admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-08T21:00:20.824687+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-08 21:03:24 +00:00
parent a3a5c5d6fb
commit fe139feb88
278 changed files with 5252 additions and 1009 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2019/CVE-2019-204xx/CVE-2019-20457.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-20457", "id": "CVE-2019-20457",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.083", "published": "2024-11-07T18:15:15.083",
"lastModified": "2024-11-08T17:35:00.873", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2019/CVE-2019-204xx/CVE-2019-20458.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-20458", "id": "CVE-2019-20458",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.170", "published": "2024-11-07T18:15:15.170",
"lastModified": "2024-11-08T17:35:01.933", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2019/CVE-2019-204xx/CVE-2019-20459.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-20459", "id": "CVE-2019-20459",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.227", "published": "2024-11-07T18:15:15.227",
"lastModified": "2024-11-08T17:35:03.013", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2019/CVE-2019-204xx/CVE-2019-20460.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-20460", "id": "CVE-2019-20460",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T21:15:05.300", "published": "2024-11-07T21:15:05.300",
"lastModified": "2024-11-08T17:35:03.290", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2019/CVE-2019-204xx/CVE-2019-20461.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-20461", "id": "CVE-2019-20461",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T21:15:05.400", "published": "2024-11-07T21:15:05.400",
"lastModified": "2024-11-08T17:35:04.320", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

8
CVE-2019/CVE-2019-204xx/CVE-2019-20462.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2019-20462", "id": "CVE-2019-20462",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T21:15:05.470", "published": "2024-11-07T21:15:05.470",
"lastModified": "2024-11-07T21:15:05.470", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used." "value": "An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Alecto IVM-100 2019-11-12. El dispositivo viene con una interfaz serial a nivel de placa. Al conectarlo a esta interfaz serial y reiniciar el dispositivo, se revela una gran cantidad de informaci\u00f3n. Esto incluye la contrase\u00f1a de visualizaci\u00f3n y la contrase\u00f1a del punto de acceso wifi que utiliz\u00f3 el dispositivo."
} }
], ],
"metrics": {}, "metrics": {},

4
CVE-2019/CVE-2019-204xx/CVE-2019-20469.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-20469", "id": "CVE-2019-20469",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T21:15:05.540", "published": "2024-11-07T21:15:05.540",
"lastModified": "2024-11-08T17:35:05.247", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2019/CVE-2019-204xx/CVE-2019-20472.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-20472", "id": "CVE-2019-20472",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T21:15:05.610", "published": "2024-11-07T21:15:05.610",
"lastModified": "2024-11-08T17:35:06.070", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

61
CVE-2020/CVE-2020-118xx/CVE-2020-11859.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2020-11859", "id": "CVE-2020-11859",
"sourceIdentifier": "security@opentext.com", "sourceIdentifier": "security@opentext.com",
"published": "2024-11-06T14:15:04.963", "published": "2024-11-06T14:15:04.963",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T19:12:22.900",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS).\u00a0This issue affects iManager before 3.2.3" "value": "Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS).\u00a0This issue affects iManager before 3.2.3"
},
{
"lang": "es",
"value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en OpenText iManager permite la ejecuci\u00f3n de cross-site scripting (XSS). Este problema afecta a iManager antes de la versi\u00f3n 3.2.3"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "security@opentext.com", "source": "security@opentext.com",
"type": "Secondary", "type": "Secondary",
@ -36,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "security@opentext.com", "source": "security@opentext.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +81,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:imanager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.3",
"matchCriteriaId": "070D8CF3-3C6D-4436-A8CB-74C206F80FCD"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.netiq.com/documentation/imanager-32/imanager323_releasenotes/data/imanager323_releasenotes.html", "url": "https://www.netiq.com/documentation/imanager-32/imanager323_releasenotes/data/imanager323_releasenotes.html",
"source": "security@opentext.com" "source": "security@opentext.com",
"tags": [
"Release Notes"
]
} }
] ]
} }

8
CVE-2020/CVE-2020-119xx/CVE-2020-11916.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-11916", "id": "CVE-2020-11916",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.310", "published": "2024-11-07T18:15:15.310",
"lastModified": "2024-11-07T21:35:02.117", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased." "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Siime Eye 14.1.00000001.3.330.0.0.3.14. La contrase\u00f1a del usuario root se codifica mediante una t\u00e9cnica de codificaci\u00f3n antigua y obsoleta. Debido a esta codificaci\u00f3n obsoleta, la probabilidad de \u00e9xito de un atacante en un ataque de pirater\u00eda sin conexi\u00f3n aumenta considerablemente."
} }
], ],
"metrics": { "metrics": {

8
CVE-2020/CVE-2020-119xx/CVE-2020-11917.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-11917", "id": "CVE-2020-11917",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.370", "published": "2024-11-07T18:15:15.370",
"lastModified": "2024-11-07T21:35:03.053", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)" "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Siime Eye 14.1.00000001.3.330.0.0.3.14. Utiliza un valor SSID predeterminado, lo que facilita que los atacantes remotos descubran las ubicaciones f\u00edsicas de muchos dispositivos Siime Eye, violando la privacidad de los usuarios que no desean revelar su propiedad de este tipo de dispositivo. (Se pueden usar varios recursos como wigle.net para asignar SSID a ubicaciones f\u00edsicas)."
} }
], ],
"metrics": { "metrics": {

8
CVE-2020/CVE-2020-119xx/CVE-2020-11918.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-11918", "id": "CVE-2020-11918",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.450", "published": "2024-11-07T18:15:15.450",
"lastModified": "2024-11-07T21:35:03.867", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file." "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Siime Eye 14.1.00000001.3.330.0.0.3.14. Cuando se crea un archivo de copia de seguridad a trav\u00e9s de la interfaz web, la informaci\u00f3n sobre todos los usuarios, incluidas las contrase\u00f1as, se puede encontrar en texto plano en el archivo de copia de seguridad. Un atacante capaz de acceder a la interfaz web puede crear el archivo de copia de seguridad."
} }
], ],
"metrics": { "metrics": {

8
CVE-2020/CVE-2020-119xx/CVE-2020-11919.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2020-11919", "id": "CVE-2020-11919",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.517", "published": "2024-11-07T18:15:15.517",
"lastModified": "2024-11-07T21:35:04.650", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection." "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Siime Eye 14.1.00000001.3.330.0.0.3.14. No hay protecci\u00f3n CSRF."
} }
], ],
"metrics": { "metrics": {

4
CVE-2020/CVE-2020-119xx/CVE-2020-11921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-11921", "id": "CVE-2020-11921",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.590", "published": "2024-11-07T18:15:15.590",
"lastModified": "2024-11-08T17:35:06.297", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2020/CVE-2020-119xx/CVE-2020-11926.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-11926", "id": "CVE-2020-11926",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.667", "published": "2024-11-07T18:15:15.667",
"lastModified": "2024-11-08T17:35:07.130", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2020/CVE-2020-80xx/CVE-2020-8007.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-8007", "id": "CVE-2020-8007",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T05:15:05.300", "published": "2024-11-08T05:15:05.300",
"lastModified": "2024-11-08T16:35:03.883", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2023/CVE-2023-19xx/CVE-2023-1932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1932", "id": "CVE-2023-1932",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2024-11-07T10:15:04.507", "published": "2024-11-07T10:15:04.507",
"lastModified": "2024-11-07T14:35:02.567", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

8
CVE-2023/CVE-2023-19xx/CVE-2023-1973.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-1973", "id": "CVE-2023-1973",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2024-11-07T10:15:05.400", "published": "2024-11-07T10:15:05.400",
"lastModified": "2024-11-07T10:15:05.400", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory." "value": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el paquete Undertow. Mediante el uso de FormAuthenticationMechanism, un usuario malintencionado podr\u00eda provocar una denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes manipuladas, lo que provocar\u00eda un error de falta de memoria en el servidor y agotar\u00eda su memoria."
} }
], ],
"metrics": { "metrics": {

4
CVE-2023/CVE-2023-271xx/CVE-2023-27195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27195", "id": "CVE-2023-27195",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T05:15:05.570", "published": "2024-11-08T05:15:05.570",
"lastModified": "2024-11-08T15:35:00.963", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

8
CVE-2024/CVE-2024-100xx/CVE-2024-10007.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10007", "id": "CVE-2024-10007",
"sourceIdentifier": "product-cna@github.com", "sourceIdentifier": "product-cna@github.com",
"published": "2024-11-07T21:15:06.193", "published": "2024-11-07T21:15:06.193",
"lastModified": "2024-11-07T23:15:03.350", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program." "value": "A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de colisi\u00f3n de rutas y ejecuci\u00f3n de c\u00f3digo arbitrario en GitHub Enterprise Server que permit\u00eda que el escape de contenedores escalara a la ra\u00edz a trav\u00e9s de la ruta ghe-firejail. La explotaci\u00f3n de esta vulnerabilidad requiere acceso de administrador de la empresa a la instancia de GitHub Enterprise Server. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise anteriores a la 3.15 y se corrigi\u00f3 en las versiones 3.14.3, 3.13.6, 3.12.11 y 3.11.17. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa de recompensas por errores de GitHub."
} }
], ],
"metrics": { "metrics": {

4
CVE-2024/CVE-2024-100xx/CVE-2024-10027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10027", "id": "CVE-2024-10027",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-07T06:15:13.930", "published": "2024-11-07T06:15:13.930",
"lastModified": "2024-11-07T17:35:09.033", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

63
CVE-2024/CVE-2024-101xx/CVE-2024-10168.json
View File

@ -2,20 +2,44 @@
"id": "CVE-2024-10168", "id": "CVE-2024-10168",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-11-06T12:15:03.400", "published": "2024-11-06T12:15:03.400",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T20:27:34.360",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." "value": "The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Active Products Tables para WooCommerce. Use el constructor para crear tablas para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado woot_button del complemento en todas las versiones hasta la 1.0.6.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "security@wordfence.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -47,18 +71,45 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.6.5",
"matchCriteriaId": "D2B28CF8-C4B8-4710-A379-03877973FD14"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3182136/", "url": "https://plugins.trac.wordpress.org/changeset/3182136/",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://wordpress.org/plugins/profit-products-tables-for-woocommerce/#developers", "url": "https://wordpress.org/plugins/profit-products-tables-for-woocommerce/#developers",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

63
CVE-2024/CVE-2024-101xx/CVE-2024-10186.json
View File

@ -2,20 +2,44 @@
"id": "CVE-2024-10186", "id": "CVE-2024-10186",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-11-06T13:15:03.163", "published": "2024-11-06T13:15:03.163",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T19:21:48.357",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." "value": "The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Event post para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado events_cal del complemento en todas las versiones hasta la 5.9.6 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "security@wordfence.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -47,18 +71,45 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avecnous:event_post:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.9.7",
"matchCriteriaId": "200E5297-341A-4BBA-AD63-26F37E7DA840"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3182549/", "url": "https://plugins.trac.wordpress.org/changeset/3182549/",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://wordpress.org/plugins/event-post/#developers", "url": "https://wordpress.org/plugins/event-post/#developers",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae1c32-18a7-4109-a7ea-dfd18fa3a8e2?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae1c32-18a7-4109-a7ea-dfd18fa3a8e2?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

8
CVE-2024/CVE-2024-101xx/CVE-2024-10187.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10187", "id": "CVE-2024-10187",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-11-08T10:15:03.837", "published": "2024-11-08T10:15:03.837",
"lastModified": "2024-11-08T10:15:03.837", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." "value": "The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento myCred \u2013 Loyalty Points and Rewards para WordPress y WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce prizes, and WooCommerce credits for Gamification para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto mycred_link del complemento en todas las versiones hasta la 2.7.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-102xx/CVE-2024-10203.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10203", "id": "CVE-2024-10203",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-11-07T10:15:05.663", "published": "2024-11-07T10:15:05.663",
"lastModified": "2024-11-07T10:15:05.663", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines." "value": "Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines."
},
{
"lang": "es",
"value": "Las versiones 11.3.2416.21 y anteriores, 11.3.2428.9 y anteriores de Zohocorp ManageEngine EndPoint Central son vulnerables a la eliminaci\u00f3n arbitraria de archivos en las m\u00e1quinas instaladas por el agente."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-102xx/CVE-2024-10269.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10269", "id": "CVE-2024-10269",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-11-08T07:15:05.487", "published": "2024-11-08T07:15:05.487",
"lastModified": "2024-11-08T07:15:05.487", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." "value": "The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
},
{
"lang": "es",
"value": "El complemento Easy SVG Support para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de las cargas de archivos SVG de la API REST en todas las versiones hasta la 3.7 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG."
} }
], ],
"metrics": { "metrics": {

106
CVE-2024/CVE-2024-103xx/CVE-2024-10318.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10318", "id": "CVE-2024-10318",
"sourceIdentifier": "f5sirt@f5.com", "sourceIdentifier": "f5sirt@f5.com",
"published": "2024-11-06T17:15:13.680", "published": "2024-11-06T17:15:13.680",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T19:51:49.380",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session." "value": "A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de fijaci\u00f3n de sesi\u00f3n en la implementaci\u00f3n de referencia de NGINX OpenID Connect, donde no se verificaba un nonce en el momento de iniciar sesi\u00f3n. Esta falla permite que un atacante fije la sesi\u00f3n de una v\u00edctima a una cuenta controlada por el atacante. Como resultado, aunque el atacante no puede iniciar sesi\u00f3n como la v\u00edctima, puede forzar la sesi\u00f3n para asociarla con la cuenta controlada por el atacante, lo que lleva a un posible uso indebido de la sesi\u00f3n de la v\u00edctima."
} }
], ],
"metrics": { "metrics": {
@ -57,6 +61,26 @@
} }
], ],
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{ {
"source": "f5sirt@f5.com", "source": "f5sirt@f5.com",
"type": "Secondary", "type": "Secondary",
@ -80,6 +104,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
},
{ {
"source": "f5sirt@f5.com", "source": "f5sirt@f5.com",
"type": "Secondary", "type": "Secondary",
@ -91,10 +125,76 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:nginx_api_connectivity_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.3.0",
"versionEndExcluding": "1.9.3",
"matchCriteriaId": "E624284B-CE82-453E-826A-9EE55A23EABB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.12.5",
"matchCriteriaId": "DA2D8A1D-8D1C-40AD-BF77-72CC7154DB42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.1",
"versionEndIncluding": "2.4.2",
"matchCriteriaId": "952208F5-8190-43A7-9C76-BE013518C475"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.7.1",
"matchCriteriaId": "46CB1DD5-4B6F-41A4-8A34-9C6C595081A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.5.0",
"versionEndExcluding": "2.17.4",
"matchCriteriaId": "1198CC09-9CEE-4695-BB75-8BA04735E653"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:nginx_openid_connect:*:*:*:*:*:nginx_plus:*:*",
"versionEndExcluding": "2024-10-24",
"matchCriteriaId": "55029B4C-3E0B-4159-8422-CE0AB7C1138C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://my.f5.com/manage/s/article/K000148232", "url": "https://my.f5.com/manage/s/article/K000148232",
"source": "f5sirt@f5.com" "source": "f5sirt@f5.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
} }
] ]
} }

8
CVE-2024/CVE-2024-103xx/CVE-2024-10325.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10325", "id": "CVE-2024-10325",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-11-08T12:15:14.380", "published": "2024-11-08T12:15:14.380",
"lastModified": "2024-11-08T12:15:14.380", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." "value": "The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
},
{
"lang": "es",
"value": "El complemento Elementor Header & Footer Builder para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de las cargas de archivos SVG de la API REST en todas las versiones hasta la 1.6.45 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, inyecten secuencias de comandos web arbitrarias en las p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG."
} }
], ],
"metrics": { "metrics": {

4
CVE-2024/CVE-2024-105xx/CVE-2024-10526.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10526", "id": "CVE-2024-10526",
"sourceIdentifier": "cve@rapid7.com", "sourceIdentifier": "cve@rapid7.com",
"published": "2024-11-07T11:15:03.973", "published": "2024-11-07T11:15:03.973",
"lastModified": "2024-11-07T11:15:03.973", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

8
CVE-2024/CVE-2024-106xx/CVE-2024-10621.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10621", "id": "CVE-2024-10621",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-11-08T06:15:13.913", "published": "2024-11-08T06:15:13.913",
"lastModified": "2024-11-08T06:15:13.913", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." "value": "The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Simple Shortcode for Google Maps para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto pw_map del complemento en todas las versiones hasta la 1.5.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-106xx/CVE-2024-10668.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10668", "id": "CVE-2024-10668",
"sourceIdentifier": "cve-coordination@google.com", "sourceIdentifier": "cve-coordination@google.com",
"published": "2024-11-07T16:15:16.923", "published": "2024-11-07T16:15:16.923",
"lastModified": "2024-11-07T16:15:16.923", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u00a0Quick Share Windows v1.0.2002.2" "value": "There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim.\u00a0The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit\u00a05d8b9156e0c339d82d3dab0849187e8819ad92c0 or\u00a0Quick Share Windows v1.0.2002.2"
},
{
"lang": "es",
"value": "Existe una omisi\u00f3n de autenticaci\u00f3n en Google Quickshare mediante la cual un atacante puede cargar un tipo de archivo desconocido a una v\u00edctima. La causa principal de la vulnerabilidad radica en el hecho de que cuando se env\u00eda un frame de transferencia de payload de tipo FILE a Quick Share, el archivo que est\u00e1 contenido en este frame se escribe en el disco en la carpeta Descargas. Quickshare normalmente elimina archivos desconocidos, sin embargo, un atacante puede enviar dos frames de transferencia de payload de tipo FILE y el mismo ID de payload. La l\u00f3gica de eliminaci\u00f3n solo eliminar\u00e1 el primer archivo y no el segundo. Recomendamos actualizar la versi\u00f3n anterior a el commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 o Quick Share Windows v1.0.2002.2"
} }
], ],
"metrics": { "metrics": {

58
CVE-2024/CVE-2024-107xx/CVE-2024-10715.json
View File

@ -2,20 +2,44 @@
"id": "CVE-2024-10715", "id": "CVE-2024-10715",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-11-06T11:15:03.353", "published": "2024-11-06T11:15:03.353",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T20:25:37.380",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." "value": "The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento MapPress Maps for WordPress para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del bloque Map del complemento en todas las versiones hasta la 2.94.1 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "security@wordfence.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -47,14 +71,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mappresspro:mappress:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.94.2",
"matchCriteriaId": "A9E0327F-A277-4109-ACDE-DDB7EFF491AA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3180900/mappress-google-maps-for-wordpress", "url": "https://plugins.trac.wordpress.org/changeset/3180900/mappress-google-maps-for-wordpress",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d966924-aeab-4397-9555-78291af70efe?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d966924-aeab-4397-9555-78291af70efe?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

8
CVE-2024/CVE-2024-108xx/CVE-2024-10824.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10824", "id": "CVE-2024-10824",
"sourceIdentifier": "product-cna@github.com", "sourceIdentifier": "product-cna@github.com",
"published": "2024-11-07T22:15:20.450", "published": "2024-11-07T22:15:20.450",
"lastModified": "2024-11-07T22:15:20.450", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2." "value": "An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n en GitHub Enterprise Server que permit\u00eda a usuarios internos no autorizados acceder a datos confidenciales de alertas de escaneo de secretos destinados \u00fanicamente a propietarios de empresas. Este problema solo lo pod\u00edan aprovechar los miembros de la organizaci\u00f3n con un token de acceso personal (PAT) y requer\u00eda que el escaneo de secretos estuviera habilitado en los repositorios propiedad del usuario. Esta vulnerabilidad afect\u00f3 a las versiones de GitHub Enterprise Server posteriores a la 3.13.0 pero anteriores a la 3.14.0 y se solucion\u00f3 en la versi\u00f3n 3.13.2."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-108xx/CVE-2024-10839.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10839", "id": "CVE-2024-10839",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-11-08T11:15:03.603", "published": "2024-11-08T11:15:03.603",
"lastModified": "2024-11-08T11:15:03.603", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Zohocorp ManageEngine SharePoint Manager Plus versions\u00a04503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option." "value": "Zohocorp ManageEngine SharePoint Manager Plus versions\u00a04503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option."
},
{
"lang": "es",
"value": "Las versiones 4503 y anteriores de Zohocorp ManageEngine SharePoint Manager Plus son vulnerables a la entidad externa XML autenticada (XXE) en la opci\u00f3n de administraci\u00f3n."
} }
], ],
"metrics": { "metrics": {

165
CVE-2024/CVE-2024-109xx/CVE-2024-10914.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10914", "id": "CVE-2024-10914",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T14:15:05.310", "published": "2024-11-06T14:15:05.310",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T19:53:04.793",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en los sistemas DNS-320, DNS-320LW, DNS-325 y DNS-340L de D-Link hasta 20241028. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n cgi_user_add del archivo /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. La manipulaci\u00f3n del nombre del argumento provoca la inyecci\u00f3n de comandos en el sistema operativo. El ataque se puede lanzar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece ser dif\u00edcil. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {
@ -57,6 +61,26 @@
} }
], ],
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Secondary", "type": "Secondary",
@ -124,26 +148,153 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9EF6EB-E5C9-4FE5-9C10-DF206851B226"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EDFB59-D39F-4BE6-99F4-3CFA32F1DFD0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45467ABC-BAA9-4EB0-9F97-92E31854CA8B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE94B910-8C2C-43FE-84A2-43E36C1B77F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8042169D-D9FA-4BD6-90D1-E0DE269E42B9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1D7741-D299-4CEF-9053-B90C0D2E0B0D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0646B20C-5642-4CEA-A96C-7E82AD94A281"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07?pvs=4", "url": "https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07?pvs=4",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.283309", "url": "https://vuldb.com/?ctiid.283309",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.283309", "url": "https://vuldb.com/?id.283309",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?submit.432847", "url": "https://vuldb.com/?submit.432847",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.dlink.com/", "url": "https://www.dlink.com/",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Product"
]
} }
] ]
} }

179
CVE-2024/CVE-2024-109xx/CVE-2024-10915.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10915", "id": "CVE-2024-10915",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T14:15:05.783", "published": "2024-11-06T14:15:05.783",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T20:11:10.973",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en los sistemas DNS-320, DNS-320LW, DNS-325 y DNS-340L de D-Link hasta 20241028. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n cgi_user_add del archivo /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. La manipulaci\u00f3n del grupo de argumentos provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que su explotaci\u00f3n es dif\u00edcil. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {
@ -57,6 +61,26 @@
} }
], ],
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Secondary", "type": "Secondary",
@ -106,8 +130,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -124,26 +158,155 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9EF6EB-E5C9-4FE5-9C10-DF206851B226"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EDFB59-D39F-4BE6-99F4-3CFA32F1DFD0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45467ABC-BAA9-4EB0-9F97-92E31854CA8B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE94B910-8C2C-43FE-84A2-43E36C1B77F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8042169D-D9FA-4BD6-90D1-E0DE269E42B9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1D7741-D299-4CEF-9053-B90C0D2E0B0D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0646B20C-5642-4CEA-A96C-7E82AD94A281"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://netsecfish.notion.site/Command-Injection-Vulnerability-in-group-parameter-for-D-Link-NAS-12d6b683e67c803fa1a0c0d236c9a4c5?pvs=4", "url": "https://netsecfish.notion.site/Command-Injection-Vulnerability-in-group-parameter-for-D-Link-NAS-12d6b683e67c803fa1a0c0d236c9a4c5?pvs=4",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.283310", "url": "https://vuldb.com/?ctiid.283310",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.283310", "url": "https://vuldb.com/?id.283310",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.432848", "url": "https://vuldb.com/?submit.432848",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://www.dlink.com/", "url": "https://www.dlink.com/",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Product"
]
} }
] ]
} }

176
CVE-2024/CVE-2024-109xx/CVE-2024-10916.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10916", "id": "CVE-2024-10916",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T15:15:12.123", "published": "2024-11-06T15:15:12.123",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T20:11:37.567",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en D-Link DNS-320, DNS-320LW, DNS-325 y DNS-340L hasta 20241028. Afecta a una parte desconocida del archivo /xml/info.xml del componente HTTP GET Request Handler. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {
@ -57,6 +61,26 @@
} }
], ],
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Secondary", "type": "Secondary",
@ -106,8 +130,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -120,26 +154,152 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9EF6EB-E5C9-4FE5-9C10-DF206851B226"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EDFB59-D39F-4BE6-99F4-3CFA32F1DFD0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45467ABC-BAA9-4EB0-9F97-92E31854CA8B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE94B910-8C2C-43FE-84A2-43E36C1B77F8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8042169D-D9FA-4BD6-90D1-E0DE269E42B9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1D7741-D299-4CEF-9053-B90C0D2E0B0D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0646B20C-5642-4CEA-A96C-7E82AD94A281"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4", "url": "https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.283311", "url": "https://vuldb.com/?ctiid.283311",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.283311", "url": "https://vuldb.com/?id.283311",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?submit.432849", "url": "https://vuldb.com/?submit.432849",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.dlink.com/", "url": "https://www.dlink.com/",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Product"
]
} }
] ]
} }

8
CVE-2024/CVE-2024-109xx/CVE-2024-10922.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10922", "id": "CVE-2024-10922",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-11-07T02:15:02.847", "published": "2024-11-07T02:15:02.847",
"lastModified": "2024-11-07T02:15:02.847", "lastModified": "2024-11-08T19:01:25.633",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." "value": "The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Featured Posts Scroll para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.25 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de un nonce en una funci\u00f3n. Esto permite que atacantes no autenticados actualicen configuraciones e inyecten scripts web maliciosos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador de un sitio para que realice una acci\u00f3n como hacer clic en un enlace."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10926.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10926", "id": "CVE-2024-10926",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T21:15:04.927", "published": "2024-11-06T21:15:04.927",
"lastModified": "2024-11-06T21:15:04.927", "lastModified": "2024-11-08T19:01:25.633",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." "value": "A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en IBPhoenix ibWebAdmin hasta la versi\u00f3n 1.0.2 y se ha clasificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /toggle_fold_panel.php del componente Tabelas Section. La manipulaci\u00f3n del argumento p conduce a cross-site scripting. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10927.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10927", "id": "CVE-2024-10927",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T23:15:03.623", "published": "2024-11-06T23:15:03.623",
"lastModified": "2024-11-06T23:15:03.623", "lastModified": "2024-11-08T19:01:25.633",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." "value": "A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en MonoCMS hasta 20240528. Se ha clasificado como problem\u00e1tica. Se trata de una funci\u00f3n desconocida del archivo /monofiles/account.php del componente Account Information Page. La manipulaci\u00f3n del argumento userid provoca cross-site scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10928", "id": "CVE-2024-10928",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T23:15:04.007", "published": "2024-11-06T23:15:04.007",
"lastModified": "2024-11-06T23:15:04.007", "lastModified": "2024-11-08T19:01:25.633",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [ "cveTags": [
{ {
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
@ -16,6 +16,10 @@
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." "value": "A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en MonoCMS hasta 20240528. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /monofiles/opensaved.php del componente Posts Page. La manipulaci\u00f3n del argumento filtcategory/filtstatus provoca cross-site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10941.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10941", "id": "CVE-2024-10941",
"sourceIdentifier": "security@mozilla.org", "sourceIdentifier": "security@mozilla.org",
"published": "2024-11-06T21:15:05.213", "published": "2024-11-06T21:15:05.213",
"lastModified": "2024-11-06T21:15:05.213", "lastModified": "2024-11-08T19:01:25.633",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126." "value": "A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126."
},
{
"lang": "es",
"value": "Un sitio web malicioso podr\u00eda haber incluido un iframe con una URL mal formada, lo que provoc\u00f3 un bloqueo del navegador que no se pod\u00eda explotar. Esta vulnerabilidad afecta a Firefox anterior a la versi\u00f3n 126."
} }
], ],
"metrics": {}, "metrics": {},

8
CVE-2024/CVE-2024-109xx/CVE-2024-10946.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10946", "id": "CVE-2024-10946",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-07T04:15:03.277", "published": "2024-11-07T04:15:03.277",
"lastModified": "2024-11-07T04:15:03.277", "lastModified": "2024-11-08T19:01:25.633",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file /interlib/admin/SysLib?cmdACT=inputLIBCODE&mod=batchXSL&xsl=editLIBCODE.xsl&libcodes=&ROWID=. The manipulation of the argument sql leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." "value": "A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file /interlib/admin/SysLib?cmdACT=inputLIBCODE&mod=batchXSL&xsl=editLIBCODE.xsl&libcodes=&ROWID=. The manipulation of the argument sql leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System hasta la versi\u00f3n 2.0.1. Afecta a una parte desconocida del archivo /interlib/admin/SysLib?cmdACT=inputLIBCODE&amp;mod=batchXSL&amp;xsl=editLIBCODE.xsl&amp;libcodes=&amp;ROWID=. La manipulaci\u00f3n del argumento sql provoca una inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10947.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10947", "id": "CVE-2024-10947",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-07T04:15:03.590", "published": "2024-11-07T04:15:03.590",
"lastModified": "2024-11-07T04:15:03.590", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl. The manipulation of the argument bookrecno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." "value": "A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl. The manipulation of the argument bookrecno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System hasta la versi\u00f3n 2.0.1. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /interlib/order/BatchOrder?cmdACT=admin_order&amp;xsl=adminOrder_OrderList.xsl. La manipulaci\u00f3n del argumento bookrecno conduce a una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10963.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10963", "id": "CVE-2024-10963",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2024-11-07T16:15:17.150", "published": "2024-11-07T16:15:17.150",
"lastModified": "2024-11-08T07:15:06.500", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control." "value": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en pam_access debido al manejo inadecuado de tokens en access.conf, interpretados como nombres de host. Esta falla permite a los atacantes eludir las restricciones de acceso falsificando nombres de host, lo que debilita las configuraciones dise\u00f1adas para limitar el acceso a TTY o servicios espec\u00edficos. La falla plantea un riesgo en entornos que dependen de estas configuraciones para el control de acceso local."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10964.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10964", "id": "CVE-2024-10964",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-07T17:15:06.500", "published": "2024-11-07T17:15:06.500",
"lastModified": "2024-11-07T17:15:06.500", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue." "value": "A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en emqx neuron hasta la versi\u00f3n 2.10.0. Se ve afectada la funci\u00f3n handle_add_plugin de la librer\u00eda cmd.library del archivo plugins/restful/plugin_handle.c. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. Es posible lanzar el ataque de forma remota. Se recomienda aplicar un parche para solucionar este problema."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10965.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10965", "id": "CVE-2024-10965",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-07T17:15:06.890", "published": "2024-11-07T17:15:06.890",
"lastModified": "2024-11-07T17:15:06.890", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue." "value": "A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en emqx neuron hasta la versi\u00f3n 2.10.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /api/v2/schema del componente JSON File Handler. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque se puede lanzar de forma remota. El parche se llama c9ce39747e0372aaa2157b2b56174914a12c06d8. Se recomienda aplicar un parche para solucionar este problema."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10966.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10966", "id": "CVE-2024-10966",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-07T18:15:16.033", "published": "2024-11-07T18:15:16.033",
"lastModified": "2024-11-07T18:15:16.033", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en TOTOLINK X18 9.1.0cu.2024_B20220329. Este problema afecta a algunas funciones desconocidas del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento enable provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10967.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10967", "id": "CVE-2024-10967",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-07T18:15:16.393", "published": "2024-11-07T18:15:16.393",
"lastModified": "2024-11-07T18:15:16.393", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file /Doctor/delete_user_appointment_request.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file /Doctor/delete_user_appointment_request.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /Doctor/delete_user_appointment_request.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10968.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10968", "id": "CVE-2024-10968",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-07T20:15:15.633", "published": "2024-11-07T20:15:15.633",
"lastModified": "2024-11-07T20:15:15.633", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /contact_process.php. The manipulation of the argument fnm leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /contact_process.php. The manipulation of the argument fnm leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /contact_process.php. La manipulaci\u00f3n del argumento fnm conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10969.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10969", "id": "CVE-2024-10969",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-07T20:15:15.930", "published": "2024-11-07T20:15:15.930",
"lastModified": "2024-11-07T20:15:15.930", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login_process.php of the component Login. The manipulation of the argument unm leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login_process.php of the component Login. The manipulation of the argument unm leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del archivo /admin/login_process.php del componente Login. La manipulaci\u00f3n del argumento unm provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10975.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10975", "id": "CVE-2024-10975",
"sourceIdentifier": "security@hashicorp.com", "sourceIdentifier": "security@hashicorp.com",
"published": "2024-11-07T21:15:06.383", "published": "2024-11-07T21:15:06.383",
"lastModified": "2024-11-07T21:15:06.383", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Nomad Community and Nomad Enterprise (\"Nomad\") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15." "value": "Nomad Community and Nomad Enterprise (\"Nomad\") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15."
},
{
"lang": "es",
"value": "La especificaci\u00f3n de vol\u00famenes de Nomad Community y Nomad Enterprise (\"Nomad\") es vulnerable a la creaci\u00f3n arbitraria de vol\u00famenes entre espacios de nombres mediante escrituras no autorizadas en vol\u00famenes de la Interfaz de almacenamiento de contenedores (CSI). Esta vulnerabilidad, identificada como CVE-2024-10975, se ha corregido en Nomad Community Edition 1.9.2 y Nomad Enterprise 1.9.2, 1.8.7 y 1.7.15."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10987.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10987", "id": "CVE-2024-10987",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T04:15:15.190", "published": "2024-11-08T04:15:15.190",
"lastModified": "2024-11-08T04:15:15.190", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Doctor/user_appointment.php. The manipulation of the argument schedule_id/schedule_date/schedule_day/start_time/end_time/booking leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Doctor/user_appointment.php. The manipulation of the argument schedule_id/schedule_date/schedule_day/start_time/end_time/booking leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /Doctor/user_appointment.php. La manipulaci\u00f3n del argumento schedule_id/schedule_date/schedule_day/start_time/end_time/booking conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10988.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10988", "id": "CVE-2024-10988",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T04:15:15.503", "published": "2024-11-08T04:15:15.503",
"lastModified": "2024-11-08T04:15:15.503", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Doctor/doctor_login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." "value": "A vulnerability was found in code-projects E-Health Care System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Doctor/doctor_login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /Doctor/doctor_login.php. La manipulaci\u00f3n del argumento email provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Tambi\u00e9n pueden verse afectados otros par\u00e1metros."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10989.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10989", "id": "CVE-2024-10989",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T04:15:15.783", "published": "2024-11-08T04:15:15.783",
"lastModified": "2024-11-08T04:15:15.783", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects E-Health Care System 1.0. This affects an unknown part of the file /Admin/detail.php. The manipulation of the argument s_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory confuses the vulnerability class of this issue." "value": "A vulnerability classified as critical has been found in code-projects E-Health Care System 1.0. This affects an unknown part of the file /Admin/detail.php. The manipulation of the argument s_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory confuses the vulnerability class of this issue."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects E-Health Care System 1.0. Afecta a una parte desconocida del archivo /Admin/detail.php. La manipulaci\u00f3n del argumento s_id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores confunde la clase de vulnerabilidad de este problema."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10990.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10990", "id": "CVE-2024-10990",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T05:15:05.690", "published": "2024-11-08T05:15:05.690",
"lastModified": "2024-11-08T05:15:05.690", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Online Veterinary Appointment System 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/services/view_service.php. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10991.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10991", "id": "CVE-2024-10991",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T05:15:06.127", "published": "2024-11-08T05:15:06.127",
"lastModified": "2024-11-08T05:15:06.127", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en Codezips Hospital Appointment System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /editBranchResult.php. La manipulaci\u00f3n del ID del argumento conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10993.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10993", "id": "CVE-2024-10993",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T06:15:14.243", "published": "2024-11-08T06:15:14.243",
"lastModified": "2024-11-08T06:15:14.243", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Codezips Online Institute Management System 1.0. Se trata de una funci\u00f3n desconocida del archivo /manage_website.php. La manipulaci\u00f3n del argumento website_image permite la carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10994.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10994", "id": "CVE-2024-10994",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T06:15:14.540", "published": "2024-11-08T06:15:14.540",
"lastModified": "2024-11-08T06:15:14.540", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Codezips Online Institute Management System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /edit_user.php. La manipulaci\u00f3n del argumento image permite la carga sin restricciones. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10995.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10995", "id": "CVE-2024-10995",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T07:15:07.263", "published": "2024-11-08T07:15:07.263",
"lastModified": "2024-11-08T07:15:07.263", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /removeDoctorResult.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /removeDoctorResult.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Codezips Hospital Appointment System 1.0 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /removeDoctorResult.php. La manipulaci\u00f3n del argumento Name conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha revelado al p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10996.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10996", "id": "CVE-2024-10996",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T07:15:08.117", "published": "2024-11-08T07:15:08.117",
"lastModified": "2024-11-08T07:15:08.117", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/process_category_edit.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/process_category_edit.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo /admin/process_category_edit.php. La manipulaci\u00f3n del argumento cat provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10997.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10997", "id": "CVE-2024-10997",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T07:15:08.647", "published": "2024-11-08T07:15:08.647",
"lastModified": "2024-11-08T07:15:08.647", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /book_list.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /book_list.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /book_list.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10998.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10998", "id": "CVE-2024-10998",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T08:15:12.913", "published": "2024-11-08T08:15:12.913",
"lastModified": "2024-11-08T08:15:12.913", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/process_category_add.php. The manipulation of the argument cat leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/process_category_add.php. The manipulation of the argument cat leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en 1000 Projects Bookstore Management System 1.0. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /admin/process_category_add.php. La manipulaci\u00f3n del argumento cat provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-109xx/CVE-2024-10999.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10999", "id": "CVE-2024-10999",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T08:15:14.597", "published": "2024-11-08T08:15:14.597",
"lastModified": "2024-11-08T08:15:14.597", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en CodeAstro Real Estate Management System 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /aboutadd.php del componente About Us Page. La manipulaci\u00f3n del argumento aimage permite la carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-110xx/CVE-2024-11000.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-11000", "id": "CVE-2024-11000",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-08T08:15:15.283", "published": "2024-11-08T08:15:15.283",
"lastModified": "2024-11-08T08:15:15.283", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en CodeAstro Real Estate Management System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /aboutedit.php del componente About Us Page. La manipulaci\u00f3n del argumento aimage permite la carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-215xx/CVE-2024-21538.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-21538", "id": "CVE-2024-21538",
"sourceIdentifier": "report@snyk.io", "sourceIdentifier": "report@snyk.io",
"published": "2024-11-08T05:15:06.453", "published": "2024-11-08T05:15:06.453",
"lastModified": "2024-11-08T05:15:06.453", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string." "value": "Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string."
},
{
"lang": "es",
"value": "Las versiones del paquete cross-spawn anteriores a la 7.0.5 son vulnerables a la denegaci\u00f3n de servicio por expresi\u00f3n regular (ReDoS) debido a una desinfecci\u00f3n de entrada incorrecta. Un atacante puede aumentar el uso de la CPU y hacer que el programa se bloquee manipulando una cadena muy grande y bien manipulada."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-244xx/CVE-2024-24409.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-24409", "id": "CVE-2024-24409",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-11-08T08:15:15.917", "published": "2024-11-08T08:15:15.917",
"lastModified": "2024-11-08T08:15:15.917", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to\u00a0Privilege Escalation in the\u00a0Modify Computers option." "value": "Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to\u00a0Privilege Escalation in the\u00a0Modify Computers option."
},
{
"lang": "es",
"value": "Las versiones 7203 y anteriores de Zohocorp ManageEngine ADManager Plus son vulnerables a la escalada de privilegios en la opci\u00f3n Modificar equipos."
} }
], ],
"metrics": { "metrics": {

59
CVE-2024/CVE-2024-247xx/CVE-2024-24777.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24777", "id": "CVE-2024-24777",
"sourceIdentifier": "talos-cna@cisco.com", "sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:04.457", "published": "2024-10-30T14:15:04.457",
"lastModified": "2024-11-01T12:57:03.417", "lastModified": "2024-11-08T19:00:37.240",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "talos-cna@cisco.com", "source": "talos-cna@cisco.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,43 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC94B2E-4651-4E98-90A1-CB53CC2E24CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD255E3-0DBF-440C-AC6A-90B30DB59B34"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1981", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1981",
"source": "talos-cna@cisco.com" "source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

8
CVE-2024/CVE-2024-249xx/CVE-2024-24914.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-24914", "id": "CVE-2024-24914",
"sourceIdentifier": "cve@checkpoint.com", "sourceIdentifier": "cve@checkpoint.com",
"published": "2024-11-07T12:15:24.327", "published": "2024-11-07T12:15:24.327",
"lastModified": "2024-11-07T12:15:24.327", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available." "value": "Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available."
},
{
"lang": "es",
"value": "Los usuarios autenticados de Gaia pueden inyectar c\u00f3digo o comandos mediante variables globales a trav\u00e9s de solicitudes HTTP especiales. Hay disponible una soluci\u00f3n de seguridad que mitiga esta vulnerabilidad."
} }
], ],
"metrics": { "metrics": {

4
CVE-2024/CVE-2024-254xx/CVE-2024-25431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25431", "id": "CVE-2024-25431",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T17:15:06.023", "published": "2024-11-08T17:15:06.023",
"lastModified": "2024-11-08T17:15:06.023", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

39
CVE-2024/CVE-2024-270xx/CVE-2024-27028.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27028", "id": "CVE-2024-27028",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:49.030", "published": "2024-05-01T13:15:49.030",
"lastModified": "2024-11-05T10:16:20.500", "lastModified": "2024-11-08T19:35:02.793",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: spi-mt65xx: corrige el acceso al puntero NULL en el controlador de interrupciones. El b\u00fafer TX en spi_transfer puede ser un puntero NULL, por lo que el controlador de interrupciones puede terminar escribiendo en la memoria no v\u00e1lida y causar accidentes. Agregue una marca a trans-&gt;tx_buf antes de usarlo." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: spi-mt65xx: corrige el acceso al puntero NULL en el controlador de interrupciones. El b\u00fafer TX en spi_transfer puede ser un puntero NULL, por lo que el controlador de interrupciones puede terminar escribiendo en la memoria no v\u00e1lida y causar accidentes. Agregue una marca a trans-&gt;tx_buf antes de usarlo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/1784053cf10a14c4ebd8a890bad5cfe1bee51713", "url": "https://git.kernel.org/stable/c/1784053cf10a14c4ebd8a890bad5cfe1bee51713",

39
CVE-2024/CVE-2024-276xx/CVE-2024-27609.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27609", "id": "CVE-2024-27609",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-01T00:15:49.513", "published": "2024-04-01T00:15:49.513",
"lastModified": "2024-04-01T01:12:59.077", "lastModified": "2024-11-08T19:35:15.910",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Bonita antes de 2023.2-u2 permite XSS almacenado a trav\u00e9s de una pantalla de interfaz de usuario en el panel de administraci\u00f3n." "value": "Bonita antes de 2023.2-u2 permite XSS almacenado a trav\u00e9s de una pantalla de interfaz de usuario en el panel de administraci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://documentation.bonitasoft.com/bonita/latest/release-notes#_fixes_in_bonita_runtime_including_bonita_applications_2", "url": "https://documentation.bonitasoft.com/bonita/latest/release-notes#_fixes_in_bonita_runtime_including_bonita_applications_2",

8
CVE-2024/CVE-2024-301xx/CVE-2024-30140.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30140", "id": "CVE-2024-30140",
"sourceIdentifier": "psirt@hcl.com", "sourceIdentifier": "psirt@hcl.com",
"published": "2024-11-07T09:15:03.480", "published": "2024-11-07T09:15:03.480",
"lastModified": "2024-11-07T09:15:03.480", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page." "value": "HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page."
},
{
"lang": "es",
"value": "HCL BigFix Compliance se ve afectado por redirecciones y reenv\u00edos no validados. El encabezado HOST puede ser manipulado por un atacante y, como resultado, puede contaminar la memoria cach\u00e9 web y devolver la p\u00e1gina a los usuarios."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-301xx/CVE-2024-30141.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30141", "id": "CVE-2024-30141",
"sourceIdentifier": "psirt@hcl.com", "sourceIdentifier": "psirt@hcl.com",
"published": "2024-11-07T09:15:03.707", "published": "2024-11-07T09:15:03.707",
"lastModified": "2024-11-07T09:15:03.707", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data." "value": "HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data."
},
{
"lang": "es",
"value": "HCL BigFix Compliance es vulnerable a la generaci\u00f3n de mensajes de error que contienen informaci\u00f3n confidencial. Los mensajes de error detallados pueden proporcionar informaci\u00f3n incitativa o exponer informaci\u00f3n sobre su entorno, usuarios o datos asociados."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-301xx/CVE-2024-30142.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-30142", "id": "CVE-2024-30142",
"sourceIdentifier": "psirt@hcl.com", "sourceIdentifier": "psirt@hcl.com",
"published": "2024-11-07T09:15:03.907", "published": "2024-11-07T09:15:03.907",
"lastModified": "2024-11-07T09:15:03.907", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel." "value": "HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel."
},
{
"lang": "es",
"value": "HCL BigFix Compliance se ve afectado por la falta de una bandera de seguridad en una cookie. Si no se establece una bandera de seguridad, un atacante puede robar las cookies mediante XSS, lo que da como resultado un acceso no autorizado o las cookies de sesi\u00f3n podr\u00edan transferirse a trav\u00e9s de un canal no cifrado."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-360xx/CVE-2024-36062.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36062", "id": "CVE-2024-36062",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T22:15:20.680", "published": "2024-11-07T22:15:20.680",
"lastModified": "2024-11-07T22:15:20.680", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCallActivity component." "value": "The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCallActivity component."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n com.callassistant.android (tambi\u00e9n conocida como AI Call Assistant &amp; Screener) 1.174 para Android permite que cualquier aplicaci\u00f3n instalada (sin permisos) realice llamadas telef\u00f3nicas sin interacci\u00f3n del usuario enviando una intenci\u00f3n manipulada a trav\u00e9s del componente com.callassistant.android.ui.call.incall.InCallActivity."
} }
], ],
"metrics": {}, "metrics": {},

4
CVE-2024/CVE-2024-360xx/CVE-2024-36063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36063", "id": "CVE-2024-36063",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T22:15:20.740", "published": "2024-11-07T22:15:20.740",
"lastModified": "2024-11-08T17:35:12.793", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2024/CVE-2024-360xx/CVE-2024-36064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36064", "id": "CVE-2024-36064",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T22:15:20.790", "published": "2024-11-07T22:15:20.790",
"lastModified": "2024-11-08T17:35:13.630", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

8
CVE-2024/CVE-2024-382xx/CVE-2024-38286.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38286", "id": "CVE-2024-38286",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2024-11-07T08:15:13.007", "published": "2024-11-07T08:15:13.007",
"lastModified": "2024-11-07T08:15:13.007", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process." "value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process."
},
{
"lang": "es",
"value": "Vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites o limitaci\u00f3n de recursos en Apache Tomcat. Este problema afecta a Apache Tomcat: desde la versi\u00f3n 11.0.0-M1 hasta la 11.0.0-M20, desde la versi\u00f3n 10.1.0-M1 hasta la 10.1.24, desde la versi\u00f3n 9.0.13 hasta la 9.0.89. Tambi\u00e9n pueden verse afectadas versiones anteriores no compatibles. Se recomienda a los usuarios que actualicen a la versi\u00f3n 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema. Apache Tomcat, en determinadas configuraciones de cualquier plataforma, permite a un atacante provocar un error OutOfMemoryError abusando del proceso de enlace TLS."
} }
], ],
"metrics": { "metrics": {

27
CVE-2024/CVE-2024-385xx/CVE-2024-38582.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38582", "id": "CVE-2024-38582",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:18.273", "published": "2024-06-19T14:15:18.273",
"lastModified": "2024-07-15T07:15:10.780", "lastModified": "2024-11-08T19:35:16.800",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nilfs2: soluciona un posible bloqueo en nilfs_detach_log_writer() Syzbot ha informado de un posible bloqueo en nilfs_detach_log_writer() llamado durante el desmontaje de nilfs2. El an\u00e1lisis revel\u00f3 que esto se debe a que nilfs_segctor_sync(), que se sincroniza con el hilo del escritor de registros, puede ser llamado despu\u00e9s de que nilfs_segctor_destroy() finalice ese hilo, como se muestra en el seguimiento de llamadas a continuaci\u00f3n: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --&gt; Apagar el hilo del escritor de registros Flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (si el inodo necesita sincronizaci\u00f3n) nilfs_segctor_sync --&gt; Intente sincronizar con el hilo del escritor de registros *** DEADLOCK *** Solucione este problema cambiando nilfs_segctor_sync() para que el hilo del escritor de registros regrese normalmente sin sincronizarse despu\u00e9s de que termine y forzando las tareas que ya est\u00e1n esperando a completarse una vez que finaliza el hilo. La eliminaci\u00f3n de metadatos del inodo omitido se procesar\u00e1 en conjunto en el trabajo de limpieza posterior en nilfs_segctor_destroy()." "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nilfs2: soluciona un posible bloqueo en nilfs_detach_log_writer() Syzbot ha informado de un posible bloqueo en nilfs_detach_log_writer() llamado durante el desmontaje de nilfs2. El an\u00e1lisis revel\u00f3 que esto se debe a que nilfs_segctor_sync(), que se sincroniza con el hilo del escritor de registros, puede ser llamado despu\u00e9s de que nilfs_segctor_destroy() finalice ese hilo, como se muestra en el seguimiento de llamadas a continuaci\u00f3n: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --&gt; Apagar el hilo del escritor de registros Flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (si el inodo necesita sincronizaci\u00f3n) nilfs_segctor_sync --&gt; Intente sincronizar con el hilo del escritor de registros *** DEADLOCK *** Solucione este problema cambiando nilfs_segctor_sync() para que el hilo del escritor de registros regrese normalmente sin sincronizarse despu\u00e9s de que termine y forzando las tareas que ya est\u00e1n esperando a completarse una vez que finaliza el hilo. La eliminaci\u00f3n de metadatos del inodo omitido se procesar\u00e1 en conjunto en el trabajo de limpieza posterior en nilfs_segctor_destroy()."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [ "references": [
{ {
"url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd", "url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd",

4
CVE-2024/CVE-2024-402xx/CVE-2024-40239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40239", "id": "CVE-2024-40239",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T18:15:17.000", "published": "2024-11-08T18:15:17.000",
"lastModified": "2024-11-08T18:15:17.000", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2024/CVE-2024-402xx/CVE-2024-40240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40240", "id": "CVE-2024-40240",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T18:15:17.130", "published": "2024-11-08T18:15:17.130",
"lastModified": "2024-11-08T18:15:17.130", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

8
CVE-2024/CVE-2024-407xx/CVE-2024-40715.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40715", "id": "CVE-2024-40715",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2024-11-07T17:15:08.083", "published": "2024-11-07T17:15:08.083",
"lastModified": "2024-11-07T17:15:08.083", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability." "value": "A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Veeam Backup &amp; Replication Enterprise Manager que permite a los atacantes eludir la autenticaci\u00f3n. Los atacantes deben poder realizar un ataque Man-in-the-Middle (MITM) para aprovechar esta vulnerabilidad."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-434xx/CVE-2024-43425.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43425", "id": "CVE-2024-43425",
"sourceIdentifier": "patrick@puiterwijk.org", "sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-07T14:15:15.280", "published": "2024-11-07T14:15:15.280",
"lastModified": "2024-11-07T15:35:11.837", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions." "value": "A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Moodle. Se requieren restricciones adicionales para evitar el riesgo de ejecuci\u00f3n remota de c\u00f3digo en los tipos de preguntas calculadas. Nota: Esto requiere la capacidad de agregar o actualizar preguntas."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-434xx/CVE-2024-43426.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43426", "id": "CVE-2024-43426",
"sourceIdentifier": "patrick@puiterwijk.org", "sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-07T14:15:15.510", "published": "2024-11-07T14:15:15.510",
"lastModified": "2024-11-07T14:15:15.510", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed." "value": "A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en pdfTeX. Una desinfecci\u00f3n insuficiente en el filtro de notaci\u00f3n TeX result\u00f3 en un riesgo de lectura arbitraria de archivos en sitios donde pdfTeX est\u00e1 disponible, como aquellos con TeX Live instalado."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-434xx/CVE-2024-43428.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43428", "id": "CVE-2024-43428",
"sourceIdentifier": "patrick@puiterwijk.org", "sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-07T14:15:15.703", "published": "2024-11-07T14:15:15.703",
"lastModified": "2024-11-07T14:15:15.703", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "To address a cache poisoning risk in Moodle, additional validation for local storage was required." "value": "To address a cache poisoning risk in Moodle, additional validation for local storage was required."
},
{
"lang": "es",
"value": "Para abordar un riesgo de envenenamiento de cach\u00e9 en Moodle, se requiri\u00f3 una validaci\u00f3n adicional para el almacenamiento local."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-434xx/CVE-2024-43431.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43431", "id": "CVE-2024-43431",
"sourceIdentifier": "patrick@puiterwijk.org", "sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-07T14:15:15.877", "published": "2024-11-07T14:15:15.877",
"lastModified": "2024-11-07T16:35:19.497", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access." "value": "A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Moodle. La falta de comprobaciones de capacidad hizo posible eliminar insignias a las que un usuario no ten\u00eda permiso de acceso."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-434xx/CVE-2024-43434.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43434", "id": "CVE-2024-43434",
"sourceIdentifier": "patrick@puiterwijk.org", "sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-07T14:15:16.067", "published": "2024-11-07T14:15:16.067",
"lastModified": "2024-11-07T16:35:20.220", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability." "value": "The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability."
},
{
"lang": "es",
"value": "La funci\u00f3n de env\u00edo masivo de mensajes en el informe de no respuestas del m\u00f3dulo de comentarios de Moodle ten\u00eda una verificaci\u00f3n de token CSRF incorrecta, lo que generaba una vulnerabilidad CSRF."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-434xx/CVE-2024-43436.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43436", "id": "CVE-2024-43436",
"sourceIdentifier": "patrick@puiterwijk.org", "sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-07T14:15:16.247", "published": "2024-11-07T14:15:16.247",
"lastModified": "2024-11-07T16:35:20.957", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators." "value": "A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de riesgo de inyecci\u00f3n SQL en la herramienta de edici\u00f3n XMLDB disponible para los administradores del sitio."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-434xx/CVE-2024-43438.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43438", "id": "CVE-2024-43438",
"sourceIdentifier": "patrick@puiterwijk.org", "sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-07T14:15:16.430", "published": "2024-11-07T14:15:16.430",
"lastModified": "2024-11-07T17:35:22.537", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report." "value": "A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Feedback. Los mensajes masivos en el informe de no participantes de la actividad no verificaban los destinatarios de los mensajes que pertenec\u00edan al conjunto de usuarios que devolv\u00eda el informe."
} }
], ],
"metrics": { "metrics": {

8
CVE-2024/CVE-2024-434xx/CVE-2024-43440.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-43440", "id": "CVE-2024-43440",
"sourceIdentifier": "patrick@puiterwijk.org", "sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-07T14:15:16.610", "published": "2024-11-07T14:15:16.610",
"lastModified": "2024-11-07T15:35:12.597", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A flaw was found in moodle. A local file may include risks when restoring block backups." "value": "A flaw was found in moodle. A local file may include risks when restoring block backups."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Moodle. Un archivo local puede incluir riesgos al restaurar copias de seguridad de bloques."
} }
], ],
"metrics": { "metrics": {

51
CVE-2024/CVE-2024-439xx/CVE-2024-43956.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-43956", "id": "CVE-2024-43956",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:49.933", "published": "2024-11-01T15:15:49.933",
"lastModified": "2024-11-01T20:24:53.730", "lastModified": "2024-11-08T20:41:30.417",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34." "value": "Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n faltante en Caseproof, LLC Memberpress permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a Memberpress: desde n/a hasta 1.11.34."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:caseproof:memberpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.11.35",
"matchCriteriaId": "D50F3A71-5CA7-4D1C-99CB-ACF86C4401C5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/memberpress/wordpress-memberpress-plugin-1-11-29-broken-access-control-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/memberpress/wordpress-memberpress-plugin-1-11-29-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-439xx/CVE-2024-43962.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-43962", "id": "CVE-2024-43962",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:50.143", "published": "2024-11-01T15:15:50.143",
"lastModified": "2024-11-01T20:24:53.730", "lastModified": "2024-11-08T20:42:40.120",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4." "value": "Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4."
},
{
"lang": "es",
"value": " Vulnerabilidad de autorizaci\u00f3n faltante en LWS LWS Affiliation permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a LWS Affiliation: desde n/a hasta 2.3.4."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lws:affiliation:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.5",
"matchCriteriaId": "9BFFDBB4-3276-4807-AB98-5EC979E467AB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-439xx/CVE-2024-43968.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-43968", "id": "CVE-2024-43968",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:50.347", "published": "2024-11-01T15:15:50.347",
"lastModified": "2024-11-01T20:24:53.730", "lastModified": "2024-11-08T20:43:04.257",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6." "value": "Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6."
},
{
"lang": "es",
"value": " La vulnerabilidad de control de acceso roto en Automattic Newspack permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Newspack: desde n/a hasta 3.8.6."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:newspack:newspack:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.8.7",
"matchCriteriaId": "501CF971-487D-4999-A9BB-BC0216E1F10C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/newspack-plugin/wordpress-newspack-plugin-3-8-7-broken-access-control-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/newspack-plugin/wordpress-newspack-plugin-3-8-7-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-439xx/CVE-2024-43973.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-43973", "id": "CVE-2024-43973",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:50.553", "published": "2024-11-01T15:15:50.553",
"lastModified": "2024-11-01T20:24:53.730", "lastModified": "2024-11-08T20:43:24.907",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11." "value": "Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11."
},
{
"lang": "es",
"value": " La vulnerabilidad de autorizaci\u00f3n faltante en AyeCode Ltd GetPaid permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a GetPaid: desde n/a hasta 2.8.11."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ayecode:getpaid:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.8.12",
"matchCriteriaId": "416D33C4-F85E-4271-BB73-E25306EA965F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/invoicing/wordpress-payment-forms-buy-now-buttons-and-invoicing-system-getpaid-plugin-2-8-11-broken-access-control-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/invoicing/wordpress-payment-forms-buy-now-buttons-and-invoicing-system-getpaid-plugin-2-8-11-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

61
CVE-2024/CVE-2024-439xx/CVE-2024-43974.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-43974", "id": "CVE-2024-43974",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:50.760", "published": "2024-11-01T15:15:50.760",
"lastModified": "2024-11-01T20:24:53.730", "lastModified": "2024-11-08T20:43:53.387",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2." "value": "Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n faltante en CozyThemes ReviveNews permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a ReviveNews: desde n/a hasta 1.0.2."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -36,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +81,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cozythemes:revivenews:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.3",
"matchCriteriaId": "89E912C1-F9D0-41A2-B28B-67F1ABB8C83C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/revivenews/wordpress-revivenews-theme-1-0-2-broken-access-control-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/revivenews/wordpress-revivenews-theme-1-0-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-439xx/CVE-2024-43979.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-43979", "id": "CVE-2024-43979",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:50.970", "published": "2024-11-01T15:15:50.970",
"lastModified": "2024-11-01T20:24:53.730", "lastModified": "2024-11-08T20:44:42.717",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10." "value": "Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10."
},
{
"lang": "es",
"value": " La vulnerabilidad de autorizaci\u00f3n faltante en CozyThemes Blockbooster permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a Blockbooster: desde n/a hasta 1.0.10."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cozythemes:blockbooster:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.11",
"matchCriteriaId": "ED25C303-3749-4FB9-BF7E-EECA879FDC0F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/blockbooster/wordpress-blockbooster-theme-1-0-10-broken-access-control-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/blockbooster/wordpress-blockbooster-theme-1-0-10-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-439xx/CVE-2024-43980.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-43980", "id": "CVE-2024-43980",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:51.173", "published": "2024-11-01T15:15:51.173",
"lastModified": "2024-11-01T20:24:53.730", "lastModified": "2024-11-08T20:45:07.137",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1." "value": "Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1."
},
{
"lang": "es",
"value": " La vulnerabilidad de autorizaci\u00f3n faltante en CozyThemes Fota WP permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Fota WP: desde n/a hasta 1.4.1."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +71,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cozythemes:fotawp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.2",
"matchCriteriaId": "94EF1BAE-20D2-47FA-AA08-817259CF4E02"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/fotawp/wordpress-fotawp-theme-1-4-1-broken-access-control-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/fotawp/wordpress-fotawp-theme-1-4-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

25
CVE-2024/CVE-2024-447xx/CVE-2024-44765.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44765",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T19:15:05.590",
"lastModified": "2024-11-08T19:15:05.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH v2.0.0 to v2.4.2 allows attackers to escalate privileges and access sensitive information via manipulation of the Nginx configuration file."
}
],
"metrics": {},
"references": [
{
"url": "http://mgt-commerce.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/EagleTube/CloudPanel/tree/main/CVE-2024-44765",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-457xx/CVE-2024-45759.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45759", "id": "CVE-2024-45759",
"sourceIdentifier": "security_alert@emc.com", "sourceIdentifier": "security_alert@emc.com",
"published": "2024-11-08T03:15:03.647", "published": "2024-11-08T03:15:03.647",
"lastModified": "2024-11-08T03:15:03.647", "lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system." "value": "Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system."
},
{
"lang": "es",
"value": "Dell PowerProtect Data Domain, versiones anteriores a 8.1.0.0, 7.13.1.10, 7.10.1.40 y 7.7.5.50, contiene una vulnerabilidad de escalada de privilegios. Un atacante local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n no autorizada de determinados comandos para sobrescribir la configuraci\u00f3n del sistema de la aplicaci\u00f3n. La explotaci\u00f3n puede provocar la denegaci\u00f3n de servicio del sistema."
} }
], ],
"metrics": { "metrics": {

Some files were not shown because too many files have changed in this diff Show More