admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-21T18:00:21.462185+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-21 18:03:24 +00:00
parent 3917ab0c68
commit edd5f6f902
284 changed files with 4689 additions and 904 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2009/CVE-2009-05xx/CVE-2009-0551.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-0551",
"sourceIdentifier": "secure@microsoft.com",
"published": "2009-04-15T08:00:00.627",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:00.687",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",

34
CVE-2009/CVE-2009-15xx/CVE-2009-1529.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-1529",
"sourceIdentifier": "secure@microsoft.com",
"published": "2009-06-10T18:30:00.483",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:00.990",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-399"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [

34
CVE-2009/CVE-2009-15xx/CVE-2009-1544.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-1544",
"sourceIdentifier": "secure@microsoft.com",
"published": "2009-08-12T17:30:00.563",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:02.977",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-399"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [

34
CVE-2009/CVE-2009-25xx/CVE-2009-2502.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-2502",
"sourceIdentifier": "secure@microsoft.com",
"published": "2009-10-14T10:30:01.390",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:04.240",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-119"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

34
CVE-2009/CVE-2009-25xx/CVE-2009-2529.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-2529",
"sourceIdentifier": "secure@microsoft.com",
"published": "2009-10-14T10:30:01.733",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:05.513",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

34
CVE-2009/CVE-2009-36xx/CVE-2009-3671.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-3671",
"sourceIdentifier": "secure@microsoft.com",
"published": "2009-12-09T18:30:00.420",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:06.493",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-399"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2010/CVE-2010-02xx/CVE-2010-0248.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2010-0248",
"sourceIdentifier": "secure@microsoft.com",
"published": "2010-01-22T22:00:00.583",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:07.367",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2010/CVE-2010-04xx/CVE-2010-0492.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2010-0492",
"sourceIdentifier": "secure@microsoft.com",
"published": "2010-03-31T19:30:00.517",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:08.240",
"vulnStatus": "Modified",
"cveTags": [],
"evaluatorImpact": "Per: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx\r\n\r\n'Internet Explorer 6 and Internet Explorer 7 are not affected by this vulnerability.'",
@ -17,6 +17,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -53,6 +75,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

34
CVE-2010/CVE-2010-12xx/CVE-2010-1260.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2010-1260",
"sourceIdentifier": "secure@microsoft.com",
"published": "2010-06-08T22:30:01.507",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:09.133",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

34
CVE-2011/CVE-2011-03xx/CVE-2011-0346.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2011-0346",
"sourceIdentifier": "cve@mitre.org",
"published": "2011-01-07T23:00:20.093",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:10.000",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-399"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

36
CVE-2011/CVE-2011-11xx/CVE-2011-1142.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2011-1142",
"sourceIdentifier": "cve@mitre.org",
"published": "2011-03-03T01:00:01.597",
"lastModified": "2023-12-22T18:18:15.377",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-21T17:35:10.907",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-835"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [

34
CVE-2012/CVE-2012-15xx/CVE-2012-1539.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2012-1539",
"sourceIdentifier": "cve@mitre.org",
"published": "2012-11-14T00:55:01.200",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:12.110",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-399"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2013/CVE-2013-08xx/CVE-2013-0810.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2013-0810",
"sourceIdentifier": "cve@mitre.org",
"published": "2013-09-11T14:03:48.000",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-21T17:35:13.017",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

34
CVE-2015/CVE-2015-83xx/CVE-2015-8370.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-8370",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-12-16T21:59:04.063",
"lastModified": "2024-01-16T01:15:33.947",
"lastModified": "2024-10-21T17:35:14.003",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-264"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"configurations": [

34
CVE-2018/CVE-2018-80xx/CVE-2018-8034.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-8034",
"sourceIdentifier": "security@apache.org",
"published": "2018-08-01T18:29:00.313",
"lastModified": "2023-12-08T16:41:18.860",
"lastModified": "2024-10-21T16:35:00.610",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
@ -74,6 +96,16 @@
"value": "CWE-295"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [

8
CVE-2019/CVE-2019-252xx/CVE-2019-25218.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2019-25218",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-19T04:15:03.007",
"lastModified": "2024-10-19T04:15:03.007",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento Photo Gallery Slideshow & Masonry Tiled Gallery para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'id' en todas las versiones hasta la 1.0.3 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de administrador y superior, agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

32
CVE-2022/CVE-2022-484xx/CVE-2022-48434.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48434",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-29T17:15:07.053",
"lastModified": "2023-12-23T12:15:21.383",
"lastModified": "2024-10-21T16:35:03.207",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

38
CVE-2023/CVE-2023-208xx/CVE-2023-20834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20834",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:10.063",
"lastModified": "2023-09-07T19:08:44.343",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-21T17:35:15.610",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
@ -53,6 +73,20 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

38
CVE-2023/CVE-2023-208xx/CVE-2023-20835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20835",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:10.183",
"lastModified": "2023-09-07T19:13:46.380",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-21T17:35:16.473",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
@ -53,6 +73,20 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-314xx/CVE-2023-31436.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31436",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-28T02:15:09.007",
"lastModified": "2023-11-29T15:15:07.820",
"lastModified": "2024-10-21T16:35:05.110",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

38
CVE-2023/CVE-2023-358xx/CVE-2023-35828.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35828",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-18T22:15:09.417",
"lastModified": "2023-12-04T14:53:50.153",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-21T16:35:06.073",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
@ -49,6 +69,20 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

4
CVE-2023/CVE-2023-529xx/CVE-2023-52917.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52917",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:02.230",
"lastModified": "2024-10-21T13:15:02.230",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-60xx/CVE-2023-6080.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-6080",
"sourceIdentifier": "mandiant-cve@google.com",
"published": "2024-10-18T17:15:12.353",
"lastModified": "2024-10-18T17:15:12.353",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lakeside Software\u2019s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access."
},
{
"lang": "es",
"value": "La versi\u00f3n 10.7.8 del instalador SysTrack LsiAgent de Lakeside Software para Windows contiene una vulnerabilidad de escalada de privilegios locales que permite a los atacantes acceso a nivel de SYSTEM."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-62xx/CVE-2023-6243.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-6243",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-19T07:15:02.520",
"lastModified": "2024-10-19T07:15:02.520",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento EventON PRO - WordPress Virtual Event Calendar Plugin para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 4.6.8 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n admin_test_email. Esto permite que atacantes no autenticados env\u00eden correos electr\u00f3nicos de prueba a direcciones de correo electr\u00f3nico arbitrarias a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10120.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10120",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-18T17:15:12.537",
"lastModified": "2024-10-18T17:15:12.537",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en wfh45678 Radar hasta la versi\u00f3n 1.0.8 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /services/v1/common/upload. La manipulaci\u00f3n del archivo de argumentos provoca una carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10121.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10121",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-18T19:15:13.707",
"lastModified": "2024-10-18T19:15:13.707",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en wfh45678 Radar hasta la versi\u00f3n 1.0.8 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del componente Interface Handler. La manipulaci\u00f3n con la entrada /../ lleva a la omisi\u00f3n de la autorizaci\u00f3n. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Esto no parece ser una debilidad de path traversal. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10122.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10122",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-18T19:15:13.990",
"lastModified": "2024-10-18T19:15:13.990",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Topdata Inner Rep Plus WebServer 2.01. Se ha clasificado como problem\u00e1tica. Se trata de una funci\u00f3n desconocida del archivo /InnerRepPlus.html del componente Operator Details Form. La manipulaci\u00f3n provoca la falta de enmascaramiento del campo de contrase\u00f1a. Es posible lanzar el ataque de forma remota. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10123.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10123",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-18T20:15:02.960",
"lastModified": "2024-10-18T20:15:02.960",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Tenda AC8 16.03.34.06. Se ha declarado como cr\u00edtica. La funci\u00f3n compare_parentcontrol_time del archivo /goform/saveParentControlInfo se ve afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento time provoca un desbordamiento del b\u00fafer basado en la pila. El ataque se puede ejecutar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. No se trata del mismo problema que CVE-2023-33671. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10128.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10128",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-18T21:15:03.340",
"lastModified": "2024-10-18T21:15:03.340",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Topdata Inner Rep Plus WebServer 2.01. Se ha calificado como problem\u00e1tica. Este problema afecta a algunas funciones desconocidas del archivo td.js.gz. La manipulaci\u00f3n conduce a un algoritmo criptogr\u00e1fico riesgoso. El ataque puede ejecutarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10129.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10129",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-18T22:15:04.013",
"lastModified": "2024-10-18T22:15:04.013",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en HFO4 shudong-share hasta la versi\u00f3n 2.4.7. Afecta a una parte desconocida del archivo /includes/create_share.php del componente Share Handler. La manipulaci\u00f3n del argumento fkey provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10130.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10130",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-18T22:15:04.683",
"lastModified": "2024-10-18T22:15:04.683",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Tenda AC8 16.03.34.06. Esta vulnerabilidad afecta a la funci\u00f3n formSetRebootTimer del archivo /goform/SetSysAutoRebbotCfg. La manipulaci\u00f3n del argumento rebootTime provoca un desbordamiento del b\u00fafer basado en la pila. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10131.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10131",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-19T04:15:05.300",
"lastModified": "2024-10-19T04:15:05.300",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code."
},
{
"lang": "es",
"value": "La funci\u00f3n `add_llm` en `llm_app.py` en infiniflow/ragflow versi\u00f3n 0.11.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE). La funci\u00f3n utiliza la entrada proporcionada por el usuario `req['llm_factory']` y `req['llm_name']` para instanciar din\u00e1micamente clases de varios diccionarios de modelos. Este enfoque permite a un atacante ejecutar c\u00f3digo arbitrario debido a la falta de una validaci\u00f3n o desinfecci\u00f3n integral de la entrada. Un atacante podr\u00eda proporcionar un valor malicioso para 'llm_factory' que, cuando se utiliza como \u00edndice para estos diccionarios de modelos, da como resultado la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10133.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10133",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T09:15:11.090",
"lastModified": "2024-10-19T09:15:11.090",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en ESAFENET CDG 5 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n updateNetSecPolicyPriority del archivo /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. La manipulaci\u00f3n del argumento id/frontId provoca una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10134.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10134",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T10:15:02.663",
"lastModified": "2024-10-19T10:15:02.663",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en ESAFENET CDG 5 y se ha clasificado como cr\u00edtica. La funci\u00f3n connectLogout del archivo /com/esafenet/servlet/ajax/MultiServerAjax.java se ve afectada por este problema. La manipulaci\u00f3n del argumento servername provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10135.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10135",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T12:15:13.247",
"lastModified": "2024-10-19T12:15:13.247",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en ESAFENET CDG 5. Se ha clasificado como cr\u00edtica. Afecta a la funci\u00f3n actionDelNetSecConfig del archivo /com/esafenet/servlet/netSec/NetSecConfigService.java. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10136.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10136",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T12:15:14.110",
"lastModified": "2024-10-19T12:15:14.110",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_invoice.php. The manipulation of the argument invoice_number leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Pharmacy Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /manage_invoice.php. La manipulaci\u00f3n del argumento invoice_number conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10137.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10137",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T13:15:11.553",
"lastModified": "2024-10-19T13:15:11.553",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Pharmacy Management System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /manage_medicine.php?action=delete. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10138.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10138",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T13:15:12.277",
"lastModified": "2024-10-19T13:15:12.277",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Pharmacy Management System 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /add_new_purchase.php?action=is_supplier. La manipulaci\u00f3n del nombre del argumento provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10139.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10139",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T14:15:02.223",
"lastModified": "2024-10-19T14:15:02.223",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Pharmacy Management System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /add_new_supplier.php. La manipulaci\u00f3n del nombre del argumento conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10140.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10140",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T15:15:14.603",
"lastModified": "2024-10-19T15:15:14.603",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Pharmacy Management System 1.0. Este problema afecta a algunas funciones desconocidas del archivo /manage_supplier.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10141.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10141",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T15:15:14.973",
"lastModified": "2024-10-19T15:15:14.973",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en jsbroks COCO Annotator 0.11.1. Afecta a una parte desconocida del componente Session Handler. La manipulaci\u00f3n del argumento SECRET_KEY hace que el estado sea predecible y no observable. Es posible iniciar el ataque de forma remota. La complejidad del ataque es bastante alta. Se dice que la explotaci\u00f3n es dif\u00edcil. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10142.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10142",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T17:15:10.657",
"lastModified": "2024-10-19T17:15:10.657",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Blood Bank System 1.0 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /viewrequest.php. La manipulaci\u00f3n conduce a Cross-Site Scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10153.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10153",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T18:15:02.437",
"lastModified": "2024-10-19T18:15:02.437",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en PHPGurukul Boat Booking System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo book-boat.php?bid=1 del componente Book a Boat Page. La manipulaci\u00f3n del argumento nopeople conduce a una inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10154.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10154",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T19:15:04.090",
"lastModified": "2024-10-19T19:15:04.090",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en PHPGurukul Boat Booking System 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del archivo status.php del componente Check Booking Status Page. La manipulaci\u00f3n del argumento emailid provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10155.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10155",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T21:15:12.220",
"lastModified": "2024-10-19T21:15:12.220",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en PHPGurukul Boat Booking System 1.0. Se ha clasificado como problem\u00e1tica. Afecta a una parte desconocida del archivo book-boat.php?bid=1 del componente Book a Boat Page. La manipulaci\u00f3n del argumento phone_number provoca Cross-Site Scripting. Es posible iniciar el ataque de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10156.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10156",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T21:15:12.490",
"lastModified": "2024-10-19T21:15:12.490",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en PHPGurukul Boat Booking System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/index.php del componente Sign In Page. La manipulaci\u00f3n del argumento username provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10157.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10157",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T23:15:04.033",
"lastModified": "2024-10-19T23:15:04.033",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en PHPGurukul Boat Booking System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /admin/password-recovery.php del componente Reset Your Password Page. La manipulaci\u00f3n del argumento username provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10158.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10158",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-19T23:15:04.297",
"lastModified": "2024-10-19T23:15:04.297",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en PHPGurukul Boat Booking System 1.0. La funci\u00f3n afectada es session_start. La manipulaci\u00f3n provoca la fijaci\u00f3n de la sesi\u00f3n. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10159.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10159",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T00:15:02.137",
"lastModified": "2024-10-20T00:15:02.137",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"mobilenumber\" to be affected. But it must be assumed that other parameters are affected as well."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Boat Booking System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/profile.php del componente My Profile Page. La manipulaci\u00f3n del argumento sadminusername/fullname/emailid/mobilenumber conduce a una inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo menciona el par\u00e1metro \"mobilenumber\" que se ver\u00e1 afectado. Pero se debe asumir que tambi\u00e9n se ver\u00e1n afectados otros par\u00e1metros."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10160.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10160",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T00:15:02.550",
"lastModified": "2024-10-20T00:15:02.550",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"fdate\" to be affected. But it must be assumed \"tdate\" is affected as well."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en PHPGurukul Boat Booking System 1.0. Este problema afecta a una funcionalidad desconocida del archivo /admin/bwdates-report-details.php del componente BW Dates Report Page. La manipulaci\u00f3n del argumento fdate/tdate conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo menciona que el par\u00e1metro \"fdate\" se ver\u00e1 afectado, pero se debe asumir que \"tdate\" tambi\u00e9n se ver\u00e1 afectado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10161.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10161",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T01:15:01.940",
"lastModified": "2024-10-20T01:15:01.940",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Boat Booking System 1.0. Afecta a una parte desconocida del archivo change-image.php del componente Update Boat Image Page. La manipulaci\u00f3n del argumento image permite la carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10162.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10162",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T01:15:02.213",
"lastModified": "2024-10-20T01:15:02.213",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"mobilenumber\" to be affected. But it must be assumed that other parameters are affected as well."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en PHPGurukul Boat Booking System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/edit-subadmin.php del componente Edit Subdomain Details Page. La manipulaci\u00f3n del argumento sadminusername/fullname/emailid/mobilenumber conduce a una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo menciona el par\u00e1metro \"mobilenumber\" que se ver\u00e1 afectado. Pero se debe asumir que tambi\u00e9n se ver\u00e1n afectados otros par\u00e1metros."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10163.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10163",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T02:15:01.970",
"lastModified": "2024-10-20T02:15:01.970",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en SourceCodester Sentiment Based Movie Rating System 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /msrps/movie_details.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. La divulgaci\u00f3n inicial del investigador menciona un nombre de producto ligeramente modificado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10165.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10165",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T03:15:02.557",
"lastModified": "2024-10-20T03:15:02.557",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Codezips Sales Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo deletecustcom.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10166.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10166",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T03:15:02.840",
"lastModified": "2024-10-20T03:15:02.840",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Codezips Sales Management System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo checkuser.php. La manipulaci\u00f3n del nombre del argumento provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10167.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10167",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T03:15:03.090",
"lastModified": "2024-10-20T03:15:03.090",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Codezips Sales Management System 1.0. Afecta a una parte desconocida del archivo deletecustind.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10169.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10169",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T04:15:02.600",
"lastModified": "2024-10-20T04:15:02.600",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Hospital Management System 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo change-password.php. La manipulaci\u00f3n del argumento cpass conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10170.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10170",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T04:15:02.920",
"lastModified": "2024-10-20T04:15:02.920",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Hospital Management System 1.0. Este problema afecta a algunos procesos desconocidos del archivo get_doctor.php. La manipulaci\u00f3n del argumento specilizationid conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10171.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10171",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T05:15:02.363",
"lastModified": "2024-10-20T05:15:02.363",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Blood Bank System hasta la versi\u00f3n 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /admin/massage.php. La manipulaci\u00f3n del argumento bid provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10173.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10173",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T05:15:02.830",
"lastModified": "2024-10-20T05:15:02.830",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en didi DDMQ 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente Console Module. La manipulaci\u00f3n de la entrada /;login provoca una autenticaci\u00f3n incorrecta. El ataque se puede lanzar de forma remota. La vulnerabilidad se ha divulgado al p\u00fablico y puede utilizarse. Este producto adopta el enfoque de lanzamientos continuos para proporcionar una entrega continua. Por lo tanto, no est\u00e1n disponibles los detalles de las versiones afectadas y actualizadas. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10191.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10191",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T06:15:02.413",
"lastModified": "2024-10-20T06:15:02.413",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en PHPGurukul Boat Booking System 1.0. Afecta a una parte desconocida del archivo /admin/book-details.php del componente Booking Details Page. La manipulaci\u00f3n del argumento Official Remark provoca Cross-Site Scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10192.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10192",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T07:15:02.103",
"lastModified": "2024-10-20T07:15:02.103",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en PHPGurukul IFSC Code Finder Project 1.0 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo search.php. La manipulaci\u00f3n conduce a Cross-Site Scripting. El ataque se puede iniciar de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10193.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10193",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T08:15:02.300",
"lastModified": "2024-10-20T08:15:02.300",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en WAVLINK WN530H4, WN530HG4 y WN572HG3 hasta el 28/10/2022 y se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n ping_ddns del archivo internet.cgi. La manipulaci\u00f3n del argumento DDNS provoca la inyecci\u00f3n de comandos. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10194.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10194",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T08:15:02.710",
"lastModified": "2024-10-20T08:15:02.710",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en WAVLINK WN530H4, WN530HG4 y WN572HG3 hasta el 28/10/2022. Se ha clasificado como cr\u00edtica. La funci\u00f3n Goto_chidx del archivo login.cgi del componente Front-End Authentication Page est\u00e1 afectada. La manipulaci\u00f3n del argumento wlanUrl provoca un desbordamiento del b\u00fafer basado en la pila. El ataque solo puede iniciarse dentro de la red local. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10195.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10195",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T09:15:02.393",
"lastModified": "2024-10-20T09:15:02.393",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Tecno 4G Portable WiFi TR118 V008-20220830. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /goform/goform_get_cmd_process del componente SMS Check. La manipulaci\u00f3n del argumento order_by conduce a una inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10196.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10196",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-21T01:15:02.230",
"lastModified": "2024-10-21T01:15:02.230",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Pharmacy Management System 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /add_new_invoice.php. La manipulaci\u00f3n del texto del argumento conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10197.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10197",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-21T01:15:02.687",
"lastModified": "2024-10-21T01:15:02.687",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Pharmacy Management System 1.0. Se ha clasificado como problem\u00e1tica. Se ve afectada una funci\u00f3n desconocida del archivo /manage_supplier.php del componente Manage Supplier Page. La manipulaci\u00f3n del argumento address provoca Cross-Site Scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Tambi\u00e9n pueden verse afectados otros par\u00e1metros."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10198.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10198",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-21T02:15:02.133",
"lastModified": "2024-10-21T02:15:02.133",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Pharmacy Management System 1.0. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /manage_customer.php del componente Manage Customer Page. La manipulaci\u00f3n del argumento providers_name/address conduce a Cross-Site Scripting. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores menciona archivos contradictorios que se ver\u00e1n afectados. Tambi\u00e9n podr\u00edan verse afectados otros par\u00e1metros."
}
],
"metrics": {

8
CVE-2024/CVE-2024-101xx/CVE-2024-10199.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10199",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-21T02:15:02.403",
"lastModified": "2024-10-21T02:15:02.403",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Pharmacy Management System 1.0. Se ha calificado como problem\u00e1tica. Este problema afecta a algunas funciones desconocidas del archivo /manage_medicine.php del componente Manage Medicines Page. La manipulaci\u00f3n del argumento name/address/doctor_address/suppliers_name provoca Cross-Site Scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores menciona archivos contradictorios que se ver\u00e1n afectados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-102xx/CVE-2024-10200.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10200",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-10-21T04:15:02.513",
"lastModified": "2024-10-21T04:15:02.513",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server."
},
{
"lang": "es",
"value": "Administrative Management System de Wellchoose tiene una vulnerabilidad de path traversal, lo que permite a atacantes remotos no autenticados explotar esta vulnerabilidad para descargar archivos arbitrarios en el servidor."
}
],
"metrics": {

8
CVE-2024/CVE-2024-102xx/CVE-2024-10201.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10201",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-10-21T04:15:02.893",
"lastModified": "2024-10-21T04:15:02.893",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells."
},
{
"lang": "es",
"value": "Administrative Management System de Wellchoose no valida correctamente los tipos de archivos cargados, lo que permite que atacantes remotos con privilegios regulares carguen y ejecuten webshells."
}
],
"metrics": {

8
CVE-2024/CVE-2024-102xx/CVE-2024-10202.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10202",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-10-21T04:15:03.900",
"lastModified": "2024-10-21T04:15:03.900",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands."
},
{
"lang": "es",
"value": "Administrative Management System de Wellchoose tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo, lo que permite a atacantes remotos con privilegios regulares inyectar y ejecutar comandos arbitrarios del sistema operativo."
}
],
"metrics": {

61
CVE-2024/CVE-2024-212xx/CVE-2024-21233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21233",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:12.293",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:17:34.617",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,61 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.3",
"versionEndIncluding": "19.24",
"matchCriteriaId": "255FC4D8-BDC8-4686-B97C-D462E68ACECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "21.3",
"versionEndIncluding": "21.15",
"matchCriteriaId": "905A5485-EEC2-49A8-9ECB-B9C398CF641C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:database_server:23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF50A6F-B07E-443D-A446-DBBA5C8FC82B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:database_server:23.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8D6899-7091-4434-87D9-DA468E2FF4D6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-212xx/CVE-2024-21242.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21242",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:13.730",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:17:57.040",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,61 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:xml_database:*:*:*:*:*:*:*:*",
"versionStartExcluding": "19.3",
"versionEndIncluding": "19.24",
"matchCriteriaId": "4C0CCB33-06E6-4FC9-9569-F49471A2A3A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:xml_database:*:*:*:*:*:*:*:*",
"versionStartExcluding": "21.3",
"versionEndIncluding": "21.15",
"matchCriteriaId": "7955AD5E-EE3E-4C09-BBF4-4B647CA46B14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:xml_database:23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4833CB3-997B-48A2-9277-D8DE452FE626"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:xml_database:23.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C8394166-1DE0-4EC5-B2E9-EB0EBB153D2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-212xx/CVE-2024-21262.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21262",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:17.157",
"lastModified": "2024-10-16T16:38:43.170",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:28:16.427",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +61,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1DFA06-03A1-41E6-BF09-156C1084A811"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-212xx/CVE-2024-21272.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21272",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:18.963",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:14:28.780",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +61,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1DFA06-03A1-41E6-BF09-156C1084A811"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-212xx/CVE-2024-21275.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21275",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:19.520",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:05:07.587",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "secalert_us@oracle.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.7",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "9AEA0470-D9AD-4694-8FA4-6A94CF437A19"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-212xx/CVE-2024-21276.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21276",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:19.693",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:06:30.230",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +61,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "03EF06AB-699E-4F8E-8B6C-C4B17F3F4DC1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-212xx/CVE-2024-21277.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21277",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:19.873",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:06:47.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +61,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "03EF06AB-699E-4F8E-8B6C-C4B17F3F4DC1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-212xx/CVE-2024-21278.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21278",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:20.070",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:07:08.597",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +61,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "03EF06AB-699E-4F8E-8B6C-C4B17F3F4DC1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-212xx/CVE-2024-21279.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21279",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:20.257",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:08:39.683",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +61,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "03EF06AB-699E-4F8E-8B6C-C4B17F3F4DC1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-212xx/CVE-2024-21280.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21280",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:20.453",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:08:59.440",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +61,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:service_contracts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.5",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "3494DC24-8651-4D71-8FDA-3E26592E9934"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-212xx/CVE-2024-21281.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21281",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:20.647",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:11:15.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,42 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46370D5C-11B2-4D86-A012-F5B9243229B0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-212xx/CVE-2024-21282.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21282",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:20.830",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:12:01.550",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +61,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.3",
"versionEndIncluding": "12.2.13",
"matchCriteriaId": "03EF06AB-699E-4F8E-8B6C-C4B17F3F4DC1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-212xx/CVE-2024-21283.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21283",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:21.033",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:13:04.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +61,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.48",
"versionEndIncluding": "9.2.50",
"matchCriteriaId": "643F3A21-105A-4A1F-9C32-9BCEA330EE56"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-212xx/CVE-2024-21286.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21286",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-10-15T20:15:21.633",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:16:31.867",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,42 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B2C85-C8F3-4325-A554-888325A2A2F1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-215xx/CVE-2024-21536.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21536",
"sourceIdentifier": "report@snyk.io",
"published": "2024-10-19T05:15:13.097",
"lastModified": "2024-10-19T05:15:13.097",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths."
},
{
"lang": "es",
"value": "Las versiones del paquete http-proxy-middleware anteriores a la 2.0.7, a la 3.0.0 y a la 3.0.3 es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) debido a un error UnhandledPromiseRejection generado por micromatch. Un atacante podr\u00eda matar el proceso Node.js y bloquear el servidor al realizar solicitudes a determinadas rutas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-292xx/CVE-2024-29213.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29213",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-10-18T23:15:03.180",
"lastModified": "2024-10-18T23:15:03.180",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector."
},
{
"lang": "es",
"value": "Ivanti DSM &lt; versi\u00f3n 2024.2 permite que los usuarios autenticados en la m\u00e1quina local ejecuten c\u00f3digo con privilegios elevados debido a una ACL insegura a trav\u00e9s de un vector de ataque no especificado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-298xx/CVE-2024-29821.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29821",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-10-18T23:15:03.357",
"lastModified": "2024-10-18T23:15:03.357",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector."
},
{
"lang": "es",
"value": "Ivanti DSM &lt; versi\u00f3n 2024.2 permite que los usuarios autenticados en la m\u00e1quina local ejecuten c\u00f3digo con privilegios elevados debido a una ACL insegura a trav\u00e9s de un vector de ataque no especificado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-374xx/CVE-2024-37404.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37404",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-10-18T23:15:03.580",
"lastModified": "2024-10-18T23:15:03.580",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el portal de administraci\u00f3n de Ivanti Connect Secure anterior a 22.7R2.1 y 9.1R18.9, o Ivanti Policy Secure anterior a 22.7R1.1 permite que un atacante autenticado remoto logre la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

33
CVE-2024/CVE-2024-407xx/CVE-2024-40746.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-40746",
"sourceIdentifier": "security@joomla.org",
"published": "2024-10-21T17:15:03.330",
"lastModified": "2024-10-21T17:15:03.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@joomla.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.hikashop.com/",
"source": "security@joomla.org"
}
]
}

8
CVE-2024/CVE-2024-425xx/CVE-2024-42508.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42508",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-10-18T16:15:04.710",
"lastModified": "2024-10-18T16:15:04.710",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users."
},
{
"lang": "es",
"value": "Esta vulnerabilidad podr\u00eda ser explotada para provocar la divulgaci\u00f3n no autorizada de informaci\u00f3n a usuarios autenticados."
}
],
"metrics": {},

63
CVE-2024/CVE-2024-42xx/CVE-2024-4211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4211",
"sourceIdentifier": "security@opentext.com",
"published": "2024-10-16T17:15:17.617",
"lastModified": "2024-10-18T12:53:04.627",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T16:15:09.963",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "LOW"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -73,10 +105,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://portal.microfocus.com/s/article/KM000033543?language=en_US",
"source": "security@opentext.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "24.1.0",
"matchCriteriaId": "81346F30-B1A1-4A05-8706-ACED99564F09"
}
]
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000033543?language=en_US",
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
]
}
]
}

569
CVE-2024/CVE-2024-434xx/CVE-2024-43483.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43483",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:10.367",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T17:35:34.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,557 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483",
"source": "secure@microsoft.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F513002-D8C1-4D3A-9F79-4B52498F67E9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4793BFB-2E4E-4067-87A5-4B8749025CA3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42D329B2-432D-4029-87EB-4C3C5F55CD95"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A529CED5-0DF0-4203-85C0-894CAF37E159"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B822942-B429-406C-A13A-A2379AA952CF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "1648C361-E25C-42FE-8543-03DE56100201"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "280FE663-23BE-45D2-9B31-5F577E390B48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*",
"matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.35",
"matchCriteriaId": "BA23E158-EEDE-46D9-ADA2-43A07949A326"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.10",
"matchCriteriaId": "D977AC32-7583-44F0-B48D-ACB001DA164A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.6",
"versionEndExcluding": "17.6.20",
"matchCriteriaId": "C8CF89C8-6076-458E-B27E-B88A6A8765FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.8",
"versionEndExcluding": "17.8.15",
"matchCriteriaId": "81CBEFEE-6C2B-4341-9499-42385C88E5CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.10",
"versionEndExcluding": "17.10.8",
"matchCriteriaId": "68935496-FE9F-4E64-95C7-4DCAA4681F41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.11",
"versionEndExcluding": "17.11.5",
"matchCriteriaId": "2FB9AE6A-F671-423C-9C83-0A031067F948"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

584
CVE-2024/CVE-2024-434xx/CVE-2024-43484.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43484",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-08T18:15:10.633",
"lastModified": "2024-10-10T12:56:30.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T17:35:44.460",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -55,10 +65,572 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484",
"source": "secure@microsoft.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F513002-D8C1-4D3A-9F79-4B52498F67E9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4793BFB-2E4E-4067-87A5-4B8749025CA3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42D329B2-432D-4029-87EB-4C3C5F55CD95"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A529CED5-0DF0-4203-85C0-894CAF37E159"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B822942-B429-406C-A13A-A2379AA952CF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "1648C361-E25C-42FE-8543-03DE56100201"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "1648C361-E25C-42FE-8543-03DE56100201"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "280FE663-23BE-45D2-9B31-5F577E390B48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*",
"matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.35",
"matchCriteriaId": "BA23E158-EEDE-46D9-ADA2-43A07949A326"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.10",
"matchCriteriaId": "D977AC32-7583-44F0-B48D-ACB001DA164A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.6",
"versionEndExcluding": "17.6.20",
"matchCriteriaId": "C8CF89C8-6076-458E-B27E-B88A6A8765FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.8",
"versionEndExcluding": "17.8.15",
"matchCriteriaId": "81CBEFEE-6C2B-4341-9499-42385C88E5CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.10",
"versionEndExcluding": "17.10.8",
"matchCriteriaId": "68935496-FE9F-4E64-95C7-4DCAA4681F41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.11",
"versionEndExcluding": "17.11.5",
"matchCriteriaId": "2FB9AE6A-F671-423C-9C83-0A031067F948"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-435xx/CVE-2024-43577.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43577",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-18T23:15:06.510",
"lastModified": "2024-10-18T23:15:06.510",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:10:22.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {

4
CVE-2024/CVE-2024-436xx/CVE-2024-43689.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43689",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-10-21T02:15:02.680",
"lastModified": "2024-10-21T14:35:08.110",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-439xx/CVE-2024-43945.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43945",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-21T11:15:02.933",
"lastModified": "2024-10-21T11:15:02.933",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-440xx/CVE-2024-44000.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44000",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-20T12:15:03.287",
"lastModified": "2024-10-20T12:15:03.287",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1."
},
{
"lang": "es",
"value": "Vulnerabilidad de credenciales insuficientemente protegidas en LiteSpeed Technologies LiteSpeed Cache permite omitir la autenticaci\u00f3n. Este problema afecta a LiteSpeed Cache: desde n/a hasta 6.5.0.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-440xx/CVE-2024-44061.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44061",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-20T10:15:02.277",
"lastModified": "2024-10-20T10:15:02.277",
"vulnStatus": "Received",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de etiquetas HTML relacionadas con scripts en una p\u00e1gina web (XSS b\u00e1sico) en WPFactory EU/UK VAT Manager para WooCommerce permite Cross-Site Scripting (XSS). Este problema afecta a EU/UK VAT Manager para WooCommerce: desde n/a hasta 2.12.14."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More