admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-02-16T03:00:21.640882+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-02-16 03:03:51 +00:00
parent dd407d2ab0
commit 03e4a37847
1109 changed files with 5266 additions and 2113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2019/CVE-2019-109xx/CVE-2019-10923.json
View File

@ -87,7 +87,7 @@
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

6
CVE-2019/CVE-2019-150xx/CVE-2019-15002.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@atlassian.com",
"published": "2025-02-11T18:15:18.557",
"lastModified": "2025-02-11T18:15:18.557",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn\u2019t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CSRF explotable en Atlassian Jira, desde las versiones 7.6.4 a 8.1.0. El formulario de inicio de sesi\u00f3n no requiere un token CSRF. Como resultado, un atacante puede iniciar sesi\u00f3n en el sistema con un usuario con una cuenta inesperada."
}
],
"metrics": {},

2
CVE-2020/CVE-2020-139xx/CVE-2020-13927.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@apache.org",
"published": "2020-11-10T16:15:11.807",
"lastModified": "2024-11-21T05:02:09.853",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2020/CVE-2020-16xx/CVE-2020-1631.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2020-05-04T10:15:10.890",
"lastModified": "2024-11-21T05:11:02.493",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2020/CVE-2020-34xx/CVE-2020-3432.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@cisco.com",
"published": "2025-02-12T00:15:07.670",
"lastModified": "2025-02-12T15:15:10.460",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem.\r\n The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a symbolic link (symlink) to a target file on a specific path. A successful exploit could allow the attacker to corrupt the contents of the file. If the file is a critical systems file, the exploit could lead to a denial of service condition. To exploit this vulnerability, the attacker would need to have valid credentials on the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente de desinstalaci\u00f3n de Cisco AnyConnect Secure Mobility Client para Mac OS podr\u00eda permitir que un atacante local autenticado corrompa el contenido de cualquier archivo en el sistema de archivos. La vulnerabilidad se debe a la gesti\u00f3n incorrecto de las rutas de directorio. Un atacante podr\u00eda aprovechar esta vulnerabilidad creando un enlace simb\u00f3lico (symlink) a un archivo de destino en una ruta espec\u00edfica. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante corromper el contenido del archivo. Si el archivo es un archivo cr\u00edtico del sistema, la explotaci\u00f3n podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio. Para aprovechar esta vulnerabilidad, el atacante necesitar\u00eda tener credenciales v\u00e1lidas en el sistema."
}
],
"metrics": {

2
CVE-2020/CVE-2020-360xx/CVE-2020-36084.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-05T22:15:27.180",
"lastModified": "2025-02-06T16:15:28.517",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2021/CVE-2021-270xx/CVE-2021-27017.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@puppet.com",
"published": "2025-02-07T20:15:31.983",
"lastModified": "2025-02-07T20:15:31.983",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release."
},
{
"lang": "es",
"value": "El uso de un m\u00f3dulo presentaba un riesgo de seguridad al permitir la deserializaci\u00f3n de datos no confiables o proporcionados por el usuario. Esto se solucion\u00f3 en la versi\u00f3n 7.4.0 de Puppet Agent."
}
],
"metrics": {

6
CVE-2021/CVE-2021-415xx/CVE-2021-41527.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"published": "2025-02-07T20:15:32.140",
"lastModified": "2025-02-07T20:15:32.140",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the\u00a0saas-2021-12-29 release\u00a0can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn\u2019t been completed."
},
{
"lang": "es",
"value": "Un error relacionado con la autorizaci\u00f3n de dos factores (2FA) en la plataforma RISC anterior a la versi\u00f3n saas-2021-12-29 podr\u00eda potencialmente aprovecharse para eludir la 2FA. La vulnerabilidad requiere que la configuraci\u00f3n de la 2FA no se haya completado."
}
],
"metrics": {

6
CVE-2021/CVE-2021-415xx/CVE-2021-41528.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"published": "2025-02-07T20:15:32.320",
"lastModified": "2025-02-07T20:15:32.320",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to\u00a0access the import / export functionality with low privileges."
},
{
"lang": "es",
"value": "Un error al gestionar la autorizaci\u00f3n relacionada con las interfaces de importaci\u00f3n/exportaci\u00f3n en la Plataforma RISC antes del lanzamiento de saas-2021-12-29 podr\u00eda potencialmente aprovecharse para acceder a la funcionalidad de importaci\u00f3n/exportaci\u00f3n con privilegios bajos."
}
],
"metrics": {

2
CVE-2022/CVE-2022-241xx/CVE-2022-24112.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@apache.org",
"published": "2022-02-11T13:15:08.073",
"lastModified": "2025-01-29T22:15:27.690",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-247xx/CVE-2022-24706.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@apache.org",
"published": "2022-04-26T10:15:35.083",
"lastModified": "2025-01-29T17:15:17.557",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-257xx/CVE-2022-25768.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T21:15:12.860",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-257xx/CVE-2022-25769.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T15:15:13.060",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-257xx/CVE-2022-25770.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T22:15:03.827",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-257xx/CVE-2022-25777.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@mautic.org",
"published": "2024-09-18T16:15:04.980",
"lastModified": "2024-09-20T12:30:17.483",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2022/CVE-2022-263xx/CVE-2022-26388.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "productsecurity@baxter.com",
"published": "2025-02-07T17:15:21.960",
"lastModified": "2025-02-07T17:15:21.960",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: \n\nVersions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\nVersions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph:\n\nVersions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\nVersions 2.2.0 and prior."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el uso de contrase\u00f1as codificadas de forma r\u00edgida puede permitir el abuso de la autenticaci\u00f3n. Este problema afecta al electrocardi\u00f3grafo en reposo ELI 380: versiones 2.6.0 y anteriores; al electrocardi\u00f3grafo en reposo ELI 280/BUR280/MLBUR 280: versiones 2.3.1 y anteriores; al electrocardi\u00f3grafo en reposo ELI 250c/BUR 250c: versiones 2.1.2 y anteriores; al electrocardi\u00f3grafo en reposo ELI 150c/BUR 150c/MLBUR 150c: versiones 2.2.0 y anteriores."
}
],
"metrics": {

6
CVE-2022/CVE-2022-263xx/CVE-2022-26389.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "productsecurity@baxter.com",
"published": "2025-02-07T17:15:22.130",
"lastModified": "2025-02-07T17:15:22.130",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability may allow privilege escalation.This issue affects:\u00a0\n\n * ELI 380 Resting Electrocardiograph:\n\nVersions 2.6.0 and prior;\u00a0\n * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\nVersions 2.3.1 and prior;\u00a0\n * ELI 250c/BUR 250c Resting Electrocardiograph:\u00a0Versions 2.1.2 and prior;\u00a0\n * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\nVersions 2.2.0 and prior."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado puede permitir la escalada de privilegios. Este problema afecta a: * Electrocardi\u00f3grafo en reposo ELI 380: versiones 2.6.0 y anteriores; * Electrocardi\u00f3grafo en reposo ELI 280/BUR280/MLBUR 280: versiones 2.3.1 y anteriores; * Electrocardi\u00f3grafo en reposo ELI 250c/BUR 250c: versiones 2.1.2 y anteriores; * Electrocardi\u00f3grafo en reposo ELI 150c/BUR 150c/MLBUR 150c: versiones 2.2.0 y anteriores."
}
],
"metrics": {

2
CVE-2022/CVE-2022-317xx/CVE-2022-31764.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@apache.org",
"published": "2025-02-06T15:15:10.610",
"lastModified": "2025-02-06T17:15:13.030",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2022/CVE-2022-31xx/CVE-2022-3180.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-11T22:15:24.180",
"lastModified": "2025-02-12T15:15:10.730",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts."
},
{
"lang": "es",
"value": "El complemento WPGateway para WordPress es vulnerable a la escalada de privilegios en versiones hasta la 3.5 y incluida. Esto permite que atacantes no autenticados creen cuentas de administrador maliciosas arbitrarias."
}
],
"metrics": {

4
CVE-2022/CVE-2022-376xx/CVE-2022-37660.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association."
},
{
"lang": "es",
"value": "En hostapd 2.10 y versiones anteriores, el c\u00f3digo PKEX permanece activo incluso despu\u00e9s de una asociaci\u00f3n PKEX exitosa. Un atacante que haya iniciado con \u00e9xito claves p\u00fablicas con otra entidad que usa PKEX en el pasado, podr\u00e1 subvertir una futura iniciaci\u00f3n observando pasivamente las claves p\u00fablicas, reutilizando el elemento de cifrado Qi y rest\u00e1ndolo del mensaje capturado M (X = M - Qi). Esto dar\u00e1 como resultado la clave p\u00fablica ef\u00edmera X; el \u00fanico elemento necesario para subvertir la asociaci\u00f3n PKEX."
}
],
"metrics": {

2
CVE-2022/CVE-2022-404xx/CVE-2022-40490.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-06T17:15:13.640",
"lastModified": "2025-02-06T21:15:17.307",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-409xx/CVE-2022-40916.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-06T17:15:13.757",
"lastModified": "2025-02-07T19:15:22.770",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2023/CVE-2023-205xx/CVE-2023-20507.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T21:15:10.620",
"lastModified": "2025-02-11T21:15:10.620",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en la ASP podr\u00eda permitir que un atacante privilegiado realice una escritura fuera de los l\u00edmites, lo que podr\u00eda resultar en la p\u00e9rdida de integridad de los datos."
}
],
"metrics": {

6
CVE-2023/CVE-2023-205xx/CVE-2023-20508.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-12T00:15:07.850",
"lastModified": "2025-02-12T00:15:07.850",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en el ASP podr\u00eda permitir que un atacante privilegiado realice una escritura fuera de los l\u00edmites en una ubicaci\u00f3n de memoria no controlada por el atacante, lo que podr\u00eda provocar una p\u00e9rdida de confidencialidad, integridad o disponibilidad."
}
],
"metrics": {

6
CVE-2023/CVE-2023-205xx/CVE-2023-20515.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T22:15:26.087",
"lastModified": "2025-02-11T22:15:26.087",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en el controlador fTPM en el sistema operativo confiable podr\u00eda permitir que un atacante privilegiado corrompa la memoria del sistema, lo que podr\u00eda provocar una p\u00e9rdida de integridad, confidencialidad o disponibilidad."
}
],
"metrics": {

6
CVE-2023/CVE-2023-205xx/CVE-2023-20581.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T22:15:26.223",
"lastModified": "2025-02-11T22:15:26.223",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en IOMMU puede permitir que un atacante privilegiado evite las comprobaciones de RMP, lo que podr\u00eda provocar una p\u00e9rdida de integridad de la memoria del invitado."
}
],
"metrics": {

6
CVE-2023/CVE-2023-205xx/CVE-2023-20582.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T22:15:26.347",
"lastModified": "2025-02-11T22:15:26.347",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity."
},
{
"lang": "es",
"value": "La gesti\u00f3n inadecuada de entradas de tablas de p\u00e1ginas anidadas no v\u00e1lidas en IOMMU puede permitir que un atacante privilegiado induzca fallas en las entradas de tablas de p\u00e1ginas (PTE) para eludir las verificaciones de RMP en SEV-SNP, lo que podr\u00eda llevar a una p\u00e9rdida de integridad de la memoria del invitado."
}
],
"metrics": {

2
CVE-2023/CVE-2023-223xx/CVE-2023-22311.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@intel.com",
"published": "2024-02-14T14:15:38.517",
"lastModified": "2024-11-21T07:44:30.300",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-247xx/CVE-2023-24798.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload."
},
{
"lang": "es",
"value": "Se ha descubierto que D-Link DIR878 DIR_878_FW120B05 contiene un desbordamiento de pila en la funci\u00f3n sub_475FB0. Esta vulnerabilidad permite a los atacantes ocasionar una denegaci\u00f3n de servicio (DoS) o ejecutar c\u00f3digo arbitrario mediante unos par\u00e1metros manipulados."
}
],
"metrics": {

2
CVE-2023/CVE-2023-249xx/CVE-2023-24932.json
View File

@ -15,7 +15,7 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",

4
CVE-2023/CVE-2023-270xx/CVE-2023-27033.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent()."
},
{
"lang": "es",
"value": "Se ha descubierto que Prestashop cdesigner v3.1.3 a v3.1.8 contiene una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en el componente CdesignerSaverotateModuleFrontController::initContent()."
}
],
"metrics": {

2
CVE-2023/CVE-2023-274xx/CVE-2023-27459.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T20:15:08.737",
"lastModified": "2024-11-21T07:52:57.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-275xx/CVE-2023-27524.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@apache.org",
"published": "2023-04-24T16:15:07.843",
"lastModified": "2024-11-21T07:53:05.773",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-276xx/CVE-2023-27630.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T20:15:08.953",
"lastModified": "2024-11-21T07:53:17.977",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-286xx/CVE-2023-28687.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:50.477",
"lastModified": "2024-11-21T07:55:48.500",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-287xx/CVE-2023-28787.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:50.693",
"lastModified": "2024-11-21T07:56:00.780",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-291xx/CVE-2023-29164.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper access control in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R) Server Board D50TNP before version R01.01.0009 may allow an authenticated user to enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en el firmware de BMC para Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, anterior a la versi\u00f3n 02.01.0017 e Intel(R) Server Board M50CYP e Intel(R) Server Board D50TNP anterior a la versi\u00f3n R01.01.0009 puede permitir que un usuario autenticado habilite la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-312xx/CVE-2023-31276.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R) Server Board D50TNP before version R01.01.0009 may allow a privileged user to enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer basado en mont\u00f3n en el firmware BMC para Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, anterior a la versi\u00f3n 02.01.0017 e Intel(R) Server Board M50CYP e Intel(R) Server Board D50TNP anterior a la versi\u00f3n R01.01.0009 puede permitir que un usuario privilegiado habilite la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

6
CVE-2023/CVE-2023-313xx/CVE-2023-31331.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T22:15:26.643",
"lastModified": "2025-02-11T22:15:26.643",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en el firmware DRTM podr\u00eda permitir que un atacante privilegiado realice m\u00faltiples inicializaciones de controladores, lo que genera una corrupci\u00f3n de la memoria de la pila que potencialmente podr\u00eda conducir a la p\u00e9rdida de integridad o disponibilidad."
}
],
"metrics": {

6
CVE-2023/CVE-2023-313xx/CVE-2023-31342.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T23:15:08.277",
"lastModified": "2025-02-11T23:15:08.277",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en el controlador SMM puede permitir que un atacante privilegiado sobrescriba SMRAM, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

6
CVE-2023/CVE-2023-313xx/CVE-2023-31343.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T23:15:08.407",
"lastModified": "2025-02-11T23:15:08.407",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en el controlador SMM puede permitir que un atacante privilegiado sobrescriba SMRAM, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

6
CVE-2023/CVE-2023-313xx/CVE-2023-31345.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-12T00:15:08.003",
"lastModified": "2025-02-12T00:15:08.003",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en el controlador SMM puede permitir que un atacante privilegiado sobrescriba SMRAM, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

6
CVE-2023/CVE-2023-313xx/CVE-2023-31352.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T23:15:08.537",
"lastModified": "2025-02-12T00:15:08.140",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data."
},
{
"lang": "es",
"value": "Un error en el firmware SEV puede permitir que un atacante con privilegios lea memoria no cifrada, lo que podr\u00eda resultar en la p\u00e9rdida de datos privados del hu\u00e9sped."
}
],
"metrics": {

6
CVE-2023/CVE-2023-313xx/CVE-2023-31360.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T20:15:32.950",
"lastModified": "2025-02-11T20:15:32.950",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
},
{
"lang": "es",
"value": "Los permisos predeterminados incorrectos en la instalaci\u00f3n de AMD Integrated Management Technology (AIM-T) Manageability Service podr\u00edan permitir que un atacante logre una escalada de privilegios, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

6
CVE-2023/CVE-2023-313xx/CVE-2023-31361.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T20:15:33.120",
"lastModified": "2025-02-11T21:15:12.160",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
},
{
"lang": "es",
"value": "Una vulnerabilidad de secuestro de DLL en AMD Integrated Management Technology (AIM-T) Manageability Service podr\u00eda permitir que un atacante logre una escalada de privilegios que potencialmente resulte en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

4
CVE-2023/CVE-2023-322xx/CVE-2023-32277.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Untrusted Pointer Dereference in I/O subsystem for some Intel(R) QAT software before version 2.0.5 may allow authenticated user to potentially enable information disclosure via local operating system access."
},
{
"lang": "es",
"value": "La desreferencia de puntero no confiable en el subsistema de E/S para alg\u00fan software Intel(R) QAT anterior a la versi\u00f3n 2.0.5 puede permitir que un usuario autenticado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso al sistema operativo local sistema."
}
],
"metrics": {

4
CVE-2023/CVE-2023-344xx/CVE-2023-34440.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

6
CVE-2023/CVE-2023-374xx/CVE-2023-37482.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "productcert@siemens.com",
"published": "2025-02-11T11:15:11.427",
"lastModified": "2025-02-11T11:15:11.427",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames."
},
{
"lang": "es",
"value": "La funcionalidad de inicio de sesi\u00f3n del servidor web en los dispositivos afectados no normaliza los tiempos de respuesta de los intentos de inicio de sesi\u00f3n. Un atacante remoto no autenticado podr\u00eda aprovechar esta informaci\u00f3n del canal secundario para distinguir entre nombres de usuario v\u00e1lidos e inv\u00e1lidos."
}
],
"metrics": {

2
CVE-2023/CVE-2023-399xx/CVE-2023-39943.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-02-04T23:15:08.237",
"lastModified": "2025-02-04T23:15:08.237",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-402xx/CVE-2023-40222.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-02-04T23:15:08.413",
"lastModified": "2025-02-04T23:15:08.413",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2023/CVE-2023-407xx/CVE-2023-40721.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-02-11T17:15:21.403",
"lastModified": "2025-02-11T17:15:21.403",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2.0 through 7.2.2 and before 7.0.2 allows a privileged attacker to execute arbitrary code or commands via specially crafted requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de uso de cadena de formato controlada externamente [CWE-134] en Fortinet FortiOS versi\u00f3n 7.4.0 a 7.4.1 y anteriores a 7.2.6, FortiProxy versi\u00f3n 7.4.0 y anteriores a 7.2.7, FortiPAM versi\u00f3n 1.1.2 y anteriores a 1.0.3, FortiSwitchManager versi\u00f3n 7.2.0 a 7.2.2 y anteriores a 7.0.2 permite a un atacante privilegiado ejecutar c\u00f3digo o comandos arbitrarios a trav\u00e9s de solicitudes especialmente manipuladas."
}
],
"metrics": {

4
CVE-2023/CVE-2023-437xx/CVE-2023-43758.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-483xx/CVE-2023-48366.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Condici\u00f3n de ejecuci\u00f3n en algunos Intel(R) System Security Report and System Resources Defense puede permitir que un usuario privilegiado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-496xx/CVE-2023-49603.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Condici\u00f3n de ejecuci\u00f3n en algunos firmware Intel(R) System Security Report and System Resources Defense puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-496xx/CVE-2023-49615.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en algunos Intel(R) System Security Report and System Resources Defense puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-496xx/CVE-2023-49618.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Restricciones de b\u00fafer inadecuadas en algunos fIntel(R) System Security Report and System Resources Defense pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

6
CVE-2023/CVE-2023-497xx/CVE-2023-49780.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-02-12T08:15:08.013",
"lastModified": "2025-02-12T15:15:12.077",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Scripting en la versi\u00f3n 4.0.5 y anteriores de CGI de acmailer. Se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 a la p\u00e1gina de administraci\u00f3n del producto afectado."
}
],
"metrics": {

2
CVE-2023/CVE-2023-514xx/CVE-2023-51486.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-16T02:15:07.623",
"lastModified": "2024-11-21T08:38:13.473",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-514xx/CVE-2023-51487.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-16T02:15:07.817",
"lastModified": "2024-11-21T08:38:13.590",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-529xx/CVE-2023-52924.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-05T10:15:21.073",
"lastModified": "2025-02-05T10:15:21.073",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-529xx/CVE-2023-52925.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-05T10:15:21.963",
"lastModified": "2025-02-06T16:15:37.110",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-56xx/CVE-2023-5663.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:08.110",
"lastModified": "2024-11-21T08:42:13.587",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-58xx/CVE-2023-5878.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@honeywell.com",
"published": "2025-02-06T15:15:12.440",
"lastModified": "2025-02-06T15:15:12.440",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-60xx/CVE-2023-6091.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T20:15:09.167",
"lastModified": "2024-11-21T08:43:07.070",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-63xx/CVE-2023-6386.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-02-05T10:15:22.093",
"lastModified": "2025-02-05T10:15:22.093",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2024/CVE-2024-01xx/CVE-2024-0112.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2025-02-12T00:15:08.263",
"lastModified": "2025-02-12T00:15:08.263",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Jetson AGX Orin\u2122 and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. A successful exploit of this vulnerability might lead to code execution, denial of service, data corruption, information disclosure, or escalation of privilege."
},
{
"lang": "es",
"value": "El software NVIDIA Jetson AGX Orin\u2122 y NVIDIA IGX Orin contiene una vulnerabilidad que permite a un atacante provocar un problema de validaci\u00f3n de entrada incorrecto al aumentar ciertos permisos hasta cierto punto. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la denegaci\u00f3n de servicio, la corrupci\u00f3n de datos, la divulgaci\u00f3n de informaci\u00f3n o la ampliaci\u00f3n de privilegios."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0142.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2025-02-12T00:15:08.423",
"lastModified": "2025-02-12T01:15:08.230",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering."
},
{
"lang": "es",
"value": "NVIDIA nvJPEG2000 librer\u00eda contiene una vulnerabilidad en la que un atacante puede provocar un problema de escritura fuera de los l\u00edmites mediante un archivo JPEG2000 manipulado especial. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo y la manipulaci\u00f3n de datos."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0143.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2025-02-12T01:15:08.347",
"lastModified": "2025-02-12T02:15:09.253",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering."
},
{
"lang": "es",
"value": "NVIDIA nvJPEG2000 librer\u00eda contiene una vulnerabilidad en la que un atacante puede provocar un problema de escritura fuera de los l\u00edmites mediante un archivo JPEG2000 manipulado especial. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo y la manipulaci\u00f3n de datos."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0144.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2025-02-12T01:15:08.483",
"lastModified": "2025-02-12T18:15:20.557",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to data tampering."
},
{
"lang": "es",
"value": "NVIDIA nvJPEG2000 librer\u00eda contiene una vulnerabilidad que permite a un atacante provocar un problema de desbordamiento de b\u00fafer mediante un archivo JPEG2000 manipulado especialmente manipulado. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la manipulaci\u00f3n de datos."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0145.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2025-02-12T01:15:08.630",
"lastModified": "2025-02-12T18:15:20.700",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering."
},
{
"lang": "es",
"value": "NVIDIA nvJPEG2000 librer\u00eda contiene una vulnerabilidad en la que un atacante puede provocar un problema de desbordamiento de b\u00fafer basado en el mont\u00f3n mediante un archivo JPEG2000 manipulado especialmente manipulado. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo y la manipulaci\u00f3n de datos."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0179.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@amd.com",
"published": "2025-02-11T21:15:12.280",
"lastModified": "2025-02-11T21:15:12.280",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution."
},
{
"lang": "es",
"value": "La vulnerabilidad de llamada SMM dentro del controlador AmdCpmDisplayFeatureSMM podr\u00eda permitir que atacantes autenticados localmente sobrescriban SMRAM, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

2
CVE-2024/CVE-2024-06xx/CVE-2024-0683.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:12.973",
"lastModified": "2024-11-21T08:47:08.597",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2024/CVE-2024-100xx/CVE-2024-10083.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "cybersecurity@se.com",
"published": "2025-02-13T06:15:19.210",
"lastModified": "2025-02-13T06:15:19.210",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering\nworkstation when specific driver interface is invoked locally by an authenticated user with crafted input."
},
{
"lang": "es",
"value": "CWE-20: Existe una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda causar la denegaci\u00f3n de servicio de una estaci\u00f3n de trabajo de ingenier\u00eda cuando un usuario autenticado invoca localmente una interfaz de controlador espec\u00edfica con una entrada manipulado."
}
],
"metrics": {

6
CVE-2024/CVE-2024-103xx/CVE-2024-10322.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-12T13:15:07.997",
"lastModified": "2025-02-12T13:15:07.997",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
},
{
"lang": "es",
"value": "El complemento Brizy \u2013 Page Builder para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de las cargas de archivos SVG de la API REST en todas las versiones hasta 2.6.8 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida insuficientes. Esto hace posible que los atacantes autenticados, con acceso de nivel de autor y superior, inyecten scripts web arbitraria en las p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG."
}
],
"metrics": {

6
CVE-2024/CVE-2024-103xx/CVE-2024-10334.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2025-02-10T15:15:12.010",
"lastModified": "2025-02-10T15:15:12.010",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.\u00a0\n\nAn attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.\nThis issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en el producto VideONet incluido en las versiones System 800xA mencionadas, donde se utiliza VideONet. Un atacante que aproveche con \u00e9xito la vulnerabilidad podr\u00eda, en el peor de los casos, detener o manipular la transmisi\u00f3n de video. Este problema afecta a System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X."
}
],
"metrics": {

6
CVE-2024/CVE-2024-103xx/CVE-2024-10383.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-02-07T15:15:16.703",
"lastModified": "2025-02-07T15:15:16.703",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE"
},
{
"lang": "es",
"value": "Se ha descubierto un problema en el componente gitlab-web-ide-vscode-fork distribuido a trav\u00e9s de CDN que afecta a todas las versiones anteriores a 1.89.1-1.0.0-dev-20241118094343 y utilizado por todas las versiones de GitLab CE/EE a partir de 15.11 antes de 17.3 y que tambi\u00e9n afect\u00f3 temporalmente a las versiones 17.4, 17.5 y 17.6, donde era posible un ataque XSS al cargar archivos .ipynb en el IDE web."
}
],
"metrics": {

6
CVE-2024/CVE-2024-106xx/CVE-2024-10644.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2025-02-11T16:15:38.360",
"lastModified": "2025-02-11T16:15:38.360",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution."
},
{
"lang": "es",
"value": "La inyecci\u00f3n de c\u00f3digo en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.4 y en Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.3 permite que un atacante remoto autenticado con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

6
CVE-2024/CVE-2024-106xx/CVE-2024-10649.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@huntr.dev",
"published": "2025-02-10T19:15:37.117",
"lastModified": "2025-02-11T00:15:27.680",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. The affected endpoints are '/v1/share/{id:str}' for uploading and '/v1/share/{id:str}' for downloading JSON files. The lack of authentication allows any user to upload and overwrite files, potentially causing the S3 bucket to run out of space, injecting malicious scripts, and accessing sensitive information."
},
{
"lang": "es",
"value": "El ultimo commit c945bb859979659add5f490a874140ad17c56a5d de wandb/openui contiene una vulnerabilidad en la que los endpoints no autenticados permiten la carga y descarga de archivos desde un dep\u00f3sito S3 de AWS. Esto puede provocar m\u00faltiples problemas de seguridad, como denegaci\u00f3n de servicio, XSS almacenado y divulgaci\u00f3n de informaci\u00f3n. Los endpoints afectados son '/v1/share/{id:str}' para la carga y '/v1/share/{id:str}' para la descarga de archivos JSON. La falta de autenticaci\u00f3n permite que cualquier usuario cargue y sobrescriba archivos, lo que puede provocar que el dep\u00f3sito S3 se quede sin espacio, inyecte scripts maliciosos y acceda a informaci\u00f3n confidencial."
}
],
"metrics": {

6
CVE-2024/CVE-2024-107xx/CVE-2024-10763.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-13T05:15:12.943",
"lastModified": "2025-02-13T05:15:12.943",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included."
},
{
"lang": "es",
"value": "El tema Campress para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 1.35 incluida, a trav\u00e9s de la funci\u00f3n 'campress_woocommerce_get_ajax_products'. Esto permite que atacantes no autenticados incluyan y ejecuten archivos arbitrarios en el servidor, lo que permite la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en casos en los que se pueda cargar e incluir un tipo de archivo php."
}
],
"metrics": {

6
CVE-2024/CVE-2024-109xx/CVE-2024-10960.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-12T12:15:28.027",
"lastModified": "2025-02-12T12:15:28.027",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."
},
{
"lang": "es",
"value": "El complemento Brizy \u2013 Page Builder para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'storeUploads' en todas las versiones hasta la 2.6.4 y incluida. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

2
CVE-2024/CVE-2024-109xx/CVE-2024-10977.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"published": "2024-11-14T13:15:04.023",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-109xx/CVE-2024-10978.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"published": "2024-11-14T13:15:04.217",
"lastModified": "2024-11-21T22:15:07.033",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2024/CVE-2024-113xx/CVE-2024-11343.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@progress.com",
"published": "2025-02-12T16:15:39.100",
"lastModified": "2025-02-12T16:15:39.100",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Progress\u00ae Telerik\u00ae Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access."
},
{
"lang": "es",
"value": "En Progress\u00ae Telerik\u00ae Document Processing Libraries, versiones anteriores a 2025 Q1 (2025.1.205), descomprimir un archivo puede generar un acceso arbitrario al archivo sistema."
}
],
"metrics": {

4
CVE-2024/CVE-2024-113xx/CVE-2024-11344.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de confusi\u00f3n de tipos en el int\u00e9rprete Postscript de varios dispositivos Lexmark. Un atacante puede aprovechar la vulnerabilidad para ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {

4
CVE-2024/CVE-2024-113xx/CVE-2024-11345.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de memoria basada en el mont\u00f3n en el int\u00e9rprete Postscript de varios dispositivos Lexmark. Un atacante puede aprovechar la vulnerabilidad para ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {

4
CVE-2024/CVE-2024-113xx/CVE-2024-11346.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": ": Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001 through *.*.P759, from *.*.P001 through *.*.P836."
},
{
"lang": "es",
"value": ": La vulnerabilidad de acceso a recursos mediante un tipo incompatible ('Confusi\u00f3n de tipos') en Lexmark International CX, XC, CS, et. Al. (m\u00f3dulos de int\u00e9rprete Postscript) permite la inyecci\u00f3n de recursos. Este problema afecta a CX, XC, CS, et. Al.: desde 001.001:0 hasta 081.231, desde *.*.P001 hasta *.*.P233, desde *.*.P001 hasta *.*.P759, desde *.*.P001 hasta *.*.P836."
}
],
"metrics": {

4
CVE-2024/CVE-2024-113xx/CVE-2024-11347.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de enteros o envolvente en Lexmark International CX, XC, CS, et. Al. (m\u00f3dulos de interpretaci\u00f3n Postscript) permite un desbordamiento de enteros forzado. Un atacante puede aprovechar la vulnerabilidad para ejecutar c\u00f3digo arbitrario como un usuario sin privilegios."
}
],
"metrics": {

2
CVE-2024/CVE-2024-114xx/CVE-2024-11467.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"published": "2025-02-04T23:15:08.580",
"lastModified": "2025-02-05T15:15:20.253",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-114xx/CVE-2024-11468.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"published": "2025-02-04T23:15:08.717",
"lastModified": "2025-02-05T16:15:40.103",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2024/CVE-2024-116xx/CVE-2024-11621.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@devolutions.net",
"published": "2025-02-10T14:15:29.490",
"lastModified": "2025-02-10T16:15:36.937",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.\n\nVersions affected are :\nRemote Desktop Manager macOS 2024.3.9.0 and earlier\nRemote Desktop Manager Linux 2024.3.2.5 and earlier\nRemote Desktop Manager Android 2024.3.3.7 and earlier\nRemote Desktop Manager iOS 2024.3.3.0 and earlier\n\nRemote Desktop Manager Powershell 2024.3.6.0 and earlier"
},
{
"lang": "es",
"value": "La falta de validaci\u00f3n de certificados en Devolutions Remote Desktop Manager en macOS, iOS, Android y Linux permite que un atacante intercepte y modifique las comunicaciones cifradas mediante un ataque de intermediario. Las versiones afectadas son: Remote Desktop Manager macOS 2024.3.9.0 y anteriores Remote Desktop Manager Linux 2024.3.2.5 y anteriores Remote Desktop Manager Android 2024.3.3.7 y anteriores Remote Desktop Manager iOS 2024.3.3.0 y anteriores Remote Desktop Manager Powershell 2024.3.6.0 y anteriores"
}
],
"metrics": {

6
CVE-2024/CVE-2024-116xx/CVE-2024-11628.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@progress.com",
"published": "2025-02-12T17:15:22.067",
"lastModified": "2025-02-12T17:15:22.067",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Progress\u00ae Telerik\u00ae Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection."
},
{
"lang": "es",
"value": "En Progress\u00ae Telerik\u00ae Kendo UI para Vue versiones v2.4.0 a v6.0.1, un atacante puede introducir o modificar propiedades dentro de la cadena de prototipos global, lo que puede resultar en una denegaci\u00f3n de servicio o inyecci\u00f3n de comandos."
}
],
"metrics": {

6
CVE-2024/CVE-2024-116xx/CVE-2024-11629.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@progress.com",
"published": "2025-02-12T17:15:22.200",
"lastModified": "2025-02-12T17:15:22.200",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Progress\u00ae Telerik\u00ae Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF."
},
{
"lang": "es",
"value": "En Progress\u00ae Telerik\u00ae Document Processing Libraries, versiones anteriores a 2025 Q1 (2025.1.205), que utilizan .NET Standard 2.0, el contenido de un archivo en una ruta arbitraria se puede exportar a RTF."
}
],
"metrics": {

6
CVE-2024/CVE-2024-117xx/CVE-2024-11746.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-12T05:15:11.307",
"lastModified": "2025-02-12T05:15:11.307",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Discover the Best Woocommerce Product Brands Plugin for WordPress \u2013 Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Discover the Best Woocommerce Product Brands Plugin for WordPress \u2013 Woocommerce Brands Plugin para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'product_brand' del complemento en todas las versiones hasta 1.3.2 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en las p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

6
CVE-2024/CVE-2024-117xx/CVE-2024-11771.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2025-02-11T16:15:38.520",
"lastModified": "2025-02-11T16:15:38.520",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality."
},
{
"lang": "es",
"value": "Path traversal en Ivanti CSA anterior a la versi\u00f3n 5.0.5 permite que un atacante remoto no autenticado acceda a funcionalidad restringida."
}
],
"metrics": {

2
CVE-2024/CVE-2024-117xx/CVE-2024-11780.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-01T04:15:29.523",
"lastModified": "2025-02-01T04:15:29.523",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2024/CVE-2024-120xx/CVE-2024-12011.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2025-02-13T16:15:43.750",
"lastModified": "2025-02-13T16:15:43.750",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-126 de \u201csobrelectura de b\u00fafer\u201d que afectaba a la puerta de enlace TCP/IP 130.8005 con la versi\u00f3n de firmware 12h. La divulgaci\u00f3n de informaci\u00f3n se puede desencadenar aprovechando una fuga de memoria que afecta al servidor web. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para filtrar tokens de autenticaci\u00f3n v\u00e1lidos de la memoria de proceso asociada a los usuarios que est\u00e1n conectados actualmente al sistema y eludir el mecanismo de autenticaci\u00f3n."
}
],
"metrics": {

6
CVE-2024/CVE-2024-120xx/CVE-2024-12012.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2025-02-13T16:15:43.913",
"lastModified": "2025-02-13T16:15:43.913",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-598 \u201cUse of GET Request Method with Sensitive Query Strings\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage scenarios. An attacker capable of accessing such values (e.g., victim browser, network traffic inspection) can exploit this vulnerability to leak both the password hash as well as session tokens and bypass the authentication mechanism using a pass-the-hash attack."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-598 \u201cUso del m\u00e9todo de solicitud GET con cadenas de consulta confidenciales\u201d que afectaba a la puerta de enlace TCP/IP 130.8005 con la versi\u00f3n de firmware 12h. Tanto el hash SHA-1 de la contrase\u00f1a como los tokens de sesi\u00f3n se incluyen como parte de la URL y, por lo tanto, est\u00e1n expuestos a escenarios de fuga de informaci\u00f3n. Un atacante capaz de acceder a dichos valores (por ejemplo, el navegador de la v\u00edctima, inspecci\u00f3n del tr\u00e1fico de red) puede aprovechar esta vulnerabilidad para filtrar tanto el hash de la contrase\u00f1a como los tokens de sesi\u00f3n y eludir el mecanismo de autenticaci\u00f3n mediante un ataque de paso del hash."
}
],
"metrics": {

6
CVE-2024/CVE-2024-120xx/CVE-2024-12013.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2025-02-13T16:15:44.050",
"lastModified": "2025-02-13T16:15:44.050",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un error CWE-1392 \u201cUso de credenciales predeterminadas\u201d que afectaba al gateway TCP/IP 130.8005 con la versi\u00f3n de firmware 12h. El dispositivo expone un servidor FTP con credenciales de administrador predeterminadas y f\u00e1ciles de adivinar. Un atacante remoto capaz de interactuar con el servidor FTP podr\u00eda obtener acceso y realizar cambios en los recursos expuestos por el servicio, como los archivos de configuraci\u00f3n donde se guardan los hashes de contrase\u00f1as o donde se almacenan las configuraciones de red."
}
],
"metrics": {

2
CVE-2024/CVE-2024-120xx/CVE-2024-12041.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-01T06:15:29.527",
"lastModified": "2025-02-01T06:15:29.527",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2024/CVE-2024-120xx/CVE-2024-12058.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2025-02-11T16:15:38.663",
"lastModified": "2025-02-11T16:15:38.663",
"vulnStatus": "Received",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files."
},
{
"lang": "es",
"value": "El control externo de un nombre de archivo en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.6 e Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.3 permite que un atacante remoto autenticado con privilegios de administrador lea archivos arbitrarios."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More