index 43c9d0ec51e..31d3a7e5967 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0568.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0568.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25302." + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos Sante PACS Server DCM. Esta vulnerabilidad permite a atacantes remotos crear una condici\u00f3n de denegaci\u00f3n de servicio en las instalaciones afectadas de Sante PACS Server. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DCM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para crear una condici\u00f3n de denegaci\u00f3n de servicio en el sistema. Era ZDI-CAN-25302." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0569.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0569.json index e34c935ff42..13653242b5a 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0569.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0569.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25303." + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos Sante PACS Server DCM. Esta vulnerabilidad permite a atacantes remotos crear una condici\u00f3n de denegaci\u00f3n de servicio en las instalaciones afectadas de Sante PACS Server. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DCM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede generar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para crear una condici\u00f3n de denegaci\u00f3n de servicio en el sistema. Era ZDI-CAN-25303." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0570.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0570.json index 3fe0c9c677a..b28f9a67e6d 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0570.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0570.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25304." + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos Sante PACS Server Web Portal DCM. Esta vulnerabilidad permite a atacantes remotos crear una condici\u00f3n de denegaci\u00f3n de servicio en las instalaciones afectadas de Sante PACS Server. Se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DCM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para crear una condici\u00f3n de denegaci\u00f3n de servicio en el sistema. Era ZDI-CAN-25304." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0571.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0571.json index 66127d10d15..91cd074622a 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0571.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0571.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25305." + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos Sante PACS Server Web Portal DCM. Esta vulnerabilidad permite a atacantes remotos crear una condici\u00f3n de denegaci\u00f3n de servicio en las instalaciones afectadas de Sante PACS Server. Se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DCM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para crear una condici\u00f3n de denegaci\u00f3n de servicio en el sistema. Era ZDI-CAN-25305." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0572.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0572.json index 26219573360..1643371a376 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0572.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0572.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25308." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escritura arbitraria de archivos en el an\u00e1lisis de archivos Sante PACS Server Web Portal DCM. Esta vulnerabilidad permite a atacantes remotos crear archivos arbitrarios en las instalaciones afectadas de Sante PACS Server. Se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DCM. El problema es el resultado de la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones con archivos. Un atacante puede aprovechar esta vulnerabilidad para escribir archivos en el contexto del usuario actual. Era ZDI-CAN-25308." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0573.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0573.json index 150a5c34690..dde008cc8d6 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0573.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0573.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25309." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escritura arbitraria de archivos mediante an\u00e1lisis de archivos y Directory Traversal en Sante PACS Server DCM. Esta vulnerabilidad permite a atacantes remotos crear archivos arbitrarios en las instalaciones afectadas del servidor Sante PACS. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DCM. El problema es el resultado de la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones con archivos. Un atacante puede aprovechar esta vulnerabilidad para escribir archivos en el contexto del usuario actual. Era ZDI-CAN-25309. " } ], "metrics": { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0574.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0574.json index 5715e3fb4fc..f7624238403 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0574.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0574.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of URLs in the web server module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25318." + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio por corrupci\u00f3n de memoria en la ruta URL de Sante PACS Server. Esta vulnerabilidad permite a atacantes remotos crear una condici\u00f3n de denegaci\u00f3n de servicio en las instalaciones afectadas del servidor Sante PACS. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de las URL en el m\u00f3dulo del servidor web. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para crear una condici\u00f3n de denegaci\u00f3n de servicio en el sistema. Era ZDI-CAN-25318." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0604.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0604.json index 4bc91c16f5f..bdf42012438 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0604.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0604.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secalert@redhat.com", "published": "2025-01-22T15:15:14.827", "lastModified": "2025-01-22T15:15:14.827", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0611.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0611.json index 7c4e73b7101..c159a72956c 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0611.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0611.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2025-01-22T20:15:30.860", "lastModified": "2025-01-22T20:15:30.860", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0612.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0612.json index e5af458eb67..05e85550bba 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0612.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0612.json @@ -3,7 +3,7 @@ "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2025-01-22T20:15:30.957", "lastModified": "2025-01-22T20:15:30.957", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0617.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0617.json index 1efa6b9921f..21349d0c2eb 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0617.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0617.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service." + }, + { + "lang": "es", + "value": "Un atacante con acceso a HX 10.0.0 y versiones anteriores puede enviar datos especiales manipulado a la consola HX. La detecci\u00f3n maliciosa activar\u00eda entonces el an\u00e1lisis de archivos que contienen expansiones de entidades exponenciales en el proceso del consumidor, lo que causar\u00eda una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0619.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0619.json index fe85ebf877b..5aa08dc89c4 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0619.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0619.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@m-files.com", "published": "2025-01-23T11:15:10.700", "lastModified": "2025-01-23T11:15:10.700", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0631.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0631.json index a9b274849cf..09d473ca410 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0631.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0631.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de exposici\u00f3n de credenciales en el producto y la versi\u00f3n mencionados anteriormente. La vulnerabilidad se debe al uso de HTTP, lo que hace que las credenciales se env\u00eden en texto plano." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0635.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0635.json index fc9c33cb84c..04d939413b1 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0635.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0635.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@m-files.com", "published": "2025-01-23T11:15:10.890", "lastModified": "2025-01-23T11:15:10.890", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0638.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0638.json index ad77ae1f64d..18b1115f94a 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0638.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0638.json @@ -3,7 +3,7 @@ "sourceIdentifier": "sep@nlnetlabs.nl", "published": "2025-01-22T16:15:29.977", "lastModified": "2025-01-22T16:15:29.977", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0648.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0648.json index e0751dd72ef..e22b8541bb9 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0648.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0648.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@m-files.com", "published": "2025-01-23T11:15:11.030", "lastModified": "2025-01-23T11:15:11.030", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0651.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0651.json index 9317414f28b..0f80e0df333 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0651.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0651.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@cloudflare.com", "published": "2025-01-22T18:15:20.363", "lastModified": "2025-01-22T18:15:20.363", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0659.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0659.json index a9f805428df..064fcb54f9b 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0659.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0659.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A path\ntraversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character\nsequence in the body of the vulnerable endpoint, it is possible to overwrite\nfiles outside of the intended directory. A threat actor with admin privileges could\nleverage this vulnerability to overwrite reports including user projects." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en Rockwell Automation DataEdge Platform DataMosaix Private Cloud. Al especificar la secuencia de caracteres en el cuerpo del punto terminal vulnerable, es posible sobrescribir archivos fuera del directorio previsto. Un actor de amenazas con privilegios de administrador podr\u00eda aprovechar esta vulnerabilidad para sobrescribir informes que incluyan proyectos de usuarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0680.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0680.json index 7b7d7baf807..01baa707af7 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0680.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0680.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud." + }, + { + "lang": "es", + "value": "Los productos afectados contienen una vulnerabilidad en el proceso de gesti\u00f3n de comandos RPC del dispositivo en la nube que podr\u00eda permitir a atacantes remotos tomar el control de dispositivos arbitrarios conectados a la nube." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0681.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0681.json index 8440b4269b3..a966ecd5d4f 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0681.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0681.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Cloud MQTT service of the affected products supports wildcard topic \nsubscription which could allow an attacker to obtain sensitive \ninformation from tapping the service communications." + }, + { + "lang": "es", + "value": "El servicio Cloud MQTT de los productos afectados admite la suscripci\u00f3n a temas comod\u00edn, lo que podr\u00eda permitir que un atacante obtenga informaci\u00f3n confidencial al interceptar las comunicaciones del servicio." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0682.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0682.json index 1b56cc6e229..9231e9ef64e 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0682.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0682.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included." + }, + { + "lang": "es", + "value": "El complemento ThemeREX Addons para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 2.33.0 y incluida, a trav\u00e9s del atributo 'type' del c\u00f3digo corto 'trx_sc_reviews'. Esto permite que atacantes autenticados, con permisos de nivel de colaborador y superiores, incluyan y ejecuten archivos arbitrarios en el servidor, lo que permite la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en casos en los que se pueda cargar e incluir el tipo de archivo php." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0693.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0693.json index 6a63baaf44d..386716a2421 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0693.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0693.json @@ -3,7 +3,7 @@ "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2025-01-23T22:15:15.397", "lastModified": "2025-01-23T22:15:15.397", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0695.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0695.json index e50a18fee16..b09ea2f69a6 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0695.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0695.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An Allocation of Resources Without Limits or\u00a0Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites ni limitaci\u00f3n en las versiones de Cesanta Frozen anteriores a 1.7 permite a un atacante inducir un bloqueo del componente que incorpora librer\u00eda al suministrar un JSON manipulado malintencionado como entrada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0697.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0697.json index a6df1ec7452..29db20a5cc5 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0697.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0697.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en Telstra Smart Modem Gen 2 hasta 20250115. Afecta a una parte desconocida del componente HTTP Header Handler. La manipulaci\u00f3n del argumento Content-Disposition provoca una inyecci\u00f3n. Es posible iniciar el ataque de forma remota. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0698.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0698.json index b758ff5cb17..5e16a19efbf 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0698.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0698.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been classified as critical. Affected is an unknown function of the file /admin/sys/menu/list. The manipulation of the argument sort/order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /admin/sys/menu/list. La manipulaci\u00f3n del argumento sort/order provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Este producto utiliza la distribuci\u00f3n continua con versiones sucesivas. Por lo tanto, no hay disponibles detalles de las versiones afectadas ni de las versiones actualizadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0699.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0699.json index 17a2219ba14..5ab9cd1075f 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0699.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0699.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sys/role/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/sys/role/list. La manipulaci\u00f3n del argumento sort provoca una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Este producto no utiliza control de versiones. Por este motivo, no est\u00e1 disponible la informaci\u00f3n sobre las versiones afectadas y no afectadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0700.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0700.json index 09b06910062..0fd7301f065 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0700.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0700.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the argument logId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Se ha calificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /admin/sys/log/list. La manipulaci\u00f3n del argumento logId provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Este producto utiliza una versi\u00f3n continua para proporcionar una distribuci\u00f3n continua. Por lo tanto, no hay disponibles detalles de las versiones afectadas ni de las versiones actualizadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0701.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0701.json index 4c9e6ea512f..0dfd5e39ef9 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0701.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0701.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability classified as critical has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This affects an unknown part of the file /admin/sys/user/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Afecta a una parte desconocida del archivo /admin/sys/user/list. La manipulaci\u00f3n del argumento sort provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Este producto adopta el enfoque de lanzamientos continuos para proporcionar una distribuci\u00f3n continua. Por lo tanto, no est\u00e1n disponibles los detalles de las versiones afectadas y actualizadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0702.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0702.json index ee825b9a017..0cda3fdb2f4 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0702.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0702.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo src/main/java/io/github/controller/SysFileController.java. La manipulaci\u00f3n del argumento portraitFile provoca una carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Este producto utiliza la entrega continua con lanzamientos continuos. Por lo tanto, no hay disponibles detalles de las versiones afectadas ni de los lanzamientos actualizados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0703.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0703.json index da6c0bef877..338e8cd009d 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0703.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0703.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como problem\u00e1tica, en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Este problema afecta a algunos procesos desconocidos del archivo src/main/java/io/github/controller/SysFileController.java. La manipulaci\u00f3n del nombre del argumento conduce a Path Traversal. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Este producto no utiliza control de versiones. Por este motivo, no est\u00e1 disponible la informaci\u00f3n sobre las versiones afectadas y no afectadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0704.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0704.json index e921385dc05..c9a84e1df0b 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0704.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0704.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. La funci\u00f3n qrCode del archivo src/main/java/io/github/controller/QrCodeController.java est\u00e1 afectada. La manipulaci\u00f3n del argumento w/h provoca el consumo de recursos. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Este producto utiliza una versi\u00f3n continua para proporcionar una distribuci\u00f3n continua. Por lo tanto, no hay disponibles detalles de las versiones afectadas ni de las versiones actualizadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0705.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0705.json index 9ebddff6a27..219730895c9 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0705.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0705.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument text leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n qrCode del archivo src/main/java/io/github/controller/QrCodeController.java. La manipulaci\u00f3n del texto del argumento provoca una redirecci\u00f3n abierta. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Este producto adopta el enfoque de lanzamientos continuos para proporcionar una distribuci\u00f3n continua. Por lo tanto, no est\u00e1n disponibles los detalles de las versiones afectadas y actualizadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0706.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0706.json index 215ffb44295..0db4d5ee23b 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0706.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0706.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d y se ha clasificado como problem\u00e1tica. Este problema afecta a algunas funciones desconocidas del archivo /admin/sys/admin.html. La manipulaci\u00f3n conduce a Cross Site Scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Este producto utiliza la distribuci\u00f3n continua con versiones sucesivas. Por lo tanto, no hay disponibles detalles de las versiones afectadas ni de las versiones actualizadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0707.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0707.json index 37daa2b13ca..a11449bcec2 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0707.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0707.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as critical. This affects an unknown part in the library CRYPTBASE.dll of the component Startup. The manipulation leads to untrusted search path. The attack needs to be approached locally." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Rise Group Rise Mode Temp CPU 2.1. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo librer\u00eda CRYPTBASE.dll del componente Startup. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda no confiable. El ataque debe abordarse localmente." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0708.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0708.json index 639e199208f..9be629858e9 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0708.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0708.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument \u6a21\u677f\u524d\u7f00 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en fumiao opencms 2.2. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/model/addOrUpdate del componente Add Model Management Page. La manipulaci\u00f3n del argumento ???? conduce a Cross Site Scripting. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0709.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0709.json index dae6ec959f0..0a63991835e 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0709.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0709.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Dcat-Admin 2.2.1-beta. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /admin/auth/roles del componente Roles Page. La manipulaci\u00f3n conduce a Cross Site Scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0710.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0710.json index bd9c92d3207..ffd52f95883 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0710.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0710.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the component Notice Board Page. The manipulation of the argument Notice leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en CampCodes School Management Software 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /notice-list del componente Notice Board Page. La manipulaci\u00f3n del argumento Notice conduce a Cross Site Scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0720.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0720.json index d97fd66c77a..a06f95a02da 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0720.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0720.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rtscanner of the component Folder Watch List Handler. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Microword eScan Antivirus 7.0.32 en Linux. Se ha calificado como problem\u00e1tica. Este problema afecta a la funci\u00f3n removeExtraSlashes del archivo /opt/MicroWorld/sbin/rtscanner del componente Folder Watch List Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer basado en la pila. El ataque debe abordarse localmente. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0721.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0721.json index 39342dc972f..cf65fb3d8c0 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0721.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0721.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en needyamin image_gallery 1.0. Afecta a la funci\u00f3n image_gallery del archivo /view.php. La manipulaci\u00f3n del argumento username conduce a Cross Site Scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0722.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0722.json index 5332c8a25b5..0d8348e4f37 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0722.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0722.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en needyamin image_gallery 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/gallery.php del componente Cover Image Handler. La manipulaci\u00f3n del argumento image provoca una carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0729.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0729.json index 9232870381b..55ceda6ea5d 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0729.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0729.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos. La manipulaci\u00f3n conduce a un secuestro de clics. El ataque puede iniciarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.0.0 Build 20250124 Rel. 54920(Beta) puede solucionar este problema. Se recomienda actualizar el componente afectado. Se contact\u00f3 al proveedor con prontitud. Reaccionaron de manera muy profesional y proporcionaron una versi\u00f3n previa a la correcci\u00f3n para sus clientes." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0730.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0730.json index 2a65cbc5fa1..6c716d95391 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0730.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0730.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Se ve afectada una funci\u00f3n desconocida del archivo /usr_account_set.cgi del componente HTTP GET Request Handler. La manipulaci\u00f3n del argumento nombre de usuario/contrase\u00f1a conduce al uso del m\u00e9todo de solicitud GET con cadenas de consulta sensibles. Es posible lanzar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. El exploit se ha revelado al p\u00fablico y puede usarse. La actualizaci\u00f3n a la versi\u00f3n 1.0.0 Build 20250124 Rel. 54920 (Beta) puede solucionar este problema. Se recomienda actualizar el componente afectado. Se contact\u00f3 al proveedor con prontitud. Reaccionaron de manera muy profesional y proporcionaron una versi\u00f3n previa a la correcci\u00f3n para sus clientes." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0732.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0732.json index 4daa33e5791..f31f80953df 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0732.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0732.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Discord hasta la versi\u00f3n 1.0.9177 en Windows. Este problema afecta a una funcionalidad desconocida en el archivo profapi.dll librer\u00eda. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda no confiable. El ataque debe abordarse localmente. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0733.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0733.json index 383803438e4..e6d3f71fffa 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0733.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0733.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en Postman hasta la versi\u00f3n 11.20 en Windows. Afecta a una parte desconocida del archivo librer\u00eda profapi.dll. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda no fiable. El ataque debe abordarse localmente. La complejidad del ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0734.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0734.json index 2642b817ee2..a52002f8716 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0734.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0734.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-27T19:15:19.130", "lastModified": "2025-01-27T19:15:19.130", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en y_project RuoYi hasta la versi\u00f3n 4.8.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n getBeanName del componente Whitelist. La manipulaci\u00f3n provoca la deserializaci\u00f3n. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0736.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0736.json index 38dfeeb1461..dfa69787691 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0736.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0736.json @@ -3,12 +3,16 @@ "sourceIdentifier": "secalert@redhat.com", "published": "2025-01-28T09:15:09.543", "lastModified": "2025-01-28T09:15:09.543", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Infinispan al usar JGroups con JDBC_PING. Este problema ocurre cuando una aplicaci\u00f3n expone inadvertidamente informaci\u00f3n confidencial, como detalles de configuraci\u00f3n o credenciales, a trav\u00e9s de mecanismos de registro. Esta exposici\u00f3n puede provocar acceso no autorizado y explotaci\u00f3n por parte de actores maliciosos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0739.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0739.json index d58c6192fd1..eca121aa84f 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0739.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0739.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-01-30T11:15:11.607", "lastModified": "2025-01-30T11:15:11.607", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the \"SUSCBRIPTION_ID\" param of the endpoint \"/demos/embedai/subscriptions/show/\"." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad de control de acceso inadecuado en EmbedAI 2.1 y versiones anteriores. Esta vulnerabilidad permite a un atacante autenticado mostrar informaci\u00f3n de suscripci\u00f3n de otros usuarios modificando el par\u00e1metro \"SUSCBRIPTION_ID\" de el endpoint \"/demos/embedai/subscriptions/show/\"." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0740.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0740.json index 957ebb42857..7850dd9c75e 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0740.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0740.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-01-30T11:15:11.763", "lastModified": "2025-01-30T11:15:11.763", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An Improper Access Control vulnerability has been found in EmbedAI\n\n 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the \u201cCHAT_ID\u201d of the endpoint \"/embedai/chats/load_messages?chat_id=\"." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad de control de acceso inadecuado en EmbedAI 2.1 y versiones anteriores. Esta vulnerabilidad permite a un atacante autenticado obtener mensajes de chat pertenecientes a otros usuarios modificando el \u201cCHAT_ID\u201d del endpoint \"/embedai/chats/load_messages?chat_id=\"." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0741.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0741.json index 0164b9f38e6..4e63b557cbc 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0741.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0741.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-01-30T11:15:11.910", "lastModified": "2025-01-30T14:15:37.127", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An Improper Access Control vulnerability has been found in EmbedAI\n\n 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter \"chat_id\" of the POST request \"/embedai/chats/send_message\"." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad de control de acceso inadecuado en EmbedAI 2.1 y versiones anteriores. Esta vulnerabilidad permite a un atacante autenticado escribir mensajes en el chat de otros usuarios modificando el par\u00e1metro \"chat_id\" de la solicitud POST \"/embedai/chats/send_message\"." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0742.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0742.json index 547d679ae21..7bbfe73e9e1 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0742.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0742.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-01-30T12:15:27.560", "lastModified": "2025-01-30T14:15:37.320", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the \"FILE_ID\" of the endpoint \"/embedai/files/show/\"." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad de control de acceso inadecuado en EmbedAI 2.1 y versiones anteriores. Esta vulnerabilidad permite a un atacante autenticado obtener archivos almacenados por otros usuarios modificando el \"FILE_ID\" de el endpoint \"/embedai/files/show/\"." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0743.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0743.json index a1c03cade4e..611dfab85e8 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0743.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0743.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-01-30T12:15:27.707", "lastModified": "2025-01-30T14:15:37.507", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint \"/embedai/visits/show/\" to obtain information about the visits made by other users. The information provided by this endpoint includes IP address, userAgent and location of the user that visited the web page." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad de control de acceso inadecuado en EmbedAI 2.1 y versiones anteriores. Esta vulnerabilidad permite a un atacante autenticado aprovechar el endpoint \"/embedai/visits/show/\" para obtener informaci\u00f3n sobre las visitas realizadas por otros usuarios. La informaci\u00f3n proporcionada por esta endpoint incluye la direcci\u00f3n IP, el agente de usuario y la ubicaci\u00f3n del usuario que visit\u00f3 la p\u00e1gina web." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0744.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0744.json index 869bcaaedf1..5e541a12913 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0744.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0744.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-01-30T12:15:27.843", "lastModified": "2025-01-30T14:15:37.687", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the \"/demos/embedai/pmt_cash_on_delivery/pay\" endpoint." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad de control de acceso inadecuado en EmbedAI 2.1 y versiones anteriores. Esta vulnerabilidad permite a un atacante autenticado cambiar su plan de suscripci\u00f3n sin pagar mediante una solicitud POST que cambia los par\u00e1metros de \"/demos/embedai/pmt_cash_on_delivery/pay\" endpoint." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0745.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0745.json index 91071b15165..bd8f4e46edb 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0745.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0745.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-01-30T12:15:27.973", "lastModified": "2025-01-30T14:15:37.857", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the \"/embedai/app/uploads/database/\" endpoint." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad de control de acceso inadecuado en EmbedAI 2.1 y versiones anteriores. Esta vulnerabilidad permite que un atacante autenticado obtenga las copias de seguridad de la base de datos solicitando la endpoint \"/embedai/app/uploads/database/\"." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0746.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0746.json index 82eb34f4cab..fe68a5670be 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0746.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0746.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-01-30T12:15:28.113", "lastModified": "2025-01-30T12:15:28.113", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the\"/embedai/users/show/