admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-05T14:00:45.893350+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-05 14:03:41 +00:00
parent b7593be602
commit f8fe9a5a81
109 changed files with 1403 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2023/CVE-2023-521xx/CVE-2023-52168.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52168",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T18:15:04.597",
"lastModified": "2024-07-03T19:15:02.933",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc."
},
{
"lang": "es",
"value": "El controlador NTFS NtfsHandler.cpp en 7-Zip anterior a 24.01 (para 7zz) contiene un desbordamiento de b\u00fafer basado en mont\u00f3n que permite a un atacante sobrescribir dos bytes en m\u00faltiples desplazamientos m\u00e1s all\u00e1 del tama\u00f1o de b\u00fafer asignado: b\u00fafer+512*i-2, para i =9, yo=10, yo=11, etc."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-521xx/CVE-2023-52169.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52169",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T18:15:04.677",
"lastModified": "2024-07-03T19:15:03.017",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process."
},
{
"lang": "es",
"value": "El controlador NTFS NtfsHandler.cpp en 7-Zip anterior a 24.01 (para 7zz) contiene una lectura fuera de los l\u00edmites que permite a un atacante leer m\u00e1s all\u00e1 del b\u00fafer previsto. Los bytes le\u00eddos m\u00e1s all\u00e1 del b\u00fafer previsto se presentan como parte de un nombre de archivo que figura en la imagen del sistema de archivos. Esto tiene relevancia para la seguridad en algunos casos de uso conocidos de servicios web donde usuarios que no son de confianza pueden cargar archivos y extraerlos mediante un proceso 7-Zip del lado del servidor."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-523xx/CVE-2023-52340.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-52340",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T02:15:09.747",
"lastModified": "2024-07-05T02:15:09.747",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de IPv6 en el kernel de Linux anterior a 6.3 tiene un umbral net/ipv6/route.c max_size que se puede consumir f\u00e1cilmente, por ejemplo, provocando una denegaci\u00f3n de servicio (errores de red inaccesible) cuando los paquetes IPv6 se env\u00edan en un bucle a trav\u00e9s de un enchufe crudo."
}
],
"metrics": {},

82
CVE-2024/CVE-2024-08xx/CVE-2024-0845.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-0845",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-18T03:15:09.330",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-05T13:32:05.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -17,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -38,26 +59,71 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redlettuce:pdf_viewer_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.3",
"matchCriteriaId": "90E16822-8A35-43F7-8C0A-F4B8FE99E2D1"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L256",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L260",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L215",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L219",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-11xx/CVE-2024-1182.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1182",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-07-04T09:15:02.743",
"lastModified": "2024-07-04T09:15:02.743",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64 and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature."
},
{
"lang": "es",
"value": "Vulnerabilidad no controlada del elemento de ruta de b\u00fasqueda en ICONICS GENESIS64 todas las versiones, Mitsubishi Electric GENESIS64 todas las versiones y Mitsubishi Electric MC Works64 todas las versiones permite a un atacante local ejecutar un c\u00f3digo malicioso almacenando una DLL especialmente manipulada en una carpeta espec\u00edfica cuando GENESIS64 y MC Works64 est\u00e1n instalados con el agente buscapersonas en la funci\u00f3n de notificaci\u00f3n de alarma de m\u00faltiples agentes."
}
],
"metrics": {

8
CVE-2024/CVE-2024-15xx/CVE-2024-1573.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1573",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-07-04T09:15:03.260",
"lastModified": "2024-07-04T09:15:03.260",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting.\n * \u201cAutomatic log in\u201d option is enabled in the security setting.\n * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account.\n * The IcoAnyGlass IIS Application Pool account is included in GENESIS64TM and MC Works64 Security and has permission to log in."
},
{
"lang": "es",
"value": "Vulnerabilidad de autenticaci\u00f3n incorrecta en la funci\u00f3n de monitoreo m\u00f3vil de ICONICS GENESIS64 versiones 10.97 a 10.97.2, Mitsubishi Electric GENESIS64 versiones 10.97 a 10.97.2 y Mitsubishi Electric MC Works64 todas las versiones permite que un atacante remoto no autenticado omita la autenticaci\u00f3n adecuada e inicie sesi\u00f3n en el sistema cuando Se cumplen todas las condiciones siguientes: * Se utiliza Active Directory en la configuraci\u00f3n de seguridad. * La opci\u00f3n \"Inicio de sesi\u00f3n autom\u00e1tico\" est\u00e1 habilitada en la configuraci\u00f3n de seguridad. * El grupo de aplicaciones IcoAnyGlass IIS se ejecuta en una cuenta de dominio de Active Directory. * La cuenta del grupo de aplicaciones IcoAnyGlass IIS est\u00e1 incluida en GENESIS64TM y MC Works64 Security y tiene permiso para iniciar sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-15xx/CVE-2024-1574.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1574",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-07-04T09:15:03.720",
"lastModified": "2024-07-04T09:15:03.720",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
},
{
"lang": "es",
"value": "El uso de entrada controlada externamente para seleccionar clases o vulnerabilidad de c\u00f3digo (\"Reflejo inseguro\") en la funci\u00f3n de licencia de ICONICS GENESIS64 versiones 10.97 a 10.97.2, Mitsubishi Electric GENESIS64 versiones 10.97 a 10.97.2 y Mitsubishi Electric MC Works64 todas las versiones permite una un atacante local ejecute un c\u00f3digo malicioso con privilegios administrativos manipulando un archivo espec\u00edfico que no est\u00e1 protegido por el sistema."
}
],
"metrics": {

45
CVE-2024/CVE-2024-16xx/CVE-2024-1634.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-1634",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-18T03:15:09.580",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-05T13:31:34.347",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -38,14 +39,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:startbooking:scheduling_plugin_-_online_booking:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.5.10",
"matchCriteriaId": "6D6A70D3-3C70-4C3E-953B-E1211FAF49F8"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/calendar-booking/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-222xx/CVE-2024-22277.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-22277",
"sourceIdentifier": "security@vmware.com",
"published": "2024-07-04T14:15:01.990",
"lastModified": "2024-07-04T14:15:01.990",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Cloud Director Availability contains an HTML injection vulnerability. \nA\n malicious actor with network access to VMware Cloud Director \nAvailability can craft malicious HTML tags to execute within replication\n tasks."
},
{
"lang": "es",
"value": "VMware Cloud Director Availability contiene una vulnerabilidad de inyecci\u00f3n de HTML. Un actor malicioso con acceso de red a VMware Cloud Director Availability puede crear etiquetas HTML maliciosas para ejecutarlas dentro de las tareas de replicaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-23xx/CVE-2024-2385.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2385",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-04T04:15:14.000",
"lastModified": "2024-07-04T04:15:14.000",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.3.7 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
},
{
"lang": "es",
"value": "El complemento Elementor Addons by Livemesh para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 8.3.7 incluida a trav\u00e9s de varios de los widgets del complemento a trav\u00e9s del atributo 'estilo'. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, incluyan y ejecuten archivos arbitrarios en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en los casos en que se puedan cargar e incluir im\u00e1genes y otros tipos de archivos \"seguros\"."
}
],
"metrics": {

8
CVE-2024/CVE-2024-295xx/CVE-2024-29506.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29506",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T18:15:04.840",
"lastModified": "2024-07-03T18:15:04.840",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name."
},
{
"lang": "es",
"value": "Artifex Ghostscript anterior a 10.03.0 tiene un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n pdfi_apply_filter() a trav\u00e9s de un nombre de filtro PDF largo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-295xx/CVE-2024-29507.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29507",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.240",
"lastModified": "2024-07-03T19:15:03.240",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters."
},
{
"lang": "es",
"value": "Artifex Ghostscript anterior a 10.03.0 a veces tiene un desbordamiento del b\u00fafer basado en pila a trav\u00e9s de los par\u00e1metros CIDFSubstPath y CIDFSubstFont."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-295xx/CVE-2024-29508.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29508",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T18:15:04.903",
"lastModified": "2024-07-03T20:15:03.563",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc."
},
{
"lang": "es",
"value": "Artifex Ghostscript anterior a 10.03.0 tiene una divulgaci\u00f3n de puntero basada en mont\u00f3n (observable en un nombre BaseFont construido) en la funci\u00f3n pdf_base_font_alloc."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-295xx/CVE-2024-29509.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29509",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T18:15:04.973",
"lastModified": "2024-07-03T18:15:04.973",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \\000 byte in the middle."
},
{
"lang": "es",
"value": "Artifex Ghostscript anterior a 10.03.0 tiene un desbordamiento basado en mont\u00f3n cuando PDFPassword (por ejemplo, para runpdf) tiene un byte \\000 en el medio."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-295xx/CVE-2024-29510.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29510",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.320",
"lastModified": "2024-07-03T19:15:03.320",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device."
},
{
"lang": "es",
"value": "Artifex Ghostscript anterior a 10.03.1 permite la corrupci\u00f3n de la memoria y una omisi\u00f3n M\u00c1S SEGURA de la sandbox mediante la inyecci\u00f3n de cadena de formato con un dispositivo uniprint."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-295xx/CVE-2024-29511.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-29511",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.430",
"lastModified": "2024-07-03T19:15:03.430",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd."
},
{
"lang": "es",
"value": "Artifex Ghostscript anterior a 10.03.1, cuando se usa Tesseract para OCR, tiene un problema de directory traversal que permite la lectura de archivos arbitrarios (y la escritura de mensajes de error en archivos arbitrarios) a trav\u00e9s de OCRLanguage. Por ejemplo, la explotaci\u00f3n puede utilizar debug_file /tmp/out y user_patterns_file /etc/passwd."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-29xx/CVE-2024-2926.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-2926",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-04T04:15:14.600",
"lastModified": "2024-07-04T04:15:14.600",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los widgets del complemento en todas las versiones hasta la 8.3.7 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-312xx/CVE-2024-31223.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-31223",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-03T18:15:05.097",
"lastModified": "2024-07-03T18:15:05.097",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. A vulnerability present starting in version 2.19.0 and prior to version 2.39.2rc0 allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL. This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. The vulnerability has been patched in Fides version 2.39.2rc0. No known workarounds are available."
},
{
"lang": "es",
"value": "Fides es una plataforma de ingenier\u00eda de privacidad de c\u00f3digo abierto y `SERVER_SIDE_FIDES_API_URL` es una variable de entorno de configuraci\u00f3n del lado del servidor utilizada por el Centro de Privacidad de Fides para comunicarse con el servidor web de Fides. El valor de esta variable es una URL que normalmente incluye una direcci\u00f3n IP privada, un nombre de dominio privado y/o un puerto. Una vulnerabilidad presente a partir de la versi\u00f3n 2.19.0 y antes de la versi\u00f3n 2.39.2rc0 permite que un atacante no autenticado realice una solicitud HTTP GET desde el Centro de privacidad que revela el valor de esta URL del lado del servidor. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de la configuraci\u00f3n del lado del servidor, proporcionando al atacante informaci\u00f3n sobre los puertos del lado del servidor, direcciones IP privadas y/o nombres de dominio privados. La vulnerabilidad ha sido parcheada en la versi\u00f3n 2.39.2rc0 de Fides. No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-324xx/CVE-2024-32498.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32498",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T02:15:09.840",
"lastModified": "2024-07-05T02:15:09.840",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenStack Cinder hasta 24.0.0, Glance antes de 28.0.2 y Nova antes de 29.0.3. El acceso arbitrario a archivos puede ocurrir a trav\u00e9s de datos externos QCOW2 personalizados. Al proporcionar una imagen QCOW2 manipulada que hace referencia a una ruta de archivo de datos espec\u00edfica, un usuario autenticado puede convencer a los sistemas para que devuelvan una copia del contenido de ese archivo desde el servidor, lo que resulta en un acceso no autorizado a datos potencialmente confidenciales. Todas las implementaciones de Cinder y Nova se ven afectadas; solo se ven afectadas las implementaciones de Glance con la conversi\u00f3n de im\u00e1genes habilitada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-327xx/CVE-2024-32754.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32754",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-07-04T11:15:10.400",
"lastModified": "2024-07-04T11:15:10.400",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information."
},
{
"lang": "es",
"value": "En determinadas circunstancias, cuando el controlador est\u00e1 en modo de restablecimiento de f\u00e1brica esperando la configuraci\u00f3n inicial, transmitir\u00e1 su direcci\u00f3n MAC, n\u00famero de serie y versi\u00f3n de firmware. Una vez configurado, el controlador ya no transmitir\u00e1 esta informaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-329xx/CVE-2024-32937.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-32937",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-03T14:15:05.340",
"lastModified": "2024-07-03T17:15:03.867",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad CWMP SelfDefinedTimeZone de Grandstream GXP2135 1.0.9.129, 1.0.11.74 y 1.0.11.79. Un paquete de red especialmente manipulado puede provocar la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una secuencia de paquetes maliciosos para desencadenar esta vulnerabilidad."
}
],
"metrics": {

72
CVE-2024/CVE-2024-32xx/CVE-2024-3276.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3276",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-18T06:15:12.270",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-05T13:39:52.460",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,74 @@
"value": "El complemento Lightbox & Modal Popup WordPress Plugin de WordPress anterior a 2.7.28, el complemento foobox-image-lightbox-premium de WordPress anterior a 2.7.28 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fooplugins:foobox:*:*:*:*:-:wordpress:*:*",
"versionEndExcluding": "2.7.28",
"matchCriteriaId": "430BBDD4-D719-4B8F-810B-939F686E1BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fooplugins:foobox:*:*:*:*:premium:wordpress:*:*",
"versionEndExcluding": "2.7.28",
"matchCriteriaId": "9C39328C-1FDD-41DB-B669-AF2E52FBE578"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/996d3247-ebdd-49d1-a1a3-ceedcf9f2f95/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-338xx/CVE-2024-33869.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33869",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.767",
"lastModified": "2024-07-03T19:15:03.767",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Artifex Ghostscript antes de la versi\u00f3n 10.03.1. El path traversal y la ejecuci\u00f3n de comandos pueden ocurrir (a trav\u00e9s de un documento PostScript manipulado) debido a la reducci\u00f3n de ruta en base/gpmisc.c. Por ejemplo, las restricciones sobre el uso de %pipe% se pueden omitir mediante el nombre de archivo de salida aa/../%pipe%command#."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-338xx/CVE-2024-33870.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33870",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.867",
"lastModified": "2024-07-03T19:15:03.867",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Artifex Ghostscript antes de la versi\u00f3n 10.03.1. Existe un path traversal (a trav\u00e9s de un documento PostScript manipulado) a archivos arbitrarios si el directorio actual se encuentra en las rutas permitidas. Por ejemplo, puede haber una transformaci\u00f3n de ../../foo a ./../../foo y esto otorgar\u00e1 acceso si ./ est\u00e1 permitido."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-338xx/CVE-2024-33871.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33871",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.943",
"lastModified": "2024-07-03T19:15:03.943",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Artifex Ghostscript antes de la versi\u00f3n 10.03.1. contrib/opvp/gdevopvp.c permite la ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de una librer\u00eda de controladores personalizada, explotable a trav\u00e9s de un documento PostScript manipulado. Esto ocurre porque el par\u00e1metro Controlador para dispositivos opvp (y oprp) puede tener un nombre arbitrario para una librer\u00eda din\u00e1mica; luego se carga esta librer\u00eda. "
}
],
"metrics": {},

8
CVE-2024/CVE-2024-33xx/CVE-2024-3332.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3332",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2024-07-03T17:15:04.470",
"lastModified": "2024-07-03T17:15:04.470",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device"
},
{
"lang": "es",
"value": "Un dispositivo BLE malicioso puede enviar un orden espec\u00edfico de secuencia de paquetes para provocar un ataque DoS en el dispositivo BLE v\u00edctima"
}
],
"metrics": {

8
CVE-2024/CVE-2024-344xx/CVE-2024-34481.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34481",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T02:15:09.920",
"lastModified": "2024-07-05T02:15:09.920",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page."
},
{
"lang": "es",
"value": "drupal-wiki.com Drupal Wiki anterior a 8.31.1 permite XSS a trav\u00e9s de comentarios, leyendas y t\u00edtulos de im\u00e1genes de una p\u00e1gina Wiki."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-347xx/CVE-2024-34750.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-34750",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-03T20:15:04.083",
"lastModified": "2024-07-03T20:15:04.083",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Manejo inadecuado de condiciones excepcionales, vulnerabilidad de consumo incontrolado de recursos en Apache Tomcat. Al procesar una secuencia HTTP/2, Tomcat no manej\u00f3 correctamente algunos casos de encabezados HTTP excesivos. Esto llev\u00f3 a un conteo err\u00f3neo de flujos HTTP/2 activos que a su vez llev\u00f3 al uso de un tiempo de espera infinito incorrecto que permiti\u00f3 que las conexiones permanecieran abiertas y que deber\u00edan haberse cerrado. Este problema afecta a Apache Tomcat: desde 11.0.0-M1 hasta 11.0.0-M20, desde 10.1.0-M1 hasta 10.1.24, desde 9.0.0-M1 hasta 9.0.89. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-352xx/CVE-2024-35227.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35227",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-03T18:15:05.450",
"lastModified": "2024-07-03T18:15:05.450",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability. "
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.2.3 en la rama `stable` y la versi\u00f3n 3.3.0.beta3 en la rama `tests-passed`, Oneboxing contra una URL maliciosa cuidadosamente manipulada puede reducir la disponibilidad de una instancia de Discourse. El problema se solucion\u00f3 en la versi\u00f3n 3.2.3 en la rama \"estable\" y en la versi\u00f3n 3.3.0.beta3 en la rama \"pruebas aprobadas\". No se conocen workarounds disponibles para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-352xx/CVE-2024-35234.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-35234",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-03T19:15:04.123",
"lastModified": "2024-07-03T19:15:04.123",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users\u2019 browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.2.3 en la rama \"estable\" y la versi\u00f3n 3.3.0.beta3 en la rama \"pruebas aprobadas\", un atacante pod\u00eda ejecutar JavaScript arbitrario en los navegadores de los usuarios publicando una URL espec\u00edfica que conten\u00eda metaetiquetas creadas con fines malintencionados. Este problema solo afecta a sitios con la Pol\u00edtica de seguridad de contenido (CSP) deshabilitada. El problema se solucion\u00f3 en la versi\u00f3n 3.2.3 en la rama \"estable\" y en la versi\u00f3n 3.3.0.beta3 en la rama \"pruebas aprobadas\". Como workaround, aseg\u00farese de que CSP est\u00e9 habilitado en el foro."
}
],
"metrics": {

8
CVE-2024/CVE-2024-360xx/CVE-2024-36041.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36041",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-05T02:15:10.000",
"lastModified": "2024-07-05T02:15:10.000",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory."
},
{
"lang": "es",
"value": "KSmserver en KDE Plasma Workspace (tambi\u00e9n conocido como plasma-workspace) anterior a 5.27.11.1 y 6.x anterior a 6.0.5.1 permite conexiones a trav\u00e9s de ICE basadas exclusivamente en el host, es decir, se aceptan todas las conexiones locales. Esto permite que otro usuario en la misma m\u00e1quina obtenga acceso al administrador de sesi\u00f3n, por ejemplo, use la funci\u00f3n de restauraci\u00f3n de sesi\u00f3n para ejecutar c\u00f3digo arbitrario como v\u00edctima (en el siguiente inicio) mediante el uso anterior del directorio /tmp."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-361xx/CVE-2024-36113.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36113",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-03T19:15:04.523",
"lastModified": "2024-07-03T19:15:04.523",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.2.3 en la rama `stable`, la versi\u00f3n 3.3.0.beta3 en la rama `beta` y la versi\u00f3n 3.3.0.beta4-dev en la rama `tests-passed`, un usuario del personal deshonesto pod\u00eda suspender otros usuarios del personal les impiden iniciar sesi\u00f3n en el sitio. El problema se solucion\u00f3 en la versi\u00f3n 3.2.3 en la rama `stable`, en la versi\u00f3n 3.3.0.beta3 en la rama `beta` y en la versi\u00f3n 3.3.0.beta4-dev en la rama `tests-passed`. No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-361xx/CVE-2024-36122.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36122",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-03T20:15:04.243",
"lastModified": "2024-07-03T20:15:04.243",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.2.3 en la rama \"estable\" y la versi\u00f3n 3.3.0.beta4 en las ramas \"beta\" y \"pruebas aprobadas\", los moderadores que usaban la cola de revisi\u00f3n para revisar a los usuarios pod\u00edan ver la direcci\u00f3n de correo electr\u00f3nico de un usuario incluso cuando la opci\u00f3n Permitir Los moderadores para ver las direcciones de correo electr\u00f3nico est\u00e1n deshabilitados. Este problema se solucion\u00f3 en la versi\u00f3n 3.2.3 en la rama \"estable\" y en la versi\u00f3n 3.3.0.beta4 en las ramas \"beta\" y \"pruebas aprobadas\". Como posibles workarounds, impida que los moderadores accedan a la cola de revisi\u00f3n o deshabilite la configuraci\u00f3n del sitio para aprobar usuarios sospechosos y la configuraci\u00f3n del sitio para aprobar a los usuarios para evitar que se agreguen usuarios a la cola de revisi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-36xx/CVE-2024-3638.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3638",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-04T04:15:15.767",
"lastModified": "2024-07-04T04:15:15.767",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del widget de texto de marquesina, el widget de testimonios y el control deslizante de testimonios del complemento en todas las versiones hasta la 8.3.7 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-36xx/CVE-2024-3639.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3639",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-04T04:15:16.267",
"lastModified": "2024-07-04T04:15:16.267",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Elementor Addons by Livemesh para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del widget Posts Grid del complemento en todas las versiones hasta la 8.3.7 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-371xx/CVE-2024-37157.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37157",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-03T20:15:04.573",
"lastModified": "2024-07-03T20:15:04.573",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 3.2.3 en la rama `stable` y la versi\u00f3n 3.3.0.beta4 en las ramas `beta` y `tests-passed`, un actor malintencionado pod\u00eda hacer que la librer\u00eda FastImage redirigir solicitudes a una IP interna de Discourse. Este problema se solucion\u00f3 en la versi\u00f3n 3.2.3 en la rama \"estable\" y en la versi\u00f3n 3.3.0.beta4 en las ramas \"beta\" y \"pruebas aprobadas\". No hay workarounds disponibles."
}
],
"metrics": {

8
CVE-2024/CVE-2024-374xx/CVE-2024-37471.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37471",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-04T19:15:10.417",
"lastModified": "2024-07-04T19:15:10.417",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en WofficeIO Woffice Core permite XSS Reflejado. Este problema afecta a Woffice Core: desde n/a hasta 5.4.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-374xx/CVE-2024-37472.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37472",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-04T19:15:10.610",
"lastModified": "2024-07-04T19:15:10.610",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en WofficeIO Woffice permite XSS Reflejado. Este problema afecta a Woffice: desde n/a hasta 5.4.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-374xx/CVE-2024-37474.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37474",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-04T19:15:10.790",
"lastModified": "2024-07-04T19:15:10.790",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Automattic Newspack Ads permite XSS Almacenado. Este problema afecta a Newspack Ads: desde n/a hasta 1.47.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-374xx/CVE-2024-37476.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37476",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-04T18:15:10.210",
"lastModified": "2024-07-04T18:15:10.210",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Automattic Newspack Campaigns permite XSS Almacenado. Este problema afecta a Newspack Campaigns: desde n/a hasta 2.31.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-377xx/CVE-2024-37726.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37726",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T14:15:06.120",
"lastModified": "2024-07-03T14:15:06.120",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe"
},
{
"lang": "es",
"value": "Vulnerabilidad de permisos inseguros en Micro-Star International Co., Ltd MSI Center v.2.0.36.0 permite a un atacante local escalar privilegios a trav\u00e9s de la funci\u00f3n Exportar informaci\u00f3n del sistema en MSI.CentralServer.exe"
}
],
"metrics": {},

7
CVE-2024/CVE-2024-37xx/CVE-2024-3704.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3704",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-04-12T14:15:08.743",
"lastModified": "2024-04-15T13:15:51.577",
"lastModified": "2024-07-05T13:15:10.640",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -51,6 +52,10 @@
}
],
"references": [
{
"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x",
"source": "cve-coordination@incibe.es"
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys",
"source": "cve-coordination@incibe.es"

7
CVE-2024/CVE-2024-37xx/CVE-2024-3705.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-3705",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-04-12T14:15:08.957",
"lastModified": "2024-04-15T13:15:51.577",
"lastModified": "2024-07-05T13:15:10.820",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -51,6 +52,10 @@
}
],
"references": [
{
"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x",
"source": "cve-coordination@incibe.es"
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys",
"source": "cve-coordination@incibe.es"

9
CVE-2024/CVE-2024-37xx/CVE-2024-3706.json
View File

@ -2,12 +2,13 @@
"id": "CVE-2024-3706",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-04-12T14:15:09.160",
"lastModified": "2024-04-15T13:15:51.577",
"lastModified": "2024-07-05T13:15:10.903",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": " Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored."
"value": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored."
},
{
"lang": "es",
@ -51,6 +52,10 @@
}
],
"references": [
{
"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x",
"source": "cve-coordination@incibe.es"
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys",
"source": "cve-coordination@incibe.es"

9
CVE-2024/CVE-2024-37xx/CVE-2024-3707.json
View File

@ -2,12 +2,13 @@
"id": "CVE-2024-3707",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-04-12T14:15:09.383",
"lastModified": "2024-04-15T13:15:51.577",
"lastModified": "2024-07-05T13:15:10.997",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": " Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file."
"value": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file."
},
{
"lang": "es",
@ -51,6 +52,10 @@
}
],
"references": [
{
"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x",
"source": "cve-coordination@incibe.es"
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys",
"source": "cve-coordination@incibe.es"

8
CVE-2024/CVE-2024-383xx/CVE-2024-38344.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38344",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-04T01:15:02.260",
"lastModified": "2024-07-04T01:15:02.260",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Request Forgery en las versiones de WP Tweet Walls anteriores a la 1.0.4. Si se explota esta vulnerabilidad, un atacante permite que un usuario que inicia sesi\u00f3n en el sitio de WordPress donde est\u00e1 habilitado el complemento afectado acceda a una p\u00e1gina maliciosa. Como resultado, el usuario puede realizar operaciones no deseadas en el sitio de WordPress."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-383xx/CVE-2024-38345.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38345",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-04T01:15:02.340",
"lastModified": "2024-07-04T01:15:02.340",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Request Forgery en las versiones de Sola Testimonials anteriores a la 3.0.0. Si se explota esta vulnerabilidad, un atacante permite que un usuario que inicia sesi\u00f3n en el sitio de WordPress donde est\u00e1 habilitado el complemento afectado acceda a una p\u00e1gina maliciosa. Como resultado, el usuario puede realizar operaciones no deseadas en el sitio de WordPress."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-384xx/CVE-2024-38471.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38471",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-04T01:15:02.400",
"lastModified": "2024-07-04T01:15:02.400",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi."
},
{
"lang": "es",
"value": "M\u00faltiples productos TP-LINK permiten a un atacante adyacente a la red con privilegios administrativos ejecutar comandos arbitrarios del sistema operativo mediante la restauraci\u00f3n de un archivo de copia de seguridad manipulado. El dispositivo afectado, con la configuraci\u00f3n inicial, permite iniciar sesi\u00f3n \u00fanicamente desde el puerto LAN o Wi-Fi."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-391xx/CVE-2024-39165.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39165",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T13:15:10.023",
"lastModified": "2024-07-04T13:15:10.023",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product."
},
{
"lang": "es",
"value": "QR/demoapp/qr_image.php en Asial JpGraph Professional hasta 4.2.6-pro permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una carga PHP en el par\u00e1metro de datos junto con un nombre de archivo .php en el par\u00e1metro de nombre de archivo. Esto ocurre porque con el producto se env\u00eda una carpeta QR/demoapp innecesaria."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-392xx/CVE-2024-39211.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39211",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T13:15:10.140",
"lastModified": "2024-07-04T13:15:10.140",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists."
},
{
"lang": "es",
"value": "Kaiten 57.128.8 permite a atacantes remotos enumerar cuentas de usuario a trav\u00e9s de una solicitud POST manipulada, porque una respuesta de inicio de sesi\u00f3n contiene un campo user_email s\u00f3lo si la cuenta de usuario existe."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-392xx/CVE-2024-39220.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39220",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T15:15:05.993",
"lastModified": "2024-07-03T15:15:05.993",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request."
},
{
"lang": "es",
"value": "BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE , AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA -04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD anteriores al firmware v3.9.2 permiten a atacantes autenticados leer contrase\u00f1as de cuentas SIP mediante una solicitud GET manipulada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-392xx/CVE-2024-39223.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39223",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T15:15:06.083",
"lastModified": "2024-07-03T15:15:06.083",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey"
},
{
"lang": "es",
"value": "Una omisi\u00f3n de autenticaci\u00f3n en el servicio SSH de gost v2.11.5 permite a los atacantes interceptar las comunicaciones configurando la funci\u00f3n HostKeyCallback en ssh.InsecureIgnoreHostKey"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-392xx/CVE-2024-39248.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39248",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T17:15:04.303",
"lastModified": "2024-07-03T17:15:04.303",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) en SimpCMS v0.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado en el campo T\u00edtulo en /admin.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39472.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39472",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.020",
"lastModified": "2024-07-05T07:15:10.020",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfs: corrige la asignaci\u00f3n del b\u00fafer de recuperaci\u00f3n de registros para la correcci\u00f3n heredada de h_size. El commit a70f9fe52daa (\"xfs: detecta y maneja el tama\u00f1o de iclog no v\u00e1lido establecido por mkfs\") agreg\u00f3 una correcci\u00f3n para los valores incorrectos de h_size usados para el registro desmontaje inicial en versiones antiguas de xfsprogs. Posteriormente, el commit 0c771b99d6c9 (\"xfs: c\u00e1lculo de limpieza de bloques de encabezado LR\") limpi\u00f3 el c\u00e1lculo del b\u00fafer de recuperaci\u00f3n de registros, pero dej\u00f3 de usar el valor h_size fijo para dimensionar el b\u00fafer de recuperaci\u00f3n de registros, lo que puede provocar un acceso fuera de los l\u00edmites cuando el h_size incorrecto no proviene de la antigua herramienta mkfs, sino de un fuzzer. Solucione este problema abriendo la codificaci\u00f3n xlog_logrec_hblks y teniendo en cuenta el h_size fijo para este c\u00e1lculo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39473.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39473",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.123",
"lastModified": "2024-07-05T07:15:10.123",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension\n\nIf a process module does not have base config extension then the same\nformat applies to all of it's inputs and the process->base_config_ext is\nNULL, causing NULL dereference when specifically crafted topology and\nsequences used."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: ipc4-topology: arregla la consulta de formato de entrada de m\u00f3dulos de proceso sin extensi\u00f3n base. Si un m\u00f3dulo de proceso no tiene extensi\u00f3n de configuraci\u00f3n base, entonces se aplica el mismo formato a todas sus entradas. y el proceso->base_config_ext es NULL, lo que provoca una desreferencia NULL cuando se utilizan secuencias y topolog\u00edas manipuladas espec\u00edficamente."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39474.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39474",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.190",
"lastModified": "2024-07-05T07:15:10.190",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL\n\ncommit a421ef303008 (\"mm: allow !GFP_KERNEL allocations for kvmalloc\")\nincludes support for __GFP_NOFAIL, but it presents a conflict with commit\ndd544141b9eb (\"vmalloc: back off when the current task is OOM-killed\"). A\npossible scenario is as follows:\n\nprocess-a\n__vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL)\n __vmalloc_area_node()\n vm_area_alloc_pages()\n\t\t--> oom-killer send SIGKILL to process-a\n if (fatal_signal_pending(current)) break;\n--> return NULL;\n\nTo fix this, do not check fatal_signal_pending() in vm_area_alloc_pages()\nif __GFP_NOFAIL set.\n\nThis issue occurred during OPLUS KASAN TEST. Below is part of the log\n-> oom-killer sends signal to process\n[65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198\n\n[65731.259685] [T32454] Call trace:\n[65731.259698] [T32454] dump_backtrace+0xf4/0x118\n[65731.259734] [T32454] show_stack+0x18/0x24\n[65731.259756] [T32454] dump_stack_lvl+0x60/0x7c\n[65731.259781] [T32454] dump_stack+0x18/0x38\n[65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump]\n[65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump]\n[65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc\n[65731.260047] [T32454] notify_die+0x114/0x198\n[65731.260073] [T32454] die+0xf4/0x5b4\n[65731.260098] [T32454] die_kernel_fault+0x80/0x98\n[65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8\n[65731.260146] [T32454] do_bad_area+0x68/0x148\n[65731.260174] [T32454] do_mem_abort+0x151c/0x1b34\n[65731.260204] [T32454] el1_abort+0x3c/0x5c\n[65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90\n[65731.260248] [T32454] el1h_64_sync+0x68/0x6c\n\n[65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258\n--> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL);\n\tkernel panic by NULL pointer dereference.\n\terofs assume kvmalloc with __GFP_NOFAIL never return NULL.\n[65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c\n[65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968\n[65731.260339] [T32454] read_pages+0x170/0xadc\n[65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30\n[65731.260388] [T32454] page_cache_ra_order+0x24c/0x714\n[65731.260411] [T32454] filemap_fault+0xbf0/0x1a74\n[65731.260437] [T32454] __do_fault+0xd0/0x33c\n[65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0\n[65731.260486] [T32454] do_mem_abort+0x54c/0x1b34\n[65731.260509] [T32454] el0_da+0x44/0x94\n[65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4\n[65731.260553] [T32454] el0t_64_sync+0x198/0x19c"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/vmalloc: corrige vmalloc que puede devolver nulo si se llama con __GFP_NOFAIL commit a421ef303008 (\"mm: permitir asignaciones !GFP_KERNEL para kvmalloc\") incluye soporte para __GFP_NOFAIL, pero presenta un conflicto con el commit dd544141b9eb (\"vmalloc: retroceda cuando la tarea actual sea eliminada por OOM\"). Un posible escenario es el siguiente: procesar-a __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer env\u00eda SIGKILL al proceso-a if (fatal_signal_pending(current)) break; --> devolver NULO; Para solucionar este problema, no marque fatal_signal_pending() en vm_area_alloc_pages() si __GFP_NOFAIL est\u00e1 configurado. Este problema ocurri\u00f3 durante la PRUEBA DE OPLUS KASAN. A continuaci\u00f3n se muestra parte del registro -> oom-killer env\u00eda se\u00f1al para procesar [65731.222840] [T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/ uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Rastreo de llamadas: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] pila+0x18/0x24 [65731.259756] [ T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [ T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/ 0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454 ] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); p\u00e1nico del kernel por desreferencia del puntero NULL. erofs supone que kvmalloc con __GFP_NOFAIL nunca devuelve NULL. [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] c [65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411] [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454] mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [ 65731.260509] [T32454] el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454] el0t_64_sync+0x198/0x19c"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39475.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39475",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.267",
"lastModified": "2024-07-05T07:15:10.267",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Handle err return when savagefb_check_var failed\n\nThe commit 04e5eac8f3ab(\"fbdev: savage: Error out if pixclock equals zero\")\nchecks the value of pixclock to avoid divide-by-zero error. However\nthe function savagefb_probe doesn't handle the error return of\nsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: savage: Maneja el retorno de error cuando falla savagefb_check_var. El commit 04e5eac8f3ab(\"fbdev: savage: Error out if pixclock es igual a cero\") verifica el valor de pixclock para evitar divisi\u00f3n por error cero. Sin embargo, la funci\u00f3n savagefb_probe no maneja la devoluci\u00f3n de error de savagefb_check_var. Cuando pixclock es 0, provocar\u00e1 un error de divisi\u00f3n por cero."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39476.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39476",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.340",
"lastModified": "2024-07-05T07:15:10.340",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can't issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold 'reconfig_mutex', and md_check_recovery() can't update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n'reconfig_mutex' is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when 'reconfig_mutex'\nis released. Meanwhile, the hang problem will be fixed as well."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: md/raid5: corrige el punto muerto que raid5d() espera a que se borre MD_SB_CHANGE_PENDING Xiao inform\u00f3 que la prueba lvm2 lvconvert-raid-takeover.sh puede bloquearse con una peque\u00f1a posibilidad, la causa principal es exactamente lo mismo que el commit bed9e27baf52 (\"Revertir \"md/raid5: Espere MD_SB_CHANGE_PENDING en raid5d\") Sin embargo, Dan inform\u00f3 otro bloqueo despu\u00e9s de eso, y Junxiao investig\u00f3 el problema y descubri\u00f3 que esto se debe a que la biograf\u00eda conectada no puede emitir de raid5d(). La implementaci\u00f3n actual en raid5d() tiene una dependencia extra\u00f1a: 1) md_check_recovery() de raid5d() debe mantener 'reconfig_mutex' para borrar MD_SB_CHANGE_PENDING; 2) raid5d() maneja IO en un bucle muerto, hasta que se emiten todas las IO; 3) IO de raid5d() debe esperar a que se borre MD_SB_CHANGE_PENDING; Este comportamiento se introdujo antes de v2.6 y, como consecuencia, si otro contexto contiene 'reconfig_mutex' y md_check_recovery() no puede actualizar super_block, entonces raid5d() desperdiciar\u00e1 una CPU al 100% mediante el bucle muerto, hasta que 'reconfig_mutex' sea liberado. Consulte la implementaci\u00f3n de raid1 y raid10, solucione este problema omitiendo el problema IO si MD_SB_CHANGE_PENDING todav\u00eda est\u00e1 configurado despu\u00e9s de md_check_recovery(), el hilo del daemon se activar\u00e1 cuando se publique 'reconfig_mutex'. Mientras tanto, el problema de bloqueo tambi\u00e9n se solucionar\u00e1."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39477.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39477",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.413",
"lastModified": "2024-07-05T07:15:10.413",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: do not call vma_add_reservation upon ENOMEM\n\nsysbot reported a splat [1] on __unmap_hugepage_range(). This is because\nvma_needs_reservation() can return -ENOMEM if\nallocate_file_region_entries() fails to allocate the file_region struct\nfor the reservation.\n\nCheck for that and do not call vma_add_reservation() if that is the case,\notherwise region_abort() and region_del() will see that we do not have any\nfile_regions.\n\nIf we detect that vma_needs_reservation() returned -ENOMEM, we clear the\nhugetlb_restore_reserve flag as if this reservation was still consumed, so\nfree_huge_folio() will not increment the resv count.\n\n[1] https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/T/#ma5983bc1ab18a54910da83416b3f89f3c7ee43aa"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/hugetlb: no llame a vma_add_reservation cuando ENOMEM sysbot inform\u00f3 un splat [1] en __unmap_hugepage_range(). Esto se debe a que vma_needs_reservation() puede devolver -ENOMEM si allocate_file_region_entries() no puede asignar la estructura file_region para la reserva. Verifique eso y no llame a vma_add_reservation() si ese es el caso; de lo contrario, region_abort() y region_del() ver\u00e1n que no tenemos ning\u00fan file_regions. Si detectamos que vma_needs_reservation() devolvi\u00f3 -ENOMEM, borramos el indicador hugetlb_restore_reserve como si esta reserva todav\u00eda estuviera consumida, por lo que free_huge_folio() no incrementar\u00e1 el recuento de resv. [1] https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/T/#ma5983bc1ab18a54910da83416b3f89f3c7ee43aa"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39478.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39478",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.470",
"lastModified": "2024-07-05T07:15:10.470",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Do not free stack buffer\n\nRSA text data uses variable length buffer allocated in software stack.\nCalling kfree on it causes undefined behaviour in subsequent operations."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: starfive: no liberar el b\u00fafer de pila Los datos de texto RSA utilizan un b\u00fafer de longitud variable asignado en la pila de software. Llamar a kfree provoca un comportamiento indefinido en operaciones posteriores."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39479.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39479",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.530",
"lastModified": "2024-07-05T07:15:10.530",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hwmon: Get rid of devm\n\nWhen both hwmon and hwmon drvdata (on which hwmon depends) are device\nmanaged resources, the expectation, on device unbind, is that hwmon will be\nreleased before drvdata. However, in i915 there are two separate code\npaths, which both release either drvdata or hwmon and either can be\nreleased before the other. These code paths (for device unbind) are as\nfollows (see also the bug referenced below):\n\nCall Trace:\nrelease_nodes+0x11/0x70\ndevres_release_group+0xb2/0x110\ncomponent_unbind_all+0x8d/0xa0\ncomponent_del+0xa5/0x140\nintel_pxp_tee_component_fini+0x29/0x40 [i915]\nintel_pxp_fini+0x33/0x80 [i915]\ni915_driver_remove+0x4c/0x120 [i915]\ni915_pci_remove+0x19/0x30 [i915]\npci_device_remove+0x32/0xa0\ndevice_release_driver_internal+0x19c/0x200\nunbind_store+0x9c/0xb0\n\nand\n\nCall Trace:\nrelease_nodes+0x11/0x70\ndevres_release_all+0x8a/0xc0\ndevice_unbind_cleanup+0x9/0x70\ndevice_release_driver_internal+0x1c1/0x200\nunbind_store+0x9c/0xb0\n\nThis means that in i915, if use devm, we cannot gurantee that hwmon will\nalways be released before drvdata. Which means that we have a uaf if hwmon\nsysfs is accessed when drvdata has been released but hwmon hasn't.\n\nThe only way out of this seems to be do get rid of devm_ and release/free\neverything explicitly during device unbind.\n\nv2: Change commit message and other minor code changes\nv3: Cleanup from i915_hwmon_register on error (Armin Wolf)\nv4: Eliminate potential static analyzer warning (Rodrigo)\n Eliminate fetch_and_zero (Jani)\nv5: Restore previous logic for ddat_gt->hwmon_dev error return (Andi)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915/hwmon: deshacerse de devm Cuando tanto hwmon como hwmon drvdata (del cual depende hwmon) son recursos administrados por el dispositivo, la expectativa, al desvincular el dispositivo, es que hwmon publicarse antes que drvdata. Sin embargo, en i915 hay dos rutas de c\u00f3digo independientes, que liberan drvdata o hwmon y cualquiera de ellas puede publicarse antes que la otra. Estas rutas de c\u00f3digo (para desvincular el dispositivo) son las siguientes (consulte tambi\u00e9n el error al que se hace referencia a continuaci\u00f3n): Seguimiento de llamadas: release_nodes+0x11/0x70 devres_release_group+0xb2/0x110 componente_unbind_all+0x8d/0xa0 componente_del+0xa5/0x140 intel_pxp_tee_component_fini+0x29/0x40 [i915 ] intel_pxp_fini+0x33/0x80 [i915] i915_driver_remove+0x4c/0x120 [i915] i915_pci_remove+0x19/0x30 [i915] pci_device_remove+0x32/0xa0 dispositivo_release_driver_internal+0x19c/0x200 store+0x9c/0xb0 y seguimiento de llamadas: release_nodes+0x11/0x70 devres_release_all +0x8a/0xc0 device_unbind_cleanup+0x9/0x70 device_release_driver_internal+0x1c1/0x200 unbind_store+0x9c/0xb0 Esto significa que en i915, si usa devm, no podemos garantizar que hwmon siempre se publicar\u00e1 antes que drvdata. Lo que significa que tenemos un uaf si se accede a hwmon sysfs cuando drvdata se lanz\u00f3 pero hwmon no. La \u00fanica forma de solucionar esto parece ser deshacerse de devm_ y liberar/liberar todo expl\u00edcitamente durante la desvinculaci\u00f3n del dispositivo. v2: Cambiar mensaje de confirmaci\u00f3n y otros cambios menores de c\u00f3digo v3: Limpieza de i915_hwmon_register en caso de error (Armin Wolf) v4: Eliminar posible advertencia del analizador est\u00e1tico (Rodrigo) Eliminar fetch_and_zero (Jani) v5: Restaurar la l\u00f3gica anterior para el retorno de error ddat_gt->hwmon_dev (Andi )"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39480.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39480",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.590",
"lastModified": "2024-07-05T07:15:10.590",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkdb: Fix buffer overflow during tab-complete\n\nCurrently, when the user attempts symbol completion with the Tab key, kdb\nwill use strncpy() to insert the completed symbol into the command buffer.\nUnfortunately it passes the size of the source buffer rather than the\ndestination to strncpy() with predictably horrible results. Most obviously\nif the command buffer is already full but cp, the cursor position, is in\nthe middle of the buffer, then we will write past the end of the supplied\nbuffer.\n\nFix this by replacing the dubious strncpy() calls with memmove()/memcpy()\ncalls plus explicit boundary checks to make sure we have enough space\nbefore we start moving characters around."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: kdb: corrige el desbordamiento del b\u00fafer durante la finalizaci\u00f3n de tabulaci\u00f3n Actualmente, cuando el usuario intenta completar el s\u00edmbolo con la tecla Tab, kdb usar\u00e1 strncpy() para insertar el s\u00edmbolo completado en el b\u00fafer de comando. Desafortunadamente, pasa el tama\u00f1o del b\u00fafer de origen en lugar del destino a strncpy() con resultados predeciblemente horribles. Lo m\u00e1s obvio es que si el b\u00fafer de comando ya est\u00e1 lleno pero cp, la posici\u00f3n del cursor, est\u00e1 en el medio del b\u00fafer, entonces escribiremos m\u00e1s all\u00e1 del final del b\u00fafer proporcionado. Solucione este problema reemplazando las dudosas llamadas strncpy() con llamadas memmove()/memcpy() m\u00e1s comprobaciones expl\u00edcitas de los l\u00edmites para asegurarnos de que tenemos suficiente espacio antes de comenzar a mover los personajes."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39481.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39481",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.653",
"lastModified": "2024-07-05T07:15:10.653",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mc: Fix graph walk in media_pipeline_start\n\nThe graph walk tries to follow all links, even if they are not between\npads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link.\n\nFix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINK\nlinks."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: mc: corrige el recorrido del gr\u00e1fico en media_pipeline_start El recorrido del gr\u00e1fico intenta seguir todos los enlaces, incluso si no est\u00e1n entre pads. Esto provoca un bloqueo, por ejemplo, con un enlace MEDIA_LNK_FL_ANCILLARY_LINK. Solucione este problema permitiendo que la caminata contin\u00fae solo para los enlaces MEDIA_LNK_FL_DATA_LINK."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39482.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39482",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.710",
"lastModified": "2024-07-05T08:15:03.530",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fix variable length array abuse in btree_iter\n\nbtree_iter is used in two ways: either allocated on the stack with a\nfixed size MAX_BSETS, or from a mempool with a dynamic size based on the\nspecific cache set. Previously, the struct had a fixed-length array of\nsize MAX_BSETS which was indexed out-of-bounds for the dynamically-sized\niterators, which causes UBSAN to complain.\n\nThis patch uses the same approach as in bcachefs's sort_iter and splits\nthe iterator into a btree_iter with a flexible array member and a\nbtree_iter_stack which embeds a btree_iter as well as a fixed-length\ndata array."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bcache: corrige el abuso de matriz de longitud variable en btree_iter btree_iter se usa de dos maneras: ya sea asignado en la pila con un tama\u00f1o fijo MAX_BSETS, o desde un mempool con un tama\u00f1o din\u00e1mico basado en el conjunto de cach\u00e9 espec\u00edfico. Anteriormente, la estructura ten\u00eda una matriz de longitud fija de tama\u00f1o MAX_BSETS que estaba indexada fuera de los l\u00edmites para los iteradores de tama\u00f1o din\u00e1mico, lo que provoca que UBSAN se queje. Este parche utiliza el mismo enfoque que en sort_iter de bcachefs y divide el iterador en un btree_iter con un miembro de matriz flexible y un btree_iter_stack que incorpora un btree_iter as\u00ed como una matriz de datos de longitud fija."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39483.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39483",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.767",
"lastModified": "2024-07-05T07:15:10.767",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked\n\nWhen requesting an NMI window, WARN on vNMI support being enabled if and\nonly if NMIs are actually masked, i.e. if the vCPU is already handling an\nNMI. KVM's ABI for NMIs that arrive simultanesouly (from KVM's point of\nview) is to inject one NMI and pend the other. When using vNMI, KVM pends\nthe second NMI simply by setting V_NMI_PENDING, and lets the CPU do the\nrest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected).\n\nHowever, if KVM can't immediately inject an NMI, e.g. because the vCPU is\nin an STI shadow or is running with GIF=0, then KVM will request an NMI\nwindow and trigger the WARN (but still function correctly).\n\nWhether or not the GIF=0 case makes sense is debatable, as the intent of\nKVM's behavior is to provide functionality that is as close to real\nhardware as possible. E.g. if two NMIs are sent in quick succession, the\nprobability of both NMIs arriving in an STI shadow is infinitesimally low\non real hardware, but significantly larger in a virtual environment, e.g.\nif the vCPU is preempted in the STI shadow. For GIF=0, the argument isn't\nas clear cut, because the window where two NMIs can collide is much larger\nin bare metal (though still small).\n\nThat said, KVM should not have divergent behavior for the GIF=0 case based\non whether or not vNMI support is enabled. And KVM has allowed\nsimultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400\n(\"KVM: Fix simultaneous NMIs\"). I.e. KVM's GIF=0 handling shouldn't be\nmodified without a *really* good reason to do so, and if KVM's behavior\nwere to be modified, it should be done irrespective of vNMI support."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: SVM: WARN en la ventana vNMI + NMI si los NMI est\u00e1n completamente enmascarados Al solicitar una ventana NMI, WARN en la ventana de vNMI est\u00e1 habilitado si y solo si los NMI est\u00e1n realmente enmascarados, es decir, si la vCPU ya est\u00e1 manejando una NMI. La ABI de KVM para NMI que llegan simult\u00e1neamente (desde el punto de vista de KVM) es inyectar un NMI y esperar el otro. Cuando se usa vNMI, KVM suspende el segundo NMI simplemente configurando V_NMI_PENDING y deja que la CPU haga el resto (el hardware configura autom\u00e1ticamente V_NMI_BLOCKING cuando se inyecta un NMI). Sin embargo, si KVM no puede inyectar inmediatamente una NMI, por ejemplo, porque la vCPU est\u00e1 en una sombra STI o se est\u00e1 ejecutando con GIF=0, entonces KVM solicitar\u00e1 una ventana NMI y activar\u00e1 el WARN (pero seguir\u00e1 funcionando correctamente). Es discutible si el caso GIF=0 tiene sentido o no, ya que la intenci\u00f3n del comportamiento de KVM es proporcionar una funcionalidad lo m\u00e1s cercana posible al hardware real. Por ejemplo, si se env\u00edan dos NMI en r\u00e1pida sucesi\u00f3n, la probabilidad de que ambos NMI lleguen a una sombra de STI es infinitamente baja en hardware real, pero significativamente mayor en un entorno virtual, por ejemplo, si la vCPU tiene prioridad en la sombra de STI. Para GIF=0, el argumento no es tan claro, porque la ventana donde dos NMI pueden colisionar es mucho mayor en el metal desnudo (aunque a\u00fan es peque\u00f1a). Dicho esto, KVM no deber\u00eda tener un comportamiento divergente para el caso GIF=0 en funci\u00f3n de si la compatibilidad con vNMI est\u00e1 habilitada o no. Y KVM ha permitido NMI simult\u00e1neas con GIF=0 durante m\u00e1s de una d\u00e9cada, desde el commit 7460fb4a3400 (\"KVM: Reparar NMI simult\u00e1neas\"). Es decir, el manejo de GIF=0 de KVM no debe modificarse sin una *realmente* buena raz\u00f3n para hacerlo, y si se modifica el comportamiento de KVM, debe hacerse independientemente del soporte de vNMI."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39484.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39484",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.823",
"lastModified": "2024-07-05T08:15:03.580",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci: Don't strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback being\ndiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.\nusing sysfs or hotplug), the driver is just removed without the cleanup\nbeing performed. This results in resource leaks. Fix it by compiling in the\nremove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\nWARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in\nreference: davinci_mmcsd_driver+0x10 (section: .data) ->\ndavinci_mmcsd_remove (section: .exit.text)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: davinci: no eliminar la funci\u00f3n de eliminaci\u00f3n cuando el controlador est\u00e1 integrado. El uso de __exit para la funci\u00f3n de eliminaci\u00f3n hace que la devoluci\u00f3n de llamada de eliminaci\u00f3n se descarte con CONFIG_MMC_DAVINCI=y. Cuando un dispositivo de este tipo se desvincula (por ejemplo, usando sysfs o hotplug), el controlador simplemente se elimina sin que se realice la limpieza. Esto da como resultado fugas de recursos. Solucionarlo compilando la devoluci\u00f3n de llamada de eliminaci\u00f3n incondicionalmente. Esto tambi\u00e9n corrige una advertencia de modpost W=1: ADVERTENCIA: modpost: drivers/mmc/host/davinci_mmc: falta de coincidencia de secci\u00f3n en referencia: davinci_mmcsd_driver+0x10 (secci\u00f3n: .data) -> davinci_mmcsd_remove (secci\u00f3n: .exit.text)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-394xx/CVE-2024-39485.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39485",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-05T07:15:10.890",
"lastModified": "2024-07-05T07:15:10.890",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Properly re-initialise notifier entry in unregister\n\nThe notifier_entry of a notifier is not re-initialised after unregistering\nthe notifier. This leads to dangling pointers being left there so use\nlist_del_init() to return the notifier_entry an empty list."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: v4l: async: Reinicializar correctamente la entrada del notificador al cancelar el registro Notifier_entry de un notificador no se reinicializa despu\u00e9s de cancelar el registro del notificador. Esto lleva a que se dejen punteros colgando all\u00ed, as\u00ed que use list_del_init() para devolver notifier_entry una lista vac\u00eda."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-396xx/CVE-2024-39683.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39683",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-03T20:15:04.840",
"lastModified": "2024-07-03T20:15:04.840",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent (browser). Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information (e.g. when created though the session service) were incorrectly listed exposing potentially other user's sessions. Versions 2.55.1, 2.54.5, and 2.53.8 contain a fix for the issue. There is no workaround since a patch is already available."
},
{
"lang": "es",
"value": "ZITADEL es una herramienta de infraestructura de identidad de c\u00f3digo abierto. ZITADEL brinda a los usuarios la capacidad de enumerar todas las sesiones de usuario del agente de usuario actual (navegador). A partir de la versi\u00f3n 2.53.0 y antes de las versiones 2.53.8, 2.54.5 y 2.55.1, debido a una verificaci\u00f3n faltante, las sesiones de usuario sin esa informaci\u00f3n (por ejemplo, cuando se crearon a trav\u00e9s del servicio de sesi\u00f3n) se enumeraron incorrectamente, exponiendo potencialmente las sesiones de otros usuarios. Las versiones 2.55.1, 2.54.5 y 2.53.8 contienen una soluci\u00f3n para el problema. No existe ning\u00fan workaround porque ya hay un parche disponible."
}
],
"metrics": {

8
CVE-2024/CVE-2024-398xx/CVE-2024-39844.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39844",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T17:15:04.403",
"lastModified": "2024-07-03T19:15:04.853",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK."
},
{
"lang": "es",
"value": "En ZNC anterior a 1.9.1, la ejecuci\u00f3n remota de c\u00f3digo puede ocurrir en modtcl mediante un KICK."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-398xx/CVE-2024-39884.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39884",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-04T09:15:04.237",
"lastModified": "2024-07-04T09:15:04.237",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.\u00a0 \u00a0\"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.61, which fixes this issue."
},
{
"lang": "es",
"value": "Una regresi\u00f3n en el n\u00facleo de Apache HTTP Server 2.4.60 ignora parte del uso de la configuraci\u00f3n de controladores heredada basada en el tipo de contenido. \"AddType\" y configuraciones similares, en algunas circunstancias en las que los archivos se solicitan indirectamente, dan como resultado la divulgaci\u00f3n del c\u00f3digo fuente del contenido local. Por ejemplo, los scripts PHP pueden servirse en lugar de interpretarse. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.4.61, que soluciona este problema."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-399xx/CVE-2024-39929.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39929",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T15:15:10.323",
"lastModified": "2024-07-04T15:15:10.323",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users."
},
{
"lang": "es",
"value": "Exim hasta la versi\u00f3n 4.97.1 analiza err\u00f3neamente un nombre de archivo de encabezado RFC 2231 multil\u00ednea y, por lo tanto, atacantes remotos pueden eludir un mecanismo de protecci\u00f3n de bloqueo de extensi\u00f3n $mime_filename y potencialmente entregar archivos adjuntos ejecutables a los buzones de correo de los usuarios finales."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-399xx/CVE-2024-39930.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39930",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T16:15:02.277",
"lastModified": "2024-07-04T16:15:02.277",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected."
},
{
"lang": "es",
"value": "El servidor SSH integrado de Gogs hasta la versi\u00f3n 0.13.0 permite la inyecci\u00f3n de argumentos en internal/ssh/ssh.go, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. Los atacantes autenticados pueden aprovechar esto abriendo una conexi\u00f3n SSH y enviando una solicitud env maliciosa de cadena dividida si el servidor SSH integrado est\u00e1 activado. Las instalaciones de Windows no se ven afectadas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-399xx/CVE-2024-39931.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39931",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T16:15:02.503",
"lastModified": "2024-07-04T16:15:02.503",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gogs through 0.13.0 allows deletion of internal files."
},
{
"lang": "es",
"value": "Gogs hasta 0.13.0 permite la eliminaci\u00f3n de archivos internos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-399xx/CVE-2024-39932.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39932",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T16:15:02.707",
"lastModified": "2024-07-04T16:15:02.707",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gogs through 0.13.0 allows argument injection during the previewing of changes."
},
{
"lang": "es",
"value": "Gogs hasta 0.13.0 permite la inyecci\u00f3n de argumentos durante la vista previa de los cambios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-399xx/CVE-2024-39933.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39933",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T16:15:02.900",
"lastModified": "2024-07-04T16:15:02.900",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gogs through 0.13.0 allows argument injection during the tagging of a new release."
},
{
"lang": "es",
"value": "Gogs hasta 0.13.0 permite la inyecci\u00f3n de argumentos durante el etiquetado de una nueva versi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-399xx/CVE-2024-39934.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39934",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T19:15:10.967",
"lastModified": "2024-07-04T19:15:10.967",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the \"shared holotree usage\" feature allows any user to edit any Python environment."
},
{
"lang": "es",
"value": "Robotmk anterior a 2.0.1 permite a un usuario local escalar privilegios (por ejemplo, a SYSTEM) si la configuraci\u00f3n automatizada del entorno Python est\u00e1 habilitada, porque la funci\u00f3n \"uso de holo\u00e1rbol compartido\" permite a cualquier usuario editar cualquier entorno Python."
}
],
"metrics": {

8
CVE-2024/CVE-2024-399xx/CVE-2024-39935.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39935",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T21:15:10.077",
"lastModified": "2024-07-04T21:15:10.077",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5."
},
{
"lang": "es",
"value": "jc21 NGINX Proxy Manager anterior a 2.11.3 permite la inyecci\u00f3n de comandos del sistema operativo backend/internal/certificate.js por parte de un usuario autenticado (con privilegios de administraci\u00f3n de certificados) a trav\u00e9s de entradas no confiables en la configuraci\u00f3n del proveedor de DNS. NOTA: esto no forma parte de ning\u00fan software NGINX enviado por F5."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-399xx/CVE-2024-39936.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39936",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T21:15:10.180",
"lastModified": "2024-07-04T21:15:10.180",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en HTTP2 en Qt antes de 5.15.18, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.7 y 6.6.x hasta 6.7.x antes de 6.7.3. El c\u00f3digo para tomar decisiones relevantes para la seguridad sobre una conexi\u00f3n establecida puede ejecutarse demasiado pronto, porque la se\u00f1al encrypted() a\u00fan no se ha emitido ni procesado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-399xx/CVE-2024-39937.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39937",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T22:15:02.210",
"lastModified": "2024-07-04T22:15:02.210",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files."
},
{
"lang": "es",
"value": "supOS 5.0 permite el directory traversal api/image/download?fileName=../ para leer archivos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-399xx/CVE-2024-39943.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39943",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T23:15:09.940",
"lastModified": "2024-07-04T23:15:09.940",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js)."
},
{
"lang": "es",
"value": "rejetto HFS (tambi\u00e9n conocido como servidor de archivos HTTP) 3 anterior a 0.52.10 en Linux, UNIX y macOS permite la ejecuci\u00f3n de comandos del sistema operativo por parte de usuarios remotos autenticados (si tienen permisos de carga). Esto ocurre porque se usa un shell para ejecutar df (es decir, con execSync en lugar de spawnSync en child_process en Node.js)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-39xx/CVE-2024-3904.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-3904",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-07-04T09:15:04.317",
"lastModified": "2024-07-04T09:15:04.317",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions \"05\" to \"07\" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product."
},
{
"lang": "es",
"value": "La vulnerabilidad de permisos predeterminados incorrectos en Smart Device Communication Gateway preinstalado en las versiones de firmware \"05\" a \"07\" de la serie MI5122-VW de MELIPC permite a un atacante local ejecutar c\u00f3digo arbitrario guardando un archivo malicioso en una carpeta espec\u00edfica. Como resultado, el atacante puede revelar, alterar, destruir o eliminar informaci\u00f3n del producto, o provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el producto."
}
],
"metrics": {

66
CVE-2024/CVE-2024-40xx/CVE-2024-4094.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-4094",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-18T06:15:12.360",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-05T13:41:05.103",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,68 @@
"value": "El complemento Simple Share Buttons Adder de WordPress anterior a 8.5.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como editores, realizar ataques de cross site scripting incluso cuando unfiltered_html no est\u00e1 permitido."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.5.1",
"matchCriteriaId": "28B4489B-B02B-4C9B-B16E-E8E0A7C2E8AA"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-43xx/CVE-2024-4375.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-4375",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-18T03:15:09.797",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-05T13:30:13.850",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -17,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -38,14 +59,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.9.10",
"matchCriteriaId": "77BA3015-216D-4CA4-BD97-2FE9B477FBFF"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L817",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35ead2b5-8b50-40e1-9b4a-547d97f34c4e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

50
CVE-2024/CVE-2024-55xx/CVE-2024-5541.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-5541",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-18T03:15:10.020",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-05T13:51:14.943",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -38,18 +39,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vowelweb:ibtana:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.3.3",
"matchCriteriaId": "9FEA0BD9-F720-4D79-A84A-067C06225B80"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ibtana-visual-editor/trunk/admin/settings.php#L9",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ibtana-visual-editor/trunk/dist/blocks.build.js",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e022febe-7295-493d-afa7-185f55b4d3b9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-56xx/CVE-2024-5641.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5641",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-04T08:15:01.980",
"lastModified": "2024-07-04T08:15:01.980",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ced_ocor_save_general_setting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the plugin settings, including adding stored cross-site scripting."
},
{
"lang": "es",
"value": "El complemento One Click Order Re-Order para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'ced_ocor_save_general_setting' en todas las versiones hasta la 1.1.9 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, cambien la configuraci\u00f3n del complemento, incluida la adici\u00f3n de cross-site scripting almacenado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-56xx/CVE-2024-5672.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5672",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-07-03T13:15:03.043",
"lastModified": "2024-07-04T07:15:10.927",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A high privileged remote attacker can\u00a0execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.\n"
},
{
"lang": "es",
"value": "Un atacante remoto con altos privilegios puede ejecutar comandos arbitrarios del sistema a trav\u00e9s de solicitudes GET debido a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-58xx/CVE-2024-5821.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5821",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-07-03T18:15:05.857",
"lastModified": "2024-07-03T18:15:05.857",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in stitionai/devika"
},
{
"lang": "es",
"value": "Control de acceso inadecuado en stitionai/devika"
}
],
"metrics": {

45
CVE-2024/CVE-2024-58xx/CVE-2024-5860.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-5860",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-18T04:15:11.607",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-05T13:52:14.463",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -38,14 +39,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tickera:tickera:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.5.2.9",
"matchCriteriaId": "99C481E9-98B8-48DF-B6FD-003CB1497DDA"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-58xx/CVE-2024-5887.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5887",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-07-03T18:15:06.113",
"lastModified": "2024-07-03T18:15:06.113",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in stitionai/devika"
},
{
"lang": "es",
"value": "Cross-Site Request Forgery (CSRF) en stitionai/devika"
}
],
"metrics": {

8
CVE-2024/CVE-2024-59xx/CVE-2024-5943.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-5943",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-04T12:15:03.500",
"lastModified": "2024-07-04T12:15:03.500",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for unauthenticated attackers to call local php files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Nested Pages para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.2.7 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'settingsPage' y a la falta de santizaci\u00f3n del par\u00e1metro 'tab'. Esto hace posible que atacantes no autenticados llamen a archivos php locales a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-60xx/CVE-2024-6052.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6052",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-07-03T15:15:06.223",
"lastModified": "2024-07-03T15:15:06.223",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements"
},
{
"lang": "es",
"value": "XSS almacenado en Checkmk antes de las versiones 2.3.0p8, 2.2.0p29, 2.1.0p45 y 2.0.0 (EOL) permite a los usuarios ejecutar scripts arbitrarios inyectando elementos HTML"
}
],
"metrics": {

8
CVE-2024/CVE-2024-61xx/CVE-2024-6126.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6126",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-07-03T15:15:06.470",
"lastModified": "2024-07-03T15:15:06.470",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un defecto en el paquete de la cabina. Esta falla permite que un usuario autenticado finalice cualquier proceso al habilitar la opci\u00f3n user_readenv de pam_env, lo que conduce a un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-62xx/CVE-2024-6209.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6209",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-07-05T11:15:10.080",
"lastModified": "2024-07-05T11:15:10.080",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series\n\n v <=3.08.01\n\n; MATRIX Series \n\n v<=3.08.01 allows Attacker to access files unauthorized"
},
{
"lang": "es",
"value": "Acceso no autorizado a archivos en WEB Server en ABB ASPECT - Enterprise v &lt;=3.08.01; Serie NEXUS v &lt;=3.08.01; MATRIX Series v&lt;=3.08.01 permite a un atacante acceder a archivos no autorizados"
}
],
"metrics": {

8
CVE-2024/CVE-2024-62xx/CVE-2024-6284.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6284",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2024-07-03T23:15:02.333",
"lastModified": "2024-07-03T23:15:02.333",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In https://github.com/google/nftables \u00a0IP addresses were encoded in the wrong byte order,\u00a0resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).\n\nThis issue affects:\u00a0 https://pkg.go.dev/github.com/google/nftables@v0.1.0 \n\nThe bug was fixed in the next released version:\u00a0 https://pkg.go.dev/github.com/google/nftables@v0.2.0"
},
{
"lang": "es",
"value": "En https://github.com/google/nftables, las direcciones IP se codificaron en el orden de bytes incorrecto, lo que result\u00f3 en una configuraci\u00f3n de nftables que no funciona seg\u00fan lo previsto (podr\u00eda bloquear o no las direcciones deseadas). Este problema afecta a: https://pkg.go.dev/github.com/google/nftables@v0.1.0 El error se solucion\u00f3 en la siguiente versi\u00f3n lanzada: https://pkg.go.dev/github.com/google /nftables@v0.2.0"
}
],
"metrics": {

8
CVE-2024/CVE-2024-62xx/CVE-2024-6298.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6298",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-07-05T11:15:10.617",
"lastModified": "2024-07-05T11:15:10.617",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en ABB ASPECT-Enterprise en Linux, ABB NEXUS Series en Linux, ABB MATRIX Series en Linux permite la inclusi\u00f3n remota de c\u00f3digo. Este problema afecta a ASPECT-Enterprise: hasta 3.08.01; Serie NEXUS: hasta el 3.08.01; Serie MATRIX: hasta el 3.08.01."
}
],
"metrics": {

8
CVE-2024/CVE-2024-63xx/CVE-2024-6318.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6318",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-04T09:15:04.653",
"lastModified": "2024-07-04T09:15:04.653",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_img_file' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible."
},
{
"lang": "es",
"value": "El complemento IMGspider para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'upload_img_file' en todas las versiones hasta la 2.3.10 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-63xx/CVE-2024-6319.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6319",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-04T09:15:05.087",
"lastModified": "2024-07-04T09:15:05.087",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible."
},
{
"lang": "es",
"value": "El complemento IMGspider para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'cargar' en todas las versiones hasta la 2.3.10 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-63xx/CVE-2024-6383.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6383",
"sourceIdentifier": "cna@mongodb.com",
"published": "2024-07-03T22:15:03.240",
"lastModified": "2024-07-03T22:15:03.240",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1"
},
{
"lang": "es",
"value": "La funci\u00f3n bson_string_append en MongoDB C Driver puede ser vulnerable a un desbordamiento del b\u00fafer donde la funci\u00f3n podr\u00eda intentar asignar un b\u00fafer demasiado peque\u00f1o y puede provocar da\u00f1os en la memoria del mont\u00f3n vecino. Este problema afecta a las versiones de Libbson anteriores a la 1.27.1."
}
],
"metrics": {

4
CVE-2024/CVE-2024-64xx/CVE-2024-6434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6434",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-04T09:15:05.410",
"lastModified": "2024-07-04T09:15:05.410",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-64xx/CVE-2024-6470.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6470",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-03T13:15:03.703",
"lastModified": "2024-07-03T13:15:03.703",
"vulnStatus": "Received",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php?app=main&inc=feature_inboxgroup&op=list of the component Template Handler. The manipulation of the argument Receiver Number with the input {{`id`}} leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-270278 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en playSMS 1.4.3. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /index.php?app=main&amp;inc=feature_inboxgroup&amp;op=list del componente Template Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento N\u00famero de receptor con la entrada {{`id`}} conduce a la inyecci\u00f3n. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-270278 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More