-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
edf8d3e
commit 8744147
Showing
21 changed files
with
21 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-29506", "sourceIdentifier": "[email protected]", "published": "2024-07-03T18:15:04.840", "lastModified": "2024-07-05T12:55:51.367", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name."}, {"lang": "es", "value": "Artifex Ghostscript anterior a 10.03.0 tiene un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n pdfi_apply_filter() a trav\u00e9s de un nombre de filtro PDF largo."}], "metrics": {}, "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707510", "source": "[email protected]"}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Bh=77dc7f699beba606937b7ea23b50cf5974fa64b1", "source": "[email protected]"}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/03/7", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2024-29506", "sourceIdentifier": "[email protected]", "published": "2024-07-03T18:15:04.840", "lastModified": "2024-08-02T02:35:16.813", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name."}, {"lang": "es", "value": "Artifex Ghostscript anterior a 10.03.0 tiene un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n pdfi_apply_filter() a trav\u00e9s de un nombre de filtro PDF largo."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707510", "source": "[email protected]"}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Bh=77dc7f699beba606937b7ea23b50cf5974fa64b1", "source": "[email protected]"}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/03/7", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-32861", "sourceIdentifier": "[email protected]", "published": "2024-07-16T15:15:12.037", "lastModified": "2024-07-16T18:00:02.110", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain circumstances the Software House C?CURE 9000 Site Server provides insufficient protection of directories containing executables."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-276"}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/ICSA-24-191-05", "source": "[email protected]"}, {"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2024-32861", "sourceIdentifier": "[email protected]", "published": "2024-07-16T15:15:12.037", "lastModified": "2024-08-02T03:15:20.680", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain circumstances the Software House C\u25cfCURE 9000 Site Server provides insufficient protection of directories containing executables."}, {"lang": "es", "value": "En determinadas circunstancias, Software House C?CURE 9000 Site Server proporciona una protecci\u00f3n insuficiente de los directorios que contienen archivos ejecutables."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-276"}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/ICSA-24-191-05", "source": "[email protected]"}, {"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-33103", "sourceIdentifier": "[email protected]", "published": "2024-04-30T18:15:19.923", "lastModified": "2024-05-17T02:39:22.550", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product."}, {"lang": "es", "value": "Una vulnerabilidad de carga de archivos arbitrarios en el componente Media Manager de DokuWiki 2024-02-06a permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo SVG manipulado. NOTA: como se indica en la referencia del problema 4267, existe la posibilidad de que la explotabilidad solo pueda ocurrir con una mala configuraci\u00f3n del producto."}], "metrics": {}, "references": [{"url": "https://github.com/dokuwiki/dokuwiki/issues/4267", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2024-33103", "sourceIdentifier": "[email protected]", "published": "2024-04-30T18:15:19.923", "lastModified": "2024-08-02T03:15:23.713", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product."}, {"lang": "es", "value": "Una vulnerabilidad de carga de archivos arbitrarios en el componente Media Manager de DokuWiki 2024-02-06a permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo SVG manipulado. NOTA: como se indica en la referencia del problema 4267, existe la posibilidad de que la explotabilidad solo pueda ocurrir con una mala configuraci\u00f3n del producto."}], "metrics": {}, "references": [{"url": "https://github.com/dokuwiki/dokuwiki/issues/4267", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-33308", "sourceIdentifier": "[email protected]", "published": "2024-04-30T15:15:53.240", "lastModified": "2024-05-17T02:39:23.753", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository."}, {"lang": "es", "value": "Un problema en TVS Motor Company Limited TVS Connet Android v.4.5.1 e iOS v.5.0.0 permite a un atacante remoto escalar privilegios a trav\u00e9s de la funci\u00f3n de contacto de emergencia."}], "metrics": {}, "references": [{"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT", "source": "[email protected]"}, {"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main", "source": "[email protected]"}, {"url": "https://github.com/msn-official/CVE-Evidence", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2024-33308", "sourceIdentifier": "[email protected]", "published": "2024-04-30T15:15:53.240", "lastModified": "2024-08-02T03:15:26.030", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository."}, {"lang": "es", "value": "Un problema en TVS Motor Company Limited TVS Connet Android v.4.5.1 e iOS v.5.0.0 permite a un atacante remoto escalar privilegios a trav\u00e9s de la funci\u00f3n de contacto de emergencia."}], "metrics": {}, "references": [{"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT", "source": "[email protected]"}, {"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main", "source": "[email protected]"}, {"url": "https://github.com/msn-official/CVE-Evidence", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-33309", "sourceIdentifier": "[email protected]", "published": "2024-04-30T15:15:53.293", "lastModified": "2024-05-17T02:39:23.810", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository."}, {"lang": "es", "value": "Un problema en TVS Motor Company Limited TVS Connet Android v.4.5.1 e iOS v.5.0.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un endpoint API inseguro"}], "metrics": {}, "references": [{"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT", "source": "[email protected]"}, {"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main", "source": "[email protected]"}, {"url": "https://github.com/msn-official/CVE-Evidence", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2024-33309", "sourceIdentifier": "[email protected]", "published": "2024-04-30T15:15:53.293", "lastModified": "2024-08-02T03:15:26.107", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository."}, {"lang": "es", "value": "Un problema en TVS Motor Company Limited TVS Connet Android v.4.5.1 e iOS v.5.0.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un endpoint API inseguro"}], "metrics": {}, "references": [{"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT", "source": "[email protected]"}, {"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main", "source": "[email protected]"}, {"url": "https://github.com/msn-official/CVE-Evidence", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-33665", "sourceIdentifier": "[email protected]", "published": "2024-04-26T01:15:46.100", "lastModified": "2024-05-17T02:39:27.117", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks."}, {"lang": "es", "value": "angular-translate hasta 2.19.1 permite XSS a trav\u00e9s de una clave manipulada que utiliza la directiva de traducci\u00f3n. NOTA: el proveedor indica que no existe documentaci\u00f3n que indique que una clave deba ser segura contra ataques XSS."}], "metrics": {}, "references": [{"url": "http://docs.herodevs.com/docs/2024-Angular-Translate-XSS", "source": "[email protected]"}, {"url": "https://github.com/angular-translate/angular-translate/issues/1418", "source": "[email protected]"}, {"url": "https://github.com/angular-translate/angular-translate/issues/1418#issuecomment-252498855", "source": "[email protected]"}, {"url": "https://stackblitz.com/github/neverendingsupport/angular-translate-xss-2024?file=public%2Findex.html", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2024-33665", "sourceIdentifier": "[email protected]", "published": "2024-04-26T01:15:46.100", "lastModified": "2024-08-02T03:15:30.310", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks."}, {"lang": "es", "value": "angular-translate hasta 2.19.1 permite XSS a trav\u00e9s de una clave manipulada que utiliza la directiva de traducci\u00f3n. NOTA: el proveedor indica que no existe documentaci\u00f3n que indique que una clave deba ser segura contra ataques XSS."}], "metrics": {}, "references": [{"url": "http://docs.herodevs.com/docs/2024-Angular-Translate-XSS", "source": "[email protected]"}, {"url": "https://github.com/angular-translate/angular-translate/issues/1418", "source": "[email protected]"}, {"url": "https://github.com/angular-translate/angular-translate/issues/1418#issuecomment-252498855", "source": "[email protected]"}, {"url": "https://stackblitz.com/github/neverendingsupport/angular-translate-xss-2024?file=public%2Findex.html", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-33900", "sourceIdentifier": "[email protected]", "published": "2024-05-20T21:15:09.177", "lastModified": "2024-07-03T01:59:09.967", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs."}, {"lang": "es", "value": " KeePassXC 2.7.7 permite a los atacantes recuperar credenciales de texto plano."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.2, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-316"}]}], "references": [{"url": "https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838", "source": "[email protected]"}, {"url": "https://github.com/keepassxreboot/keepassxc/issues/10784", "source": "[email protected]"}, {"url": "https://keepassxc.org/blog/", "source": "[email protected]"}, {"url": "https://keepassxc.org/blog/2019-02-21-memory-security/", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2024-33900", "sourceIdentifier": "[email protected]", "published": "2024-05-20T21:15:09.177", "lastModified": "2024-08-02T03:15:33.783", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs."}, {"lang": "es", "value": " KeePassXC 2.7.7 permite a los atacantes recuperar credenciales de texto plano."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.2, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-316"}]}], "references": [{"url": "https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838", "source": "[email protected]"}, {"url": "https://github.com/keepassxreboot/keepassxc/issues/10784", "source": "[email protected]"}, {"url": "https://keepassxc.org/blog/", "source": "[email protected]"}, {"url": "https://keepassxc.org/blog/2019-02-21-memory-security/", "source": "[email protected]"}]}} |
Oops, something went wrong.