From 097fa0b89abced648bff2553f07bc8eacb2225e9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 11 Jan 2024 15:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-11T15:00:25.194916+00:00 --- CVE-2022/CVE-2022-329xx/CVE-2022-32919.json | 8 ++- CVE-2022/CVE-2022-329xx/CVE-2022-32931.json | 8 ++- CVE-2022/CVE-2022-403xx/CVE-2022-40361.json | 8 ++- CVE-2022/CVE-2022-428xx/CVE-2022-42816.json | 8 ++- CVE-2022/CVE-2022-428xx/CVE-2022-42839.json | 8 ++- CVE-2022/CVE-2022-457xx/CVE-2022-45793.json | 8 ++- CVE-2022/CVE-2022-457xx/CVE-2022-45794.json | 8 ++- CVE-2022/CVE-2022-467xx/CVE-2022-46710.json | 8 ++- CVE-2022/CVE-2022-467xx/CVE-2022-46721.json | 8 ++- CVE-2022/CVE-2022-479xx/CVE-2022-47915.json | 8 ++- CVE-2022/CVE-2022-479xx/CVE-2022-47965.json | 8 ++- CVE-2022/CVE-2022-485xx/CVE-2022-48504.json | 8 ++- CVE-2022/CVE-2022-485xx/CVE-2022-48577.json | 8 ++- CVE-2022/CVE-2022-49xx/CVE-2022-4958.json | 4 +- CVE-2023/CVE-2023-205xx/CVE-2023-20573.json | 20 +++++++ CVE-2023/CVE-2023-235xx/CVE-2023-23588.json | 6 +- CVE-2023/CVE-2023-281xx/CVE-2023-28185.json | 8 ++- CVE-2023/CVE-2023-281xx/CVE-2023-28197.json | 8 ++- CVE-2023/CVE-2023-294xx/CVE-2023-29444.json | 8 ++- CVE-2023/CVE-2023-294xx/CVE-2023-29445.json | 8 ++- CVE-2023/CVE-2023-294xx/CVE-2023-29446.json | 8 ++- CVE-2023/CVE-2023-294xx/CVE-2023-29447.json | 8 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31001.json | 8 ++- CVE-2023/CVE-2023-310xx/CVE-2023-31003.json | 8 ++- CVE-2023/CVE-2023-314xx/CVE-2023-31488.json | 8 ++- CVE-2023/CVE-2023-323xx/CVE-2023-32366.json | 8 ++- CVE-2023/CVE-2023-323xx/CVE-2023-32378.json | 8 ++- CVE-2023/CVE-2023-323xx/CVE-2023-32383.json | 8 ++- CVE-2023/CVE-2023-324xx/CVE-2023-32401.json | 8 ++- CVE-2023/CVE-2023-324xx/CVE-2023-32424.json | 8 ++- CVE-2023/CVE-2023-324xx/CVE-2023-32436.json | 8 ++- CVE-2023/CVE-2023-376xx/CVE-2023-37644.json | 8 ++- CVE-2023/CVE-2023-379xx/CVE-2023-37932.json | 8 ++- CVE-2023/CVE-2023-379xx/CVE-2023-37934.json | 8 ++- CVE-2023/CVE-2023-37xx/CVE-2023-3726.json | 58 ++++++++++++++++-- CVE-2023/CVE-2023-382xx/CVE-2023-38267.json | 8 ++- CVE-2023/CVE-2023-386xx/CVE-2023-38607.json | 8 ++- CVE-2023/CVE-2023-386xx/CVE-2023-38610.json | 8 ++- CVE-2023/CVE-2023-386xx/CVE-2023-38612.json | 8 ++- CVE-2023/CVE-2023-398xx/CVE-2023-39853.json | 64 ++++++++++++++++++-- CVE-2023/CVE-2023-403xx/CVE-2023-40383.json | 8 ++- CVE-2023/CVE-2023-403xx/CVE-2023-40385.json | 8 ++- CVE-2023/CVE-2023-403xx/CVE-2023-40393.json | 8 ++- CVE-2023/CVE-2023-403xx/CVE-2023-40394.json | 8 ++- CVE-2023/CVE-2023-404xx/CVE-2023-40411.json | 8 ++- CVE-2023/CVE-2023-404xx/CVE-2023-40414.json | 8 ++- CVE-2023/CVE-2023-404xx/CVE-2023-40430.json | 8 ++- CVE-2023/CVE-2023-404xx/CVE-2023-40433.json | 8 ++- CVE-2023/CVE-2023-404xx/CVE-2023-40437.json | 8 ++- CVE-2023/CVE-2023-404xx/CVE-2023-40438.json | 8 ++- CVE-2023/CVE-2023-404xx/CVE-2023-40439.json | 8 ++- CVE-2023/CVE-2023-405xx/CVE-2023-40529.json | 8 ++- CVE-2023/CVE-2023-410xx/CVE-2023-41060.json | 8 ++- CVE-2023/CVE-2023-410xx/CVE-2023-41069.json | 8 ++- CVE-2023/CVE-2023-410xx/CVE-2023-41075.json | 8 ++- CVE-2023/CVE-2023-419xx/CVE-2023-41974.json | 8 ++- CVE-2023/CVE-2023-419xx/CVE-2023-41987.json | 8 ++- CVE-2023/CVE-2023-419xx/CVE-2023-41994.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42826.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42828.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42829.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42830.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42831.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42832.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42833.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42862.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42865.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42866.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42869.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42870.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42871.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42872.json | 8 ++- CVE-2023/CVE-2023-428xx/CVE-2023-42876.json | 8 ++- CVE-2023/CVE-2023-429xx/CVE-2023-42929.json | 8 ++- CVE-2023/CVE-2023-429xx/CVE-2023-42933.json | 8 ++- CVE-2023/CVE-2023-429xx/CVE-2023-42934.json | 8 ++- CVE-2023/CVE-2023-429xx/CVE-2023-42941.json | 4 +- CVE-2023/CVE-2023-42xx/CVE-2023-4246.json | 8 ++- CVE-2023/CVE-2023-42xx/CVE-2023-4247.json | 8 ++- CVE-2023/CVE-2023-42xx/CVE-2023-4248.json | 8 ++- CVE-2023/CVE-2023-43xx/CVE-2023-4372.json | 8 ++- CVE-2023/CVE-2023-442xx/CVE-2023-44250.json | 8 ++- CVE-2023/CVE-2023-451xx/CVE-2023-45169.json | 8 ++- CVE-2023/CVE-2023-451xx/CVE-2023-45171.json | 8 ++- CVE-2023/CVE-2023-451xx/CVE-2023-45173.json | 8 ++- CVE-2023/CVE-2023-451xx/CVE-2023-45175.json | 8 ++- CVE-2023/CVE-2023-467xx/CVE-2023-46712.json | 8 ++- CVE-2023/CVE-2023-475xx/CVE-2023-47559.json | 50 +++++++++++++++- CVE-2023/CVE-2023-475xx/CVE-2023-47560.json | 50 +++++++++++++++- CVE-2023/CVE-2023-487xx/CVE-2023-48783.json | 8 ++- CVE-2023/CVE-2023-492xx/CVE-2023-49295.json | 8 ++- CVE-2023/CVE-2023-49xx/CVE-2023-4960.json | 8 ++- CVE-2023/CVE-2023-49xx/CVE-2023-4962.json | 8 ++- CVE-2023/CVE-2023-500xx/CVE-2023-50027.json | 66 +++++++++++++++++++-- CVE-2023/CVE-2023-501xx/CVE-2023-50159.json | 24 ++++++++ CVE-2023/CVE-2023-506xx/CVE-2023-50609.json | 63 ++++++++++++++++++-- CVE-2023/CVE-2023-509xx/CVE-2023-50916.json | 8 ++- CVE-2023/CVE-2023-510xx/CVE-2023-51073.json | 8 ++- CVE-2023/CVE-2023-511xx/CVE-2023-51123.json | 8 ++- CVE-2023/CVE-2023-511xx/CVE-2023-51126.json | 8 ++- CVE-2023/CVE-2023-511xx/CVE-2023-51127.json | 8 ++- CVE-2023/CVE-2023-515xx/CVE-2023-51502.json | 47 ++++++++++++++- CVE-2023/CVE-2023-517xx/CVE-2023-51748.json | 24 ++++++++ CVE-2023/CVE-2023-517xx/CVE-2023-51749.json | 24 ++++++++ CVE-2023/CVE-2023-517xx/CVE-2023-51750.json | 24 ++++++++ CVE-2023/CVE-2023-517xx/CVE-2023-51751.json | 24 ++++++++ CVE-2023/CVE-2023-520xx/CVE-2023-52027.json | 8 ++- CVE-2023/CVE-2023-520xx/CVE-2023-52028.json | 8 ++- CVE-2023/CVE-2023-520xx/CVE-2023-52029.json | 8 ++- CVE-2023/CVE-2023-520xx/CVE-2023-52030.json | 8 ++- CVE-2023/CVE-2023-520xx/CVE-2023-52031.json | 8 ++- CVE-2023/CVE-2023-520xx/CVE-2023-52032.json | 8 ++- CVE-2023/CVE-2023-520xx/CVE-2023-52064.json | 8 ++- CVE-2023/CVE-2023-521xx/CVE-2023-52123.json | 47 ++++++++++++++- CVE-2023/CVE-2023-521xx/CVE-2023-52128.json | 47 ++++++++++++++- CVE-2023/CVE-2023-521xx/CVE-2023-52178.json | 47 ++++++++++++++- CVE-2023/CVE-2023-521xx/CVE-2023-52184.json | 47 ++++++++++++++- CVE-2023/CVE-2023-522xx/CVE-2023-52274.json | 8 ++- CVE-2023/CVE-2023-54xx/CVE-2023-5448.json | 8 ++- CVE-2023/CVE-2023-55xx/CVE-2023-5504.json | 8 ++- CVE-2023/CVE-2023-56xx/CVE-2023-5691.json | 8 ++- CVE-2023/CVE-2023-62xx/CVE-2023-6220.json | 8 ++- CVE-2023/CVE-2023-62xx/CVE-2023-6223.json | 8 ++- CVE-2023/CVE-2023-62xx/CVE-2023-6266.json | 8 ++- CVE-2023/CVE-2023-63xx/CVE-2023-6316.json | 8 ++- CVE-2023/CVE-2023-63xx/CVE-2023-6369.json | 8 ++- CVE-2023/CVE-2023-64xx/CVE-2023-6446.json | 8 ++- CVE-2023/CVE-2023-64xx/CVE-2023-6496.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6504.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6506.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6520.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6556.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6558.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6561.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6567.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6582.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6583.json | 8 ++- CVE-2023/CVE-2023-65xx/CVE-2023-6598.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6624.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6630.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6632.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6634.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6636.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6637.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6638.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6645.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6684.json | 8 ++- CVE-2023/CVE-2023-66xx/CVE-2023-6699.json | 8 ++- CVE-2023/CVE-2023-67xx/CVE-2023-6737.json | 8 ++- CVE-2023/CVE-2023-67xx/CVE-2023-6742.json | 8 ++- CVE-2023/CVE-2023-67xx/CVE-2023-6751.json | 8 ++- CVE-2023/CVE-2023-67xx/CVE-2023-6776.json | 8 ++- CVE-2023/CVE-2023-67xx/CVE-2023-6781.json | 8 ++- CVE-2023/CVE-2023-67xx/CVE-2023-6782.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6828.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6855.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6875.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6878.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6882.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6883.json | 8 ++- CVE-2023/CVE-2023-69xx/CVE-2023-6924.json | 8 ++- CVE-2023/CVE-2023-69xx/CVE-2023-6934.json | 8 ++- CVE-2023/CVE-2023-69xx/CVE-2023-6979.json | 8 ++- CVE-2023/CVE-2023-69xx/CVE-2023-6988.json | 8 ++- CVE-2023/CVE-2023-69xx/CVE-2023-6990.json | 8 ++- CVE-2023/CVE-2023-69xx/CVE-2023-6994.json | 8 ++- CVE-2023/CVE-2023-70xx/CVE-2023-7019.json | 8 ++- CVE-2023/CVE-2023-70xx/CVE-2023-7048.json | 8 ++- CVE-2023/CVE-2023-70xx/CVE-2023-7070.json | 8 ++- CVE-2023/CVE-2023-70xx/CVE-2023-7071.json | 8 ++- CVE-2024/CVE-2024-02xx/CVE-2024-0252.json | 8 ++- CVE-2024/CVE-2024-03xx/CVE-2024-0333.json | 8 ++- CVE-2024/CVE-2024-216xx/CVE-2024-21637.json | 8 ++- CVE-2024/CVE-2024-216xx/CVE-2024-21638.json | 8 ++- CVE-2024/CVE-2024-216xx/CVE-2024-21665.json | 8 ++- CVE-2024/CVE-2024-216xx/CVE-2024-21666.json | 8 ++- CVE-2024/CVE-2024-216xx/CVE-2024-21667.json | 8 ++- CVE-2024/CVE-2024-216xx/CVE-2024-21669.json | 8 ++- CVE-2024/CVE-2024-217xx/CVE-2024-21773.json | 8 ++- CVE-2024/CVE-2024-218xx/CVE-2024-21821.json | 8 ++- CVE-2024/CVE-2024-218xx/CVE-2024-21833.json | 8 ++- CVE-2024/CVE-2024-221xx/CVE-2024-22190.json | 8 ++- CVE-2024/CVE-2024-221xx/CVE-2024-22194.json | 8 ++- CVE-2024/CVE-2024-221xx/CVE-2024-22195.json | 8 ++- README.md | 42 +++++++++++-- 185 files changed, 1715 insertions(+), 379 deletions(-) create mode 100644 CVE-2023/CVE-2023-205xx/CVE-2023-20573.json create mode 100644 CVE-2023/CVE-2023-501xx/CVE-2023-50159.json create mode 100644 CVE-2023/CVE-2023-517xx/CVE-2023-51748.json create mode 100644 CVE-2023/CVE-2023-517xx/CVE-2023-51749.json create mode 100644 CVE-2023/CVE-2023-517xx/CVE-2023-51750.json create mode 100644 CVE-2023/CVE-2023-517xx/CVE-2023-51751.json diff --git a/CVE-2022/CVE-2022-329xx/CVE-2022-32919.json b/CVE-2022/CVE-2022-329xx/CVE-2022-32919.json index 620fe9b25a1..74a0a35d4cf 100644 --- a/CVE-2022/CVE-2022-329xx/CVE-2022-32919.json +++ b/CVE-2022/CVE-2022-329xx/CVE-2022-32919.json @@ -2,12 +2,16 @@ "id": "CVE-2022-32919", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.173", - "lastModified": "2024-01-10T22:15:47.173", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la interfaz de usuario. Este problema se solucion\u00f3 en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1. Visitar un sitio web que enmarque contenido malicioso puede provocar una suplantaci\u00f3n de la interfaz de usuario." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-329xx/CVE-2022-32931.json b/CVE-2022/CVE-2022-329xx/CVE-2022-32931.json index 0e9f146dd46..46df806ef96 100644 --- a/CVE-2022/CVE-2022-329xx/CVE-2022-32931.json +++ b/CVE-2022/CVE-2022-329xx/CVE-2022-32931.json @@ -2,12 +2,16 @@ "id": "CVE-2022-32931", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.240", - "lastModified": "2024-01-10T22:15:47.240", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mejorando la protecci\u00f3n de datos. Este problema se solucion\u00f3 en macOS Ventura 13. Una aplicaci\u00f3n con privilegios de root puede acceder a informaci\u00f3n privada." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-403xx/CVE-2022-40361.json b/CVE-2022/CVE-2022-403xx/CVE-2022-40361.json index d71ed05540d..3bd714eaec7 100644 --- a/CVE-2022/CVE-2022-403xx/CVE-2022-40361.json +++ b/CVE-2022/CVE-2022-403xx/CVE-2022-40361.json @@ -2,12 +2,16 @@ "id": "CVE-2022-40361", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T03:15:09.157", - "lastModified": "2024-01-11T03:15:09.157", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint." + }, + { + "lang": "es", + "value": "La vulnerabilidad de cross site scripting en Elite CRM v1.2.11 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de idioma en el endpoint /ngs/login." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42816.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42816.json index 77480c64e07..4b080c44eb6 100644 --- a/CVE-2022/CVE-2022-428xx/CVE-2022-42816.json +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42816.json @@ -2,12 +2,16 @@ "id": "CVE-2022-42816", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.290", - "lastModified": "2024-01-10T22:15:47.290", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system." + }, + { + "lang": "es", + "value": "Se abord\u00f3 una cuesti\u00f3n de l\u00f3gica con una mejor gesti\u00f3n estatal. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42839.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42839.json index 63618062d99..c12e1f35285 100644 --- a/CVE-2022/CVE-2022-428xx/CVE-2022-42839.json +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42839.json @@ -2,12 +2,16 @@ "id": "CVE-2022-42839", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.330", - "lastModified": "2024-01-10T22:15:47.330", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-457xx/CVE-2022-45793.json b/CVE-2022/CVE-2022-457xx/CVE-2022-45793.json index f87699443ba..934bffaf263 100644 --- a/CVE-2022/CVE-2022-457xx/CVE-2022-45793.json +++ b/CVE-2022/CVE-2022-457xx/CVE-2022-45793.json @@ -2,12 +2,16 @@ "id": "CVE-2022-45793", "sourceIdentifier": "ot-cert@dragos.com", "published": "2024-01-10T21:15:08.193", - "lastModified": "2024-01-10T21:15:08.193", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "[PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT]." + }, + { + "lang": "es", + "value": "[PROBLEMTYPE] en [VENDOR] [PRODUCT] [VERSION] en [PLATFORMS] permite al [ATTACKER] hacer [IMPACT]." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-457xx/CVE-2022-45794.json b/CVE-2022/CVE-2022-457xx/CVE-2022-45794.json index cf66c258dec..13640bbd234 100644 --- a/CVE-2022/CVE-2022-457xx/CVE-2022-45794.json +++ b/CVE-2022/CVE-2022-457xx/CVE-2022-45794.json @@ -2,12 +2,16 @@ "id": "CVE-2022-45794", "sourceIdentifier": "ot-cert@dragos.com", "published": "2024-01-10T23:15:08.397", - "lastModified": "2024-01-10T23:15:08.397", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files form the PLC internal memory and memory card.\n" + }, + { + "lang": "es", + "value": "Un atacante con acceso a la red del PLC afectado (PLC de las series CJ y CS, todas las versiones) puede utilizar un protocolo de red para leer y escribir archivos desde la memoria interna y la tarjeta de memoria del PLC." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46710.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46710.json index 54f44547131..572f511dd5b 100644 --- a/CVE-2022/CVE-2022-467xx/CVE-2022-46710.json +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46710.json @@ -2,12 +2,16 @@ "id": "CVE-2022-46710", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.380", - "lastModified": "2024-01-10T22:15:47.380", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1. Los datos de Location se pueden compartir a trav\u00e9s de enlaces de iCloud incluso si los metadatos de Location est\u00e1n deshabilitados a trav\u00e9s de Share Sheet." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46721.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46721.json index 329c5b866fb..270f7762a91 100644 --- a/CVE-2022/CVE-2022-467xx/CVE-2022-46721.json +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46721.json @@ -2,12 +2,16 @@ "id": "CVE-2022-46721", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.430", - "lastModified": "2024-01-10T22:15:47.430", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-479xx/CVE-2022-47915.json b/CVE-2022/CVE-2022-479xx/CVE-2022-47915.json index 1fac75a23f8..e38a303ead6 100644 --- a/CVE-2022/CVE-2022-479xx/CVE-2022-47915.json +++ b/CVE-2022/CVE-2022-479xx/CVE-2022-47915.json @@ -2,12 +2,16 @@ "id": "CVE-2022-47915", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.473", - "lastModified": "2024-01-10T22:15:47.473", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-479xx/CVE-2022-47965.json b/CVE-2022/CVE-2022-479xx/CVE-2022-47965.json index bbd03177bca..509c6b86db1 100644 --- a/CVE-2022/CVE-2022-479xx/CVE-2022-47965.json +++ b/CVE-2022/CVE-2022-479xx/CVE-2022-47965.json @@ -2,12 +2,16 @@ "id": "CVE-2022-47965", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.523", - "lastModified": "2024-01-10T22:15:47.523", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48504.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48504.json index bb3273397dd..018ea9fae91 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48504.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48504.json @@ -2,12 +2,16 @@ "id": "CVE-2022-48504", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.563", - "lastModified": "2024-01-10T22:15:47.563", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48577.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48577.json index f87999ca1f9..4820ac3acd1 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48577.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48577.json @@ -2,12 +2,16 @@ "id": "CVE-2022-48577", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.610", - "lastModified": "2024-01-10T22:15:47.610", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de acceso mejorando las restricciones de acceso. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4958.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4958.json index 9becc4a7a59..fd650abe64e 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4958.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4958.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4958", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-11T12:15:42.767", - "lastModified": "2024-01-11T12:15:42.767", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20573.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20573.json new file mode 100644 index 00000000000..d082c6435f1 --- /dev/null +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20573.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-20573", + "sourceIdentifier": "psirt@amd.com", + "published": "2024-01-11T14:15:43.963", + "lastModified": "2024-01-11T14:15:43.963", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23588.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23588.json index b192deebebe..e15d34960b7 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23588.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23588.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23588", "sourceIdentifier": "productcert@siemens.com", "published": "2023-04-11T10:15:18.097", - "lastModified": "2023-04-19T20:00:49.490", + "lastModified": "2024-01-11T14:31:50.550", "vulnStatus": "Analyzed", "descriptions": [ { @@ -167,9 +167,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:microsemi:maxview_storage_manager:*:*:*:*:*:windows:*:*", + "criteria": "cpe:2.3:a:microchip:maxview_storage_manager:*:*:*:*:*:windows:*:*", "versionEndExcluding": "4.09.00.25611", - "matchCriteriaId": "2FA3A785-43FF-407B-854D-2C0D931FBE14" + "matchCriteriaId": "77C02716-54AE-4545-AB8C-4760F92271A2" } ] }, diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28185.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28185.json index ae451b9a5e7..e4287f1cca2 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28185.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28185.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28185", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.803", - "lastModified": "2024-01-10T22:15:47.803", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un desbordamiento de enteros mediante una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 y iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 y iPadOS 15.7.4. Una aplicaci\u00f3n puede provocar una denegaci\u00f3n de servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28197.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28197.json index 3069dd74783..f7b3c2e182a 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28197.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28197.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28197", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.853", - "lastModified": "2024-01-10T22:15:47.853", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de acceso con restricciones adicionales de sandbox. Este problema se solucion\u00f3 en macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29444.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29444.json index 70cd4f8ebab..e358fe333ae 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29444.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29444.json @@ -2,12 +2,16 @@ "id": "CVE-2023-29444", "sourceIdentifier": "ot-cert@dragos.com", "published": "2024-01-10T17:15:08.493", - "lastModified": "2024-01-10T17:15:08.493", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution." + }, + { + "lang": "es", + "value": "Se ha descubierto una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada (secuestro de DLL) que podr\u00eda permitir a un adversario autenticado localmente escalar privilegios a SYSTEM. Alternativamente, podr\u00edan alojar una versi\u00f3n con troyano del software y enga\u00f1ar a las v\u00edctimas para que descarguen e instalen su versi\u00f3n maliciosa para obtener acceso inicial y ejecuci\u00f3n del c\u00f3digo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29445.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29445.json index eb5935fd7de..7a80e73c31e 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29445.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29445.json @@ -2,12 +2,16 @@ "id": "CVE-2023-29445", "sourceIdentifier": "ot-cert@dragos.com", "published": "2024-01-10T21:15:08.410", - "lastModified": "2024-01-10T21:15:08.410", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM." + }, + { + "lang": "es", + "value": "Se ha descubierto una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada (secuestro de DLL) que podr\u00eda permitir a un adversario autenticado localmente escalar privilegios a SYSTEM." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29446.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29446.json index 83570345fa5..a496086459c 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29446.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29446.json @@ -2,12 +2,16 @@ "id": "CVE-2023-29446", "sourceIdentifier": "ot-cert@dragos.com", "published": "2024-01-10T21:15:08.603", - "lastModified": "2024-01-10T21:15:08.603", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.\u00a0" + }, + { + "lang": "es", + "value": "Se ha descubierto una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda permitir a un adversario inyectar una ruta UNC a trav\u00e9s de un archivo de proyecto malicioso. Esto permite a un adversario capturar hashes NLTMv2 y potencialmente descifrarlos offline." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json index 5cf938ecc86..b352e9b225f 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29447.json @@ -2,12 +2,16 @@ "id": "CVE-2023-29447", "sourceIdentifier": "ot-cert@dragos.com", "published": "2024-01-10T21:15:08.790", - "lastModified": "2024-01-10T21:15:08.790", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de credenciales insuficientemente protegidas en KEPServerEX podr\u00eda permitir que un adversario capture las credenciales del usuario mientras el servidor web utiliza autenticaci\u00f3n b\u00e1sica." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31001.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31001.json index aad941f4519..f1a42dfb614 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31001.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31001.json @@ -2,12 +2,16 @@ "id": "CVE-2023-31001", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-11T03:15:09.413", - "lastModified": "2024-01-11T03:15:09.413", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653." + }, + { + "lang": "es", + "value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) almacena temporalmente informaci\u00f3n confidencial en archivos a los que un usuario local podr\u00eda acceder. ID de IBM X-Force: 254653." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31003.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31003.json index cda9a6c5bc9..70a07b0b1ec 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31003.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31003.json @@ -2,12 +2,16 @@ "id": "CVE-2023-31003", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-11T03:15:09.617", - "lastModified": "2024-01-11T03:15:09.617", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658." + }, + { + "lang": "es", + "value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podr\u00eda permitir que un usuario local obtenga acceso ra\u00edz debido a controles de acceso inadecuados. ID de IBM X-Force: 254658." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31488.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31488.json index 4da6948209f..1627ddf16ff 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31488.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31488.json @@ -2,12 +2,16 @@ "id": "CVE-2023-31488", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T20:15:45.330", - "lastModified": "2024-01-10T20:15:45.330", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document." + }, + { + "lang": "es", + "value": "Las versiones de Hyland Perceived Filters anteriores al 8 de diciembre de 2023 (por ejemplo, 11.4.0.2647), tal como se utilizan en el software Cisco IronPort Email Security Appliance, Cisco Secure Email Gateway y varios productos que no son de Cisco, permiten a los atacantes desencadenar un fallo de segmentaci\u00f3n y ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32366.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32366.json index c270095b23d..dc5b6877888 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32366.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32366.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32366", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.897", - "lastModified": "2024-01-10T22:15:47.897", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de escritura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 y iPadOS 16.4, iOS 15.7.4 y iPadOS 15.7.4, macOS Monterey 12.6.4. El procesamiento de un archivo de fuente puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32378.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32378.json index 4a736c68df8..7332ad40d51 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32378.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32378.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32378", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.943", - "lastModified": "2024-01-10T22:15:47.943", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32383.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32383.json index 8753a9575df..d4f4ba6b4da 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32383.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32383.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32383", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:47.987", - "lastModified": "2024-01-10T22:15:47.987", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 forzando un runtime reforzado en los archivos binarios afectados a nivel del sistema. Este problema se solucion\u00f3 en macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Es posible que una aplicaci\u00f3n pueda inyectar c\u00f3digo en archivos binarios confidenciales incluidos con Xcode." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32401.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32401.json index 0ccbb1ee7bb..af054de135f 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32401.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32401.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32401", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.040", - "lastModified": "2024-01-10T22:15:48.040", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un desbordamiento de b\u00fafer mejorando la verificaci\u00f3n de l\u00edmites. Este problema se solucion\u00f3 en macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. El an\u00e1lisis de un documento de Office puede provocar la finalizaci\u00f3n inesperada de una aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32424.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32424.json index 862d40235f4..40bfe93829a 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32424.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32424.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32424", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.087", - "lastModified": "2024-01-10T22:15:48.087", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en iOS 16.4 y iPadOS 16.4, watchOS 9.4. Un atacante que ya haya logrado la ejecuci\u00f3n del c\u00f3digo del kernel puede omitir las mitigaciones de memoria del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32436.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32436.json index 92b367785c5..7aeb8b187f8 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32436.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32436.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32436", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.140", - "lastModified": "2024-01-10T22:15:48.140", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones de l\u00edmites mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.3. Una aplicaci\u00f3n puede provocar la finalizaci\u00f3n inesperada del sistema o escribir en la memoria del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json index a85a223910d..93a6f44066e 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37644.json @@ -2,12 +2,16 @@ "id": "CVE-2023-37644", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T08:15:35.737", - "lastModified": "2024-01-11T08:15:35.737", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c." + }, + { + "lang": "es", + "value": "SWFTools 0.9.2 772e55a permite a los atacantes desencadenar un gran intento de asignaci\u00f3n de memoria a trav\u00e9s de un documento manipulado, como lo demuestra pdf2swf. Esto ocurre en png_read_chunk en lib/png.c." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json index 0ee249f83ee..ead45afbf6d 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json @@ -2,12 +2,16 @@ "id": "CVE-2023-37932", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-01-10T18:15:45.570", - "lastModified": "2024-01-10T18:15:45.570", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path traversal\") [CWE-22] en FortiVoiceEntreprise versi\u00f3n 7.0.0 y anteriores a 6.4.7 permite a un atacante autenticado leer archivos arbitrarios del sistema mediante el env\u00edo de solicitudes HTTP o HTTPS manipuladas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37934.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37934.json index 66e0f3fef8f..b5b1c19634f 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37934.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37934.json @@ -2,12 +2,16 @@ "id": "CVE-2023-37934", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-01-10T18:15:45.823", - "lastModified": "2024-01-10T18:15:45.823", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites o de limitaci\u00f3n [CWE-770] en FortiPAM 1.0 en todas las versiones permite a un atacante autenticado realizar un ataque de denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes HTTP o HTTPS manipuladas con alta frecuencia." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3726.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3726.json index 21db127ddb3..cefe7f502fc 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3726.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3726.json @@ -2,19 +2,43 @@ "id": "CVE-2023-3726", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-01-04T15:15:09.117", - "lastModified": "2024-01-04T18:46:53.270", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T13:40:50.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.\n\n" + }, + { + "lang": "es", + "value": "OCSInventory permite almacenar plantillas de correo electr\u00f3nico con caracteres especiales que conducen a cross-site Scripting almacenado." } ], "metrics": { "cvssMetricV31": [ { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + }, + { + "source": "help@fluidattacks.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ocsinventory-ng:ocsinventory-ocsreports:2.12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D586CDF1-3C6D-4E0D-965C-707304577526" + } + ] + } + ] + } + ], "references": [ { "url": "https://fluidattacks.com/advisories/creed/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://ocsinventory-ng.org/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38267.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38267.json index 182fd99cab6..cae4f299b63 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38267.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38267.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38267", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-11T03:15:09.803", - "lastModified": "2024-01-11T03:15:09.803", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain sensitive configuration information. IBM X-Force ID: 260584." + }, + { + "lang": "es", + "value": "IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podr\u00eda permitir que un usuario local obtenga informaci\u00f3n de configuraci\u00f3n confidencial. ID de IBM X-Force: 260584." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38607.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38607.json index 4a73d835667..26ae21c0be9 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38607.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38607.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38607", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.310", - "lastModified": "2024-01-10T22:15:48.310", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda modificar la configuraci\u00f3n de la impresora." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38610.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38610.json index ab70db10078..9238f44decb 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38610.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38610.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38610", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.357", - "lastModified": "2024-01-10T22:15:48.357", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de corrupci\u00f3n de memoria eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Una aplicaci\u00f3n puede provocar la finalizaci\u00f3n inesperada del sistema o escribir en la memoria del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38612.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38612.json index 420d68cee8f..6771e7e1a5e 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38612.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38612.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38612", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.403", - "lastModified": "2024-01-10T22:15:48.403", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Monterey 12.7, iOS 16.7 y iPadOS 16.7, iOS 17 y iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. Es posible que una aplicaci\u00f3n pueda acceder a datos de usuario protegidos." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-398xx/CVE-2023-39853.json b/CVE-2023/CVE-2023-398xx/CVE-2023-39853.json index fc381cc0100..57df8e194bb 100644 --- a/CVE-2023/CVE-2023-398xx/CVE-2023-39853.json +++ b/CVE-2023/CVE-2023-398xx/CVE-2023-39853.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39853", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-06T04:15:08.863", - "lastModified": "2024-01-08T12:02:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T14:47:18.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en Dzzoffice versi\u00f3n 2.01, permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de los par\u00e1metros doobj y doevent en el m\u00f3dulo backend de Network Disk." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dzzoffice:dzzoffice:2.01:*:*:*:*:*:*:*", + "matchCriteriaId": "D2D4D8E0-87E3-437D-9F20-6E2292F3B41E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/EternalGemini/dzz", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40383.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40383.json index 7ab7700f5f4..45fe070f3fb 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40383.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40383.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40383", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.460", - "lastModified": "2024-01-10T22:15:48.460", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de path handling con una validaci\u00f3n mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40385.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40385.json index 40f7ce588eb..fdf89d4e8e5 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40385.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40385.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40385", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.503", - "lastModified": "2024-01-10T22:15:48.503", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. Un atacante remoto puede ver consultas de DNS filtradas con Private Relay activado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40393.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40393.json index 9c9062ee287..1b80ac636bc 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40393.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40393.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40393", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.550", - "lastModified": "2024-01-10T22:15:48.550", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de autenticaci\u00f3n con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14. Las fotos de Hidden Photos Album se pueden ver sin autenticaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40394.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40394.json index ebf28e96a48..108403adb8c 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40394.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40394.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40394", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.593", - "lastModified": "2024-01-10T22:15:48.593", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data." + }, + { + "lang": "es", + "value": "El problema se abord\u00f3 con una validaci\u00f3n mejorada de las variables ambientales. Este problema se solucion\u00f3 en iOS 16.6 y iPadOS 16.6. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40411.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40411.json index e060903a763..5dc04473771 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40411.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40411.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40411", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.643", - "lastModified": "2024-01-10T22:15:48.643", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mejorando la protecci\u00f3n de datos. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40414.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40414.json index 0e273b738d1..75c26555a04 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40414.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40414.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40414", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.687", - "lastModified": "2024-01-10T22:15:48.687", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en watchOS 10, iOS 17 y iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. El procesamiento de contenido web puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40430.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40430.json index 44abc8a6212..e37bdcb8c09 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40430.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40430.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40430", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.740", - "lastModified": "2024-01-10T22:15:48.740", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a vol\u00famenes extra\u00edbles sin el consentimiento del usuario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40433.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40433.json index 5e13a5cb043..dd448215c1f 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40433.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40433.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40433", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.787", - "lastModified": "2024-01-10T22:15:48.787", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Ventura 13.3. Una aplicaci\u00f3n puede omitir las comprobaciones de Gatekeeper." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json index 3649ea8a5e1..795de7765bb 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40437.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40437", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.827", - "lastModified": "2024-01-10T22:15:48.827", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en iOS 16.6 y iPadOS 16.6, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40438.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40438.json index 2bec5dd5bdc..be2ca86db06 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40438.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40438.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40438", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.870", - "lastModified": "2024-01-10T22:15:48.870", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema con el manejo mejorado de archivos temporales. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 16.7 y iPadOS 16.7. Es posible que una aplicaci\u00f3n pueda acceder a fotos editadas guardadas en un directorio temporal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json index 8119c9757f9..77b5335f721 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40439.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40439", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.920", - "lastModified": "2024-01-10T22:15:48.920", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en iOS 16.6 y iPadOS 16.6, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json index 2826da10b7e..a31b5b3b16b 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40529.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40529", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:48.970", - "lastModified": "2024-01-10T22:15:48.970", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en iOS 17 y iPadOS 17. Una persona con acceso f\u00edsico a un dispositivo puede usar VoiceOver para acceder a informaci\u00f3n privada del calendario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41060.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41060.json index db2eb6d9396..7d4616723a5 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41060.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41060.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41060", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.107", - "lastModified": "2024-01-10T22:15:49.107", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de confusi\u00f3n de tipos con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Un usuario remoto puede provocar la ejecuci\u00f3n del c\u00f3digo del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41069.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41069.json index a3ca6eaba39..cec7af46da3 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41069.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41069.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41069", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.150", - "lastModified": "2024-01-10T22:15:49.150", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 mejorando los modelos anti-spoofing de Face ID. Este problema se solucion\u00f3 en iOS 17 y iPadOS 17. Un modelo 3D construido para parecerse al usuario registrado puede autenticarse a trav\u00e9s de Face ID." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41075.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41075.json index 643cfe7e257..1b8e01804ab 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41075.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41075.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41075", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.190", - "lastModified": "2024-01-10T22:15:49.190", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de confusi\u00f3n de tipos con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 y iPadOS 16.4, iOS 15.7.4 y iPadOS 15.7.4, macOS Monterey 12.6.4. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41974.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41974.json index ba3c6a0b070..c3ad69304c3 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41974.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41974.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41974", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.240", - "lastModified": "2024-01-10T22:15:49.240", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41987.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41987.json index 8863e0d2f4f..0315c8e2cf4 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41987.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41987.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41987", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.290", - "lastModified": "2024-01-10T22:15:49.290", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41994.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41994.json index c9c862861da..708f9e9397d 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41994.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41994.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41994", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.640", - "lastModified": "2024-01-10T22:15:49.640", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema l\u00f3gico con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una extensi\u00f3n de c\u00e1mara pueda acceder a la vista de la c\u00e1mara desde aplicaciones distintas de aquella para la que se le otorg\u00f3 permiso." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42826.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42826.json index 316aba37aac..75cad2d975d 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42826.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42826.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42826", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.707", - "lastModified": "2024-01-10T22:15:49.707", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. El procesamiento de un archivo puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42828.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42828.json index 6aea22cdc81..1bc6fdba86e 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42828.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42828.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42828", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.757", - "lastModified": "2024-01-10T22:15:49.757", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda obtener privilegios de root." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42829.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42829.json index 7dd3a82af9c..08dec773df6 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42829.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42829.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42829", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.803", - "lastModified": "2024-01-10T22:15:49.803", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con restricciones adicionales sobre la observabilidad de los estados de las aplicaciones. Este problema se solucion\u00f3 en macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda acceder a frases de contrase\u00f1a SSH." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json index 22b9179d8e3..8a3ee4605d8 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42830.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42830", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.850", - "lastModified": "2024-01-10T22:15:49.850", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en macOS Ventura 13.3, iOS 16.4 y iPadOS 16.4. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json index 539e5b86cd9..be566f3f5a7 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42831.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42831", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.903", - "lastModified": "2024-01-10T22:15:49.903", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Big Sur 11.7.9, iOS 15.7.8 y iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda tomar las huellas digitales del usuario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42832.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42832.json index 77b3432ac38..35fc7bb2af7 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42832.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42832.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42832", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:49.953", - "lastModified": "2024-01-10T22:15:49.953", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 una condici\u00f3n de ejecuci\u00f3n con un mejor manejo del estado. Este problema se solucion\u00f3 en macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda obtener privilegios de root." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json index bd024cb221b..8cf212e7d0c 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42833.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42833", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.000", - "lastModified": "2024-01-10T22:15:50.000", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de correcci\u00f3n con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. El procesamiento de contenido web puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json index 898f9477552..cc112ec24dd 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42862.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42862", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.047", - "lastModified": "2024-01-10T22:15:50.047", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 una lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3, tvOS 16.4, iOS 16.4 y iPadOS 16.4, watchOS 9.4. El procesamiento de una imagen puede resultar en la divulgaci\u00f3n de la memoria del proceso." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json index 173e07514e6..5a01ce2baac 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42865.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42865", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.093", - "lastModified": "2024-01-10T22:15:50.093", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 una lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3, tvOS 16.4, iOS 16.4 y iPadOS 16.4, watchOS 9.4. El procesamiento de una imagen puede resultar en la divulgaci\u00f3n de la memoria del proceso." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json index 7dd60845d5d..413b9bb6772 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42866.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42866", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.143", - "lastModified": "2024-01-10T22:15:50.143", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13.5, iOS 16.6 y iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42869.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42869.json index 1d8b83c5046..92a07f5b54d 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42869.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42869.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42869", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.200", - "lastModified": "2024-01-10T22:15:50.200", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2." + }, + { + "lang": "es", + "value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.4, iOS 16.5 y iPadOS 16.5. M\u00faltiples problemas en libxml2." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42870.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42870.json index adc3f6e9b35..e4fde319cc5 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42870.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42870.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42870", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.240", - "lastModified": "2024-01-10T22:15:50.240", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de uso despu\u00e9s de la liberaci\u00f3n con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42871.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42871.json index 9995f2220a0..21019446fbc 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42871.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42871.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42871", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.280", - "lastModified": "2024-01-10T22:15:50.280", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42872.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42872.json index e1aff2fd71e..4a19f1c6ae2 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42872.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42872.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42872", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.327", - "lastModified": "2024-01-10T22:15:50.327", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones de permisos adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42876.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42876.json index 15624349328..4041153b092 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42876.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42876.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42876", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.370", - "lastModified": "2024-01-10T22:15:50.370", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con comprobaciones de l\u00edmites mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14. Procesar un archivo puede provocar una denegaci\u00f3n de servicio o potencialmente revelar el contenido de la memoria." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42929.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42929.json index e77cf6f17da..84bca7bce63 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42929.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42929.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42929", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.417", - "lastModified": "2024-01-10T22:15:50.417", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a datos de usuario protegidos." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42933.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42933.json index 5ae25d8137c..5047baa80d6 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42933.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42933.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42933", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.460", - "lastModified": "2024-01-10T22:15:50.460", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges." + }, + { + "lang": "es", + "value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda obtener privilegios elevados." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42934.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42934.json index a522af14bc2..3181973aebd 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42934.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42934.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42934", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.507", - "lastModified": "2024-01-10T22:15:50.507", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de divulgaci\u00f3n de informaci\u00f3n eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n con privilegios de root pueda acceder a informaci\u00f3n privada." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42941.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42941.json index 76310125f8c..2a05144f2d9 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42941.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42941.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42941", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-10T22:15:50.543", - "lastModified": "2024-01-11T07:15:07.880", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4246.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4246.json index fdafb46a2bd..5d199956429 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4246.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4246.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4246", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:46.190", - "lastModified": "2024-01-11T09:15:46.190", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento GiveWP para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.33.3 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n Give_sendwp_remote_install_handler. Esto hace posible que atacantes no autenticados instalen y activen el complemento SendWP a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4247.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4247.json index 21e30b53022..e31046abc03 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4247.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4247.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4247", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:46.390", - "lastModified": "2024-01-11T09:15:46.390", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento GiveWP para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.33.3 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n Give_sendwp_disconnect. Esto hace posible que atacantes no autenticados desactiven el complemento SendWP mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4248.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4248.json index d4fce4253a9..4755a3d0fac 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4248.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4248.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4248", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:46.613", - "lastModified": "2024-01-11T09:15:46.613", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it possible for unauthenticated attackers to deactivate the plugin's stripe integration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento GiveWP para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.33.3 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n Give_stripe_disconnect_connect_stripe_account. Esto hace posible que atacantes no autenticados desactiven la configuraci\u00f3n de integraci\u00f3n de franjas del complemento a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4372.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4372.json index 98b86df7488..70ea4d10d13 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4372.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4372.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4372", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:46.773", - "lastModified": "2024-01-11T09:15:46.773", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento LiteSpeed Cache para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'esi' en versiones hasta la 5.6 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44250.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44250.json index eff3fcd4abd..567654e02f2 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44250.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44250.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44250", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-01-10T18:15:46.030", - "lastModified": "2024-01-10T18:15:46.030", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de administraci\u00f3n de privilegios inadecuada [CWE-269] en un cl\u00faster Fortinet FortiOS HA versi\u00f3n 7.4.0 a 7.4.1 y 7.2.5 y en un cl\u00faster FortiProxy HA versi\u00f3n 7.4.0 a 7.4.1 permite que un atacante autenticado realice acciones elevadas a trav\u00e9s de solicitudes HTTP o HTTPS manipuladas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45169.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45169.json index 36514eda6e0..5a44f1ad0ac 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45169.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45169.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45169", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-11T03:15:09.990", - "lastModified": "2024-01-11T03:15:09.990", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967." + }, + { + "lang": "es", + "value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en la extensi\u00f3n del kernel pmsvcs para provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267967." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45171.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45171.json index 6c9f163db00..146f2c34aa3 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45171.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45171.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45171", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-11T03:15:10.173", - "lastModified": "2024-01-11T03:15:10.173", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969." + }, + { + "lang": "es", + "value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el kernel para provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267969." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45173.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45173.json index 781fe351d7e..febd4982d18 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45173.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45173.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45173", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-11T02:15:47.857", - "lastModified": "2024-01-11T02:15:47.857", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971." + }, + { + "lang": "es", + "value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en la extensi\u00f3n del kernel NFS para provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267971." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45175.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45175.json index ee3022780a9..163dcbb581c 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45175.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45175.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45175", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-11T02:15:48.063", - "lastModified": "2024-01-11T02:15:48.063", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973." + }, + { + "lang": "es", + "value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en la extensi\u00f3n del kernel TCP/IP para provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267973." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46712.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46712.json index ff2a7f32dd6..4953ec8f4c7 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46712.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46712.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46712", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-01-10T18:15:46.223", - "lastModified": "2024-01-10T18:15:46.223", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests." + }, + { + "lang": "es", + "value": "Un control de acceso inadecuado en Fortinet FortiPortal versi\u00f3n 7.0.0 a 7.0.6, Fortinet FortiPortal versi\u00f3n 7.2.0 a 7.2.1 permite al atacante escalar su privilegio a trav\u00e9s de solicitudes HTTP espec\u00edficamente manipuladas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47559.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47559.json index de007f12692..9d120f74f9e 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47559.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47559.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47559", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-01-05T17:15:11.487", - "lastModified": "2024-01-05T18:23:40.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T13:56:50.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de cross-site scripting (XSS) afecta a QuMagie. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QuMagie 2.2.1 y posteriores." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qnap:qumagie:2.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8A352625-B754-4ED7-AAF6-F532F75336B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-23", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47560.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47560.json index 842847b07da..db09b8aac59 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47560.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47560.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47560", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-01-05T17:15:11.683", - "lastModified": "2024-01-05T18:23:40.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T14:07:09.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a QuMagie. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QuMagie 2.2.1 y posteriores." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +74,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qnap:qumagie:2.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8A352625-B754-4ED7-AAF6-F532F75336B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-23", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48783.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48783.json index e1e4dbbf31d..13a319b89ee 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48783.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48783.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48783", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-01-10T18:15:46.807", - "lastModified": "2024-01-10T18:15:46.807", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An\u00a0Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario [CWE-639] que afecta a PortiPortal versi\u00f3n 7.2.1 e inferior, versi\u00f3n 7.0.6 e inferior, versi\u00f3n 6.0.14 e inferior, versi\u00f3n 5.3.8 e inferior puede permitir que un usuario autenticado remotamente con al menos permisos de solo lectura para acceder a otros endpoints de la organizaci\u00f3n a trav\u00e9s de solicitudes GET manipuladas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49295.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49295.json index b965154b89e..bae0fa4105e 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49295.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49295.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49295", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-10T22:15:50.610", - "lastModified": "2024-01-10T22:15:50.610", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4." + }, + { + "lang": "es", + "value": "quic-go es una implementaci\u00f3n del protocolo QUIC (RFC 9000, RFC 9001, RFC 9002) en Go. Un atacante puede hacer que su par se quede sin memoria enviando una gran cantidad de tramas PATH_CHALLENGE. Se supone que el receptor debe responder a cada trama PATH_CHALLENGE con una trama PATH_RESPONSE. El atacante puede evitar que el receptor env\u00ede (la gran mayor\u00eda de) estas tramas PATH_RESPONSE colapsando la ventana de congesti\u00f3n del par (al reconocer selectivamente los paquetes recibidos) y manipulando la estimaci\u00f3n de RTT del par. Esta vulnerabilidad ha sido parcheada en las versiones 0.37.7, 0.38.2 y 0.39.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4960.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4960.json index 24d3576234d..bda5d9fcc06 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4960.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4960.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4960", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:46.930", - "lastModified": "2024-01-11T09:15:46.930", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WCFM Marketplace para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'wcfm_stores' en versiones hasta la 3.6.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4962.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4962.json index 11acfb03e30..9da350dfaef 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4962.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4962.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4962", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:47.093", - "lastModified": "2024-01-11T09:15:47.093", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Video PopUp para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'video_popup' en versiones hasta la 1.1.3 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json index 02eda481912..ea526584016 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50027", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T09:15:08.743", - "lastModified": "2024-01-05T11:54:11.040", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T14:26:14.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,69 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Buy Addons baproductzoommagnifier para PrestaShop versiones 1.0.16 y anteriores, permite a atacantes remotos escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del m\u00e9todo BaproductzoommagnifierZoomModuleFrontController::run()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:buy-addons:bazoom_magnifier:*:*:*:*:*:prestashop:*:*", + "versionEndIncluding": "1.0.16", + "matchCriteriaId": "1FE736E4-BFBB-4F9F-8F5F-51441BD62AF2" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50159.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50159.json new file mode 100644 index 00000000000..43d5b721e72 --- /dev/null +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50159.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-50159", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-11T14:15:44.070", + "lastModified": "2024-01-11T14:15:44.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-506xx/CVE-2023-50609.json b/CVE-2023/CVE-2023-506xx/CVE-2023-50609.json index 10e17ca8e6f..56608607cd6 100644 --- a/CVE-2023/CVE-2023-506xx/CVE-2023-50609.json +++ b/CVE-2023/CVE-2023-506xx/CVE-2023-50609.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50609", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-06T04:15:08.930", - "lastModified": "2024-01-08T12:02:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T14:54:52.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,66 @@ "value": "Vulnerabilidad de Cross Site Scripting (XSS) en la plataforma de servicios de aplicaciones de v\u00eddeo de ense\u00f1anza AVA versi\u00f3n 3.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en ajax.aspx." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ava:teaching_video_application_service_platform:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B3E9111B-3DF7-4902-BF66-06546EB80C15" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/zhishituboshu/f8f07e9df411b1ee3d8212a166b2034e", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50916.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50916.json index f4ca871a6b0..04da35ff208 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50916.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50916.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50916", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T19:15:08.227", - "lastModified": "2024-01-10T19:15:08.227", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \\ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks." + }, + { + "lang": "es", + "value": "Kyocera Device Manager anterior a 3.1.1213.0 permite la exposici\u00f3n de credenciales NTLM durante la autenticaci\u00f3n de ruta UNC mediante un cambio manipulado de una ruta local a una ruta UNC. Permite a los administradores configurar la ubicaci\u00f3n de la copia de seguridad de la base de datos utilizada por la aplicaci\u00f3n. Se rechaza el intento de cambiar esta ubicaci\u00f3n a una ruta UNC a trav\u00e9s de la GUI debido al uso de un car\u00e1cter \\ (backslash), que se supone no est\u00e1 permitido en un nombre de ruta. Interceptar y modificar esta solicitud a trav\u00e9s de un proxy, o enviar la solicitud directamente al endpoint de la aplicaci\u00f3n, permite establecer rutas UNC para la ubicaci\u00f3n de la copia de seguridad. Una vez establecida dicha ubicaci\u00f3n, Kyocera Device Manager intenta confirmar el acceso e intentar\u00e1 autenticarse en la ruta UNC; Dependiendo de la configuraci\u00f3n del entorno, esto puede autenticarse en la UNC con hashes NTLM de Windows. Esto podr\u00eda permitir la retransmisi\u00f3n de credenciales NTLM o ataques de cracking." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-510xx/CVE-2023-51073.json b/CVE-2023/CVE-2023-510xx/CVE-2023-51073.json index 3068f46da3b..91e8dc7b083 100644 --- a/CVE-2023/CVE-2023-510xx/CVE-2023-51073.json +++ b/CVE-2023/CVE-2023-510xx/CVE-2023-51073.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51073", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T03:15:10.710", - "lastModified": "2024-01-11T03:15:10.710", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh." + }, + { + "lang": "es", + "value": "Un problema en Buffalo LS210D v.1.78-0.03 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del script de actualizaci\u00f3n de firmware en /etc/init.d/update_notifications.sh." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json b/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json index cc0717c584a..d4e928482b5 100644 --- a/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json +++ b/CVE-2023/CVE-2023-511xx/CVE-2023-51123.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51123", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T22:15:50.823", - "lastModified": "2024-01-10T22:15:50.823", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component." + }, + { + "lang": "es", + "value": "Un problema descubierto en D-Link dir815 v.1.01SSb08.bin permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud POST manipulada al par\u00e1metro service en la funci\u00f3n SOAPCGI_main del componente binario cgibin." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-511xx/CVE-2023-51126.json b/CVE-2023/CVE-2023-511xx/CVE-2023-51126.json index f5084aadb12..2273c082185 100644 --- a/CVE-2023/CVE-2023-511xx/CVE-2023-51126.json +++ b/CVE-2023/CVE-2023-511xx/CVE-2023-51126.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51126", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T21:15:09.083", - "lastModified": "2024-01-10T21:15:09.083", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n de comandos en /usr/www/res.php en FLIR AX8 hasta 1.46.16 permite a atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro value." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-511xx/CVE-2023-51127.json b/CVE-2023/CVE-2023-511xx/CVE-2023-51127.json index fc7acdd9efc..c22c46e9106 100644 --- a/CVE-2023/CVE-2023-511xx/CVE-2023-51127.json +++ b/CVE-2023/CVE-2023-511xx/CVE-2023-51127.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51127", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T21:15:09.133", - "lastModified": "2024-01-10T21:15:09.133", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file." + }, + { + "lang": "es", + "value": "Las c\u00e1maras con sensor t\u00e9rmico FLIR AX8 hasta la versi\u00f3n 1.46.16 incluida son vulnerables a Directory Traversal debido a una restricci\u00f3n de acceso inadecuada. Esta vulnerabilidad permite que un atacante remoto no autenticado obtenga contenidos de archivos confidenciales arbitrarios cargando un archivo de enlace simb\u00f3lico especialmente manipulado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51502.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51502.json index aea1f92f36c..2d772373779 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51502.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51502.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51502", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T08:15:42.770", - "lastModified": "2024-01-05T11:54:11.040", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T14:16:03.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:automattic:woocommerce_stripe:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.6.1", + "matchCriteriaId": "F56BF36A-D270-4E9A-9AA1-D222B0188CBA" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-1-unauthenticated-insecure-direct-object-references-idor-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51748.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51748.json new file mode 100644 index 00000000000..62c0adbd594 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51748.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-51748", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-11T14:15:44.123", + "lastModified": "2024-01-11T14:15:44.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51749.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51749.json new file mode 100644 index 00000000000..815d41806ff --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51749.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-51749", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-11T14:15:44.167", + "lastModified": "2024-01-11T14:15:44.167", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json new file mode 100644 index 00000000000..9bf2bbef65e --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51750.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-51750", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-11T14:15:44.230", + "lastModified": "2024-01-11T14:15:44.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51751.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51751.json new file mode 100644 index 00000000000..c9522817bcb --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51751.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-51751", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-11T14:15:44.270", + "lastModified": "2024-01-11T14:15:44.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52027.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52027.json index 6d8808a644e..660f2202939 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52027.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52027.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52027", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T09:15:47.250", - "lastModified": "2024-01-11T09:15:47.250", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOlink A3700R v9.1.2u.5822_B20200513 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s de la funci\u00f3n NTPSyncWithHost." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52028.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52028.json index b69de5de870..1823e7f8a6c 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52028.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52028.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52028", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T09:15:47.300", - "lastModified": "2024-01-11T09:15:47.300", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOlink A3700R v9.1.2u.5822_B20200513 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s de la funci\u00f3n setTracerouteCfg." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52029.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52029.json index 6f2f458b302..5215687e9fd 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52029.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52029.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52029", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T09:15:47.350", - "lastModified": "2024-01-11T09:15:47.350", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOlink A3700R v9.1.2u.5822_B20200513 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s de la funci\u00f3n setDiagnosisCfg." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52030.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52030.json index 0e4ae9b1e75..6b5e48c58ea 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52030.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52030.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52030", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T09:15:47.393", - "lastModified": "2024-01-11T09:15:47.393", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOlink A3700R v9.1.2u.5822_B20200513 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s de la funci\u00f3n setOpModeCfg." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52031.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52031.json index b740a7f2574..b0db9bbcab3 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52031.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52031.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52031", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T09:15:47.437", - "lastModified": "2024-01-11T09:15:47.437", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOlink A3700R v9.1.2u.5822_B20200513 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s de la funci\u00f3n UploadFirmwareFile." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52032.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52032.json index c55d7cc31e0..6c921399ab1 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52032.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52032.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52032", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T09:15:47.483", - "lastModified": "2024-01-11T09:15:47.483", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the \"main\" function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOlink EX1200T V4.1.2cu.5232_B20210713 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s de la funci\u00f3n \"principal\"." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52064.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52064.json index 547c7f2e880..571fc14fd82 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52064.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52064.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52064", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T21:15:09.180", - "lastModified": "2024-01-10T21:15:09.180", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:35.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Wuzhicms v4.1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro $keywords en /core/admin/copyfrom.php." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json index a81ec8d3012..a6e0c5962b8 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52123", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:08.800", - "lastModified": "2024-01-05T11:54:11.040", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T14:28:17.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:machothemes:strong_testimonials:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.10", + "matchCriteriaId": "1E16AF02-B3B6-4BFE-B533-F19E3E7EDEB5" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/strong-testimonials/wordpress-strong-testimonials-plugin-3-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json index 1f37b6e3cfc..44797c59f79 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52128", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:09.253", - "lastModified": "2024-01-05T11:54:11.040", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T14:29:37.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linksoftwarellc:white_label:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.9.0", + "matchCriteriaId": "16BFC700-7683-49EF-932C-ACBEBC8DCD35" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/white-label/wordpress-white-label-plugin-2-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52178.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52178.json index 2efd708f4c0..6f0bb2ccf84 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52178.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52178.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52178", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T08:15:43.327", - "lastModified": "2024-01-05T11:54:11.040", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T14:17:42.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mojofywp:wp_affiliate_disclosure:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.7", + "matchCriteriaId": "53A64544-27CB-4C4C-8627-C5A92A339E87" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-affiliate-disclosure/wordpress-wp-affiliate-disclosure-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52184.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52184.json index d73e861c33c..3d62f164082 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52184.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52184.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52184", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T08:15:43.573", - "lastModified": "2024-01-05T11:54:11.040", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-11T14:19:23.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.6", + "matchCriteriaId": "B7A5B1D1-884F-42AD-984C-F5AF1DBD33B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52274.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52274.json index 75e4f600a57..1c7ea44c2b9 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52274.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52274.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52274", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-11T03:15:10.843", - "lastModified": "2024-01-11T03:15:10.843", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header." + }, + { + "lang": "es", + "value": "member/index/register.html en YzmCMS 6.5 a 7.0 permite XSS a trav\u00e9s del encabezado HTTP Referer." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5448.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5448.json index 27df322b094..c14885251c1 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5448.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5448.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5448", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T04:15:08.373", - "lastModified": "2024-01-11T04:15:08.373", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user's password via a forged request granted they can trick the user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento WP Register Profile With Shortcode para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 3.5.9 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n update_password_validate. Esto hace posible que atacantes no autenticados restablezcan la contrase\u00f1a de un usuario mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5504.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5504.json index aaa3e41cc02..20922eb4c61 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5504.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5504.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5504", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:47.553", - "lastModified": "2024-01-11T09:15:47.553", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site." + }, + { + "lang": "es", + "value": "El complemento BackWPup para WordPress es vulnerable a Directory Traversal en versiones hasta la 4.0.1 incluida a trav\u00e9s de la carpeta de archivos de registro. Esto permite a los atacantes autenticados almacenar copias de seguridad en carpetas arbitrarias en el servidor, siempre que el servidor pueda escribir en ellas. Adem\u00e1s, la configuraci\u00f3n predeterminada colocar\u00e1 un archivo index.php y .htaccess en el directorio elegido (a menos que ya est\u00e9 presente) cuando se ejecute el primer trabajo de copia de seguridad, cuyo objetivo es evitar la lista de directorios y el acceso a archivos. Esto significa que un atacante podr\u00eda establecer el directorio de respaldo en la ra\u00edz de otro sitio en un entorno compartido y as\u00ed desactivar ese sitio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5691.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5691.json index f14fac9c437..c6cb99a00be 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5691.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5691.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5691", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:47.727", - "lastModified": "2024-01-11T09:15:47.727", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento Chatbot for WordPress para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en la versi\u00f3n 2.3.9 debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6220.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6220.json index ad2ea97e7e2..c732bd902d3 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6220.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6220.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6220", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:47.883", - "lastModified": "2024-01-11T09:15:47.883", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento Piotnet Forms para WordPress es vulnerable a la carga de archivos arbitrarios debido a una validaci\u00f3n insuficiente del tipo de archivo en la funci\u00f3n 'piotnetforms_ajax_form_builder' en versiones hasta la 1.0.26 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6223.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6223.json index e14ebfaa410..9b2b7bb4f98 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6223.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6223.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6223", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T07:15:08.220", - "lastModified": "2024-01-11T07:15:08.220", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another user's course progress." + }, + { + "lang": "es", + "value": "El complemento LearnPress para WordPress es vulnerable a Insecure Direct Object Reference en todas las versiones hasta la 4.2.5.7 incluida a trav\u00e9s de la API REST /wp-json/lp/v1/profile/course-tab debido a la falta de validaci\u00f3n en el 'ID de usuario' Clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, recuperen los detalles del progreso del curso de otro usuario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6266.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6266.json index 9634866b350..e4b5bd5c2c6 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6266.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6266.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6266", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.047", - "lastModified": "2024-01-11T09:15:48.047", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more." + }, + { + "lang": "es", + "value": "El complemento Backup Migration para WordPress es vulnerable al acceso no autorizado a los datos debido a una ruta y una validaci\u00f3n de archivos insuficientes en el caso BMI_BACKUP de la funci\u00f3n handle_downloading en todas las versiones hasta la 1.3.6 incluida. Esto hace posible que atacantes no autenticados descarguen archivos de respaldo que pueden contener informaci\u00f3n confidencial como contrase\u00f1as de usuario, PII, credenciales de bases de datos y mucho m\u00e1s." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6316.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6316.json index 422435f91e6..5bf9a7f2cd5 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6316.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6316.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6316", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.210", - "lastModified": "2024-01-11T09:15:48.210", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento MW WP Form para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validaci\u00f3n insuficiente del tipo de archivo en la funci\u00f3n '_single_file_upload' en versiones hasta la 5.0.1 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6369.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6369.json index 1510360eb80..54f11f44a53 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6369.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6369.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6369", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.380", - "lastModified": "2024-01-11T09:15:48.380", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings." + }, + { + "lang": "es", + "value": "El complemento Export WP Page to Static HTML/CSS para WordPress es vulnerable al acceso no autorizado a los datos y a su modificaci\u00f3n debido a una falta de verificaci\u00f3n de capacidad en m\u00faltiples acciones AJAX en todas las versiones hasta la 2.1.9 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, revelen informaci\u00f3n confidencial o realicen acciones no autorizadas, como guardar configuraciones avanzadas de complementos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6446.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6446.json index f37ac5a48b7..51c68f8021e 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6446.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6446.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6446", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T07:15:08.540", - "lastModified": "2024-01-11T07:15:08.540", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento Calculated Fields Form para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 1.2.40 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6496.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6496.json index c9ad935a0d7..5fcc59d5472 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6496.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6496.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6496", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.543", - "lastModified": "2024-01-11T09:15:48.543", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. This makes it possible for unauthenticated attackers to obtain plugin settings." + }, + { + "lang": "es", + "value": "El complemento Manage Notification E-mails para WordPress es vulnerable a la falta de autorizaci\u00f3n en todas las versiones hasta la 1.8.5 incluida a trav\u00e9s de la funci\u00f3n card_famne_export_settings. Esto hace posible que atacantes no autenticados obtengan la configuraci\u00f3n del complemento." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6504.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6504.json index fc750e802a9..1e73b66f4e2 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6504.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6504.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6504", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.710", - "lastModified": "2024-01-11T09:15:48.710", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. This makes it possible for authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata." + }, + { + "lang": "es", + "value": "El complemento User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n wppb_toolbox_usermeta_handler en todas las versiones hasta la 3.10.7 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, expongan informaci\u00f3n confidencial dentro de los metadatos del usuario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6506.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6506.json index bc5f1bb775f..ef32911e8b3 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6506.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6506.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6506", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T07:15:08.810", - "lastModified": "2024-01-11T07:15:08.810", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP 2FA \u2013 Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site." + }, + { + "lang": "es", + "value": "El complemento WP 2FA \u2013 Two-factor authentication for WordPress para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 2.5.0 incluida a trav\u00e9s de send_backup_codes_email debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto hace posible que los atacantes a nivel de suscriptor env\u00eden correos electr\u00f3nicos a usuarios arbitrarios en el sitio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json index 486379467d3..ad3fe9880c8 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6520.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6520", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T07:15:09.070", - "lastModified": "2024-01-11T07:15:09.070", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP 2FA \u2013 Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed." + }, + { + "lang": "es", + "value": "El complemento WP 2FA \u2013 Two-factor authentication for WordPress para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.5.0 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n send_backup_codes_email. Esto hace posible que atacantes no autenticados env\u00eden correos electr\u00f3nicos con contenido arbitrario a usuarios registrados a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio u otro usuario registrado para que realice una acci\u00f3n como hacer clic en un enlace. Mientras est\u00e9 presente una verificaci\u00f3n de nonce, solo se ejecuta si se establece un nonce. Al omitir un nonce de la solicitud, se puede omitir la verificaci\u00f3n." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6556.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6556.json index db491742f4e..a34ce8fc201 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6556.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6556.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6556", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:48.877", - "lastModified": "2024-01-11T09:15:48.877", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The FOX \u2013 Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento FOX \u2013 Currency Switcher Professional for WooCommerce para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de opciones de moneda en todas las versiones hasta la 1.4.1.5 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6558.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6558.json index fd291608c12..83f5ddec144 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6558.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6558.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6558", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:49.037", - "lastModified": "2024-01-11T09:15:49.037", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento Export and Import Users and Customers para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validaci\u00f3n insuficiente del tipo de archivo en la funci\u00f3n 'upload_import_file' en versiones hasta la 2.4.8 incluida. Esto hace posible que atacantes autenticados con capacidades de nivel de administrador de tienda o superior carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6561.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6561.json index 4a78898bf23..a1ea935ff81 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6561.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6561.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6561", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:49.193", - "lastModified": "2024-01-11T09:15:49.193", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Featured Image from URL (FIFU) para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del texto alternativo de la imagen destacada en todas las versiones hasta la 4.5.3 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6567.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6567.json index 3242a001913..687f3fe6bf1 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6567.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6567.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6567", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:49.407", - "lastModified": "2024-01-11T09:15:49.407", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order_by\u2019 parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento LearnPress para WordPress es vulnerable a la inyecci\u00f3n SQL basada en tiempo a trav\u00e9s del par\u00e1metro 'order_by' en todas las versiones hasta la 4.2.5.7 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6582.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6582.json index 8d11878f93e..841a1a0fe34 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6582.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6582.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6582", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:49.617", - "lastModified": "2024-01-11T09:15:49.617", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only." + }, + { + "lang": "es", + "value": "El complemento ElementsKit Elementor addons para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 3.0.3 incluida a trav\u00e9s de la funci\u00f3n ekit_widgetarea_content. Esto hace posible que atacantes no autenticados obtengan contenidos de publicaciones en estado de borrador, privadas o pendientes de revisi\u00f3n que no deber\u00edan ser visibles para el p\u00fablico en general. Esto se aplica \u00fanicamente a publicaciones creadas con Elementor." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6583.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6583.json index 6384d339c17..eb4744b40b8 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6583.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6583.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6583", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:49.777", - "lastModified": "2024-01-11T09:15:49.777", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information." + }, + { + "lang": "es", + "value": "El complemento Import and export users and customers para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 1.24.2 incluida a trav\u00e9s de la funcionalidad de importaci\u00f3n recurrente. Esto hace posible que atacantes autenticados, con acceso de administrador y superior, lean y eliminen el contenido de archivos arbitrarios en el servidor, incluido wp-config.php, que puede contener informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6598.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6598.json index fb282516f42..695d51dff63 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6598.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6598.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6598", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:49.933", - "lastModified": "2024-01-11T09:15:49.933", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options." + }, + { + "lang": "es", + "value": "El complemento SpeedyCache para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en las funciones speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings y speedycache_preloading_delete_resource en todas las versiones hasta la 1.1.3 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, actualicen las opciones del complemento." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6624.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6624.json index c430d31e7e5..ea231bed5b0 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6624.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6624.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6624", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:50.100", - "lastModified": "2024-01-11T09:15:50.100", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Import and export users and customers para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 1.24.3 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6630.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6630.json index 55c851e39e2..d61cd261e29 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6630.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6630.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6630", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T05:15:09.010", - "lastModified": "2024-01-11T05:15:09.010", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key." + }, + { + "lang": "es", + "value": "El complemento Contact Form 7 \u2013 Dynamic Text Extension para WordPress es vulnerable a Insecure Direct Object Reference en todas las versiones hasta la 4.1.0 incluida a trav\u00e9s de los c\u00f3digos cortos CF7_get_custom_field y CF7_get_current_user debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto hace posible que atacantes autenticados con acceso de colaborador o superior accedan a metadatos arbitrarios de cualquier tipo de publicaci\u00f3n, haciendo referencia a la publicaci\u00f3n por identificaci\u00f3n y a la meta por clave." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6632.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6632.json index 8b9d5ea2738..69cfe3fd75a 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6632.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6632.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6632", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:50.257", - "lastModified": "2024-01-11T09:15:50.257", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Happy Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s de DOM en todas las versiones hasta la 3.9.1.1 incluida (versiones hasta la 2.9.1.1 en Happy Addons para Elementor Pro) debido a una samotozaci\u00f3n de entrada insuficiente y un escape de salida . Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6634.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6634.json index 3e9ff4a29b5..d5c584ef277 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6634.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6634.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6634", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:50.437", - "lastModified": "2024-01-11T09:15:50.437", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution." + }, + { + "lang": "es", + "value": "El complemento LearnPress para WordPress es vulnerable a la inyecci\u00f3n de comandos en todas las versiones hasta la 4.2.5.7 incluida a trav\u00e9s de la funci\u00f3n get_content. Esto se debe a que el complemento utiliza la funci\u00f3n call_user_func con la entrada del usuario. Esto hace posible que atacantes no autenticados ejecuten cualquier funci\u00f3n p\u00fablica con un par\u00e1metro, lo que podr\u00eda resultar en la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6636.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6636.json index c68ec548e5d..a744abf9f0b 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6636.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6636.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6636", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:50.593", - "lastModified": "2024-01-11T09:15:50.593", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento Greenshift \u2013 animation and page builder blocks para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'gspb_save_files' en versiones hasta la 7.6.2 incluida. Esto hace posible que atacantes autenticados con capacidades de nivel de administrador o superior carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6637.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6637.json index 422b075fcaa..d95eb7b9922 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6637.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6637.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6637", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:50.753", - "lastModified": "2024-01-11T09:15:50.753", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings." + }, + { + "lang": "es", + "value": "El complemento CAOS | Host Google Analytics Locally para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'update_settings' en versiones hasta la 4.7.14 incluida. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del complemento." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6638.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6638.json index a3be11c61ed..ac4b403a902 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6638.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6638.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6638", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:50.920", - "lastModified": "2024-01-11T09:15:50.920", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings." + }, + { + "lang": "es", + "value": "El complemento GTG Product Feed for Shopping para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'update_settings' en versiones hasta la 1.2.4 incluida. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del complemento." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6645.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6645.json index 83a1958b768..97d0ca24194 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6645.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6645.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6645", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.097", - "lastModified": "2024-01-11T09:15:51.097", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Post Grid Combo \u2013 36+ Gutenberg Blocks para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro JS personalizado en todas las versiones hasta la 2.2.64 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de colaborador o superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6684.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6684.json index a0c6f1c49c2..3d04bb9e359 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6684.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6684.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6684", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.263", - "lastModified": "2024-01-11T09:15:51.263", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Ibtana \u2013 WordPress Website Builder para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado 'ive' en versiones hasta la 1.2.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos 'width' y 'height' proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6699.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6699.json index 1099cd500e2..2550d0c218a 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6699.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6699.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6699", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T07:15:09.357", - "lastModified": "2024-01-11T07:15:09.357", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information." + }, + { + "lang": "es", + "value": "El complemento WP Compress \u2013 Image Optimizer [All-In-One] para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 6.10.33 incluida a trav\u00e9s del par\u00e1metro css. Esto hace posible que atacantes no autenticados lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6737.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6737.json index 4d33945616f..2ad2d8391f2 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6737.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6737.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6737", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.457", - "lastModified": "2024-01-11T09:15:51.457", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Exploiting this vulnerability requires the attacker to know the ID of an attachment uploaded by the user they are attacking." + }, + { + "lang": "es", + "value": "El complemento Enable Media Replace para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro SHORTPIXEL_DEBUG en todas las versiones hasta la 4.1.4 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace. Explotar esta vulnerabilidad requiere que el atacante conozca el ID de un archivo adjunto subido por el usuario al que est\u00e1 atacando." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6742.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6742.json index 6bffb9b1a89..6461080b598 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6742.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6742.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6742", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.640", - "lastModified": "2024-01-11T09:15:51.640", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Gallery Plugin for WordPress \u2013 Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts." + }, + { + "lang": "es", + "value": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery complemento para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una verificaci\u00f3n de capacidad incorrecta en la funci\u00f3n 'envira_gallery_insert_images' en todas las versiones hasta la 1.8.7.1 incluida. Esto hace posible que atacantes autenticados, con acceso de colaborador y superior, modifiquen galer\u00edas en las publicaciones de otros usuarios." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6751.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6751.json index 074fc24e500..d25faeb07ab 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6751.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6751.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6751", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.817", - "lastModified": "2024-01-11T09:15:51.817", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode." + }, + { + "lang": "es", + "value": "El complemento de Hostinger para WordPress es vulnerable a actualizaciones no autorizadas de la configuraci\u00f3n del complemento debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n publish_website en todas las versiones hasta la 1.9.7 incluida. Esto hace posible que atacantes no autenticados habiliten y deshabiliten el modo de mantenimiento." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6776.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6776.json index 450b5d4720f..c65137e24c0 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6776.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6776.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6776", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:51.977", - "lastModified": "2024-01-11T09:15:51.977", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Ready Function\u2019 field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento 3D FlipBook para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del campo 'Ready Function' en todas las versiones hasta la 1.15.2 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6781.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6781.json index fe4d2d60156..2f2bff469a2 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6781.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6781.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6781", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.133", - "lastModified": "2024-01-11T09:15:52.133", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Orbit Fox de ThemeIsle para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los campos personalizados del complemento en todas las versiones hasta la 2.10.26 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los valores proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6782.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6782.json index 8942be9c76d..ce40123d938 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6782.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6782.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6782", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.297", - "lastModified": "2024-01-11T09:15:52.297", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento AMP for WP \u2013 Accelerated Mobile Pages para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 1.0.92 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. . Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6828.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6828.json index 511f7672d4e..df73a0e9af1 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6828.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6828.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6828", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.457", - "lastModified": "2024-01-11T09:15:52.457", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Contact Form, Survey & Popup Form Plugin for WordPress \u2013 ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018 arf_http_referrer_url\u2019 parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "Contact Form, Survey & Popup Form Plugin for WordPress \u2013 ARForms Form Builder complemento para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'arf_http_referrer_url' en todas las versiones hasta la 1.5.8 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y salida que se escapa. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6855.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6855.json index 829cd4c9309..d7cbedf85ea 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6855.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6855.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6855", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.613", - "lastModified": "2024-01-11T09:15:52.613", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices." + }, + { + "lang": "es", + "value": "El complemento Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions para WordPress es vulnerable a modificaciones no autorizadas de los niveles de membres\u00eda creados por el complemento debido a una verificaci\u00f3n de capacidad implementada incorrectamente en la funci\u00f3n pmpro_rest_api_get_permissions_check en todas las versiones hasta 2.12.5 (incluida). Esto hace posible que atacantes no autenticados cambien los niveles de membres\u00eda, incluidos los precios." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6875.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6875.json index bfa264eba53..b539c8cfc63 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6875.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6875.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6875", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.773", - "lastModified": "2024-01-11T09:15:52.773", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover." + }, + { + "lang": "es", + "value": "El complemento POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP para WordPress es vulnerable al acceso no autorizado a los datos y a la modificaci\u00f3n de los mismos debido a un problema de malabarismo de tipos en el endpoint REST de la aplicaci\u00f3n de conexi\u00f3n en todas las versiones hasta, e incluida, 2.8.7. Esto hace posible que atacantes no autenticados restablezcan la clave API utilizada para autenticarse en el correo y ver registros, incluidos los correos electr\u00f3nicos de restablecimiento de contrase\u00f1a, lo que permite tomar el control del sitio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6878.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6878.json index 96e553af2b5..85205bc061c 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6878.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6878.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6878", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:52.940", - "lastModified": "2024-01-11T09:15:52.940", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily." + }, + { + "lang": "es", + "value": "El complemento Slick Social Share Buttons para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'dcssb_ajax_update' en versiones hasta la 2.4.11 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor o superiores, actualicen las opciones del sitio de forma arbitraria." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6882.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6882.json index 052849cdf80..c984d91dd99 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6882.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6882.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6882", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:53.103", - "lastModified": "2024-01-11T09:15:53.103", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018environment_mode\u2019 parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Simple Membership para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s del par\u00e1metro 'environment_mode' en todas las versiones hasta la 4.3.8 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6883.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6883.json index e12ba4f0000..3a66fe8a218 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6883.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6883.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6883", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T07:15:09.620", - "lastModified": "2024-01-11T07:15:09.620", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs." + }, + { + "lang": "es", + "value": "El complemento Easy Social Feed para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en m\u00faltiples funciones AJAX en todas las versiones hasta la 6.5.2 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, realicen acciones no autorizadas, como modificar los tokens de acceso de Facebook e Instagram del complemento y actualizar las ID de grupo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6924.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6924.json index 3e68551b0bc..0efeb2bf6b8 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6924.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6924.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6924", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:53.253", - "lastModified": "2024-01-11T09:15:53.253", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin." + }, + { + "lang": "es", + "value": "El complemento Photo Gallery de 10Web para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de widgets en versiones hasta la 1.8.18 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de administrador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Tambi\u00e9n se puede explotar con un permiso de nivel de colaborador con un complemento de creaci\u00f3n de p\u00e1ginas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6934.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6934.json index 3ff09534217..5b72eb5f4b8 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6934.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6934.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6934", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:53.417", - "lastModified": "2024-01-11T09:15:53.417", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Limit Login Attempts Reloaded para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 2.25.26 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6979.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6979.json index ed19a7a90d7..182b1be4d84 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6979.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6979.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6979", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:53.670", - "lastModified": "2024-01-11T09:15:53.670", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento Customer Reviews for WooCommerce para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validaci\u00f3n del tipo de archivo en la acci\u00f3n ivole_import_upload_csv AJAX en todas las versiones hasta la 5.38.9 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6988.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6988.json index 25efa688a1e..0a10065733e 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6988.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6988.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6988", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:53.910", - "lastModified": "2024-01-11T09:15:53.910", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Colibri Page Builder para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado extend_builder_render_js del complemento en todas las versiones hasta la 1.0.239 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6990.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6990.json index 15b530fa459..14a50912637 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6990.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6990.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6990", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:54.173", - "lastModified": "2024-01-11T09:15:54.173", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El tema Weaver Xtreme para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de meta de publicaci\u00f3n personalizada en todas las versiones hasta la 6.3.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en meta proporcionada por el usuario (c\u00f3digo de encabezado de p\u00e1gina). Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6994.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6994.json index 2d60991aba7..8f16473f820 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6994.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6994.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6994", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:54.497", - "lastModified": "2024-01-11T09:15:54.497", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento List category posts para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto 'catlist' del complemento en todas las versiones hasta la 0.89.3 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7019.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7019.json index 048139b828c..5fa871639ad 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7019.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7019.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7019", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:54.780", - "lastModified": "2024-01-11T09:15:54.780", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to change page designs." + }, + { + "lang": "es", + "value": "El complemento LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n insert_template en todas las versiones hasta la 2.6.8 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, cambien los dise\u00f1os de las p\u00e1ginas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7048.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7048.json index 4b1f129371b..c9f2c2ff157 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7048.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7048.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7048", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:55.030", - "lastModified": "2024-01-11T09:15:55.030", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a CSV file containing contact leads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Because the CSV file is exported to a public location, it can be downloaded during a very short window of time before it is automatically deleted by the export function." + }, + { + "lang": "es", + "value": "El complemento My Sticky Bar para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.6.6 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en mystickymenu-contact-leads.php. Esto hace posible que atacantes no autenticados activen la exportaci\u00f3n de un archivo CSV que contiene contactos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace. Debido a que el archivo CSV se exporta a una ubicaci\u00f3n p\u00fablica, se puede descargar durante un per\u00edodo de tiempo muy corto antes de que la funci\u00f3n de exportaci\u00f3n lo elimine autom\u00e1ticamente." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7070.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7070.json index 50e20a90eac..6619a66ce45 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7070.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7070.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7070", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:55.287", - "lastModified": "2024-01-11T09:15:55.287", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Email Encoder \u2013 Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Email Encoder \u2013 Protect Email Addresses and Phone Numbers para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto eeb_mailto del complemento en todas las versiones hasta la 2.1.9 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. . Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7071.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7071.json index 606387044e3..3060c19f443 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7071.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7071.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7071", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-11T09:15:55.540", - "lastModified": "2024-01-11T09:15:55.540", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:09.767", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates para WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s del bloque Table of Contents en todas las versiones hasta la 4.4.6 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json index c91931a4b5e..bc845f54c5f 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0252.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0252", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2024-01-11T08:15:35.933", - "lastModified": "2024-01-11T08:15:35.933", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ManageEngine ADSelfService Plus versions\u00a06401\u00a0and below are vulnerable to the remote code execution due to the improper handling in the load balancer component." + }, + { + "lang": "es", + "value": "Las versiones 6401 e inferiores de ManageEngine ADSelfService Plus son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo debido al manejo inadecuado en el componente del balanceador de carga." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json index c4f954ec3ab..bb6d9d0b06f 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0333", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-10T22:15:50.907", - "lastModified": "2024-01-11T03:15:10.893", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "La validaci\u00f3n de datos insuficiente en Extensions de Google Chrome anteriores a 120.0.6099.216 permiti\u00f3 a un atacante en una posici\u00f3n privilegiada de la red instalar una extensi\u00f3n maliciosa a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: alta)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21637.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21637.json index 77d82a3cf14..b183da3f8e6 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21637.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21637.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21637", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T06:15:43.787", - "lastModified": "2024-01-11T06:15:43.787", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6." + }, + { + "lang": "es", + "value": "Authentik es un proveedor de identidades de c\u00f3digo abierto. Authentik es afectado por una vulnerabilidad de cross site scripting reflejada a trav\u00e9s de URI de JavaScript en flujos de OpenID Connect con `response_mode=form_post`. Este relativamente usuario podr\u00eda utilizar los ataques descritos para realizar una escalada de privilegios. Esta vulnerabilidad ha sido parcheada en las versiones 2023.10.6 y 2023.8.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21638.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21638.json index 06391f1af8a..ba9823c0bc3 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21638.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21638.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21638", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-10T22:15:51.563", - "lastModified": "2024-01-10T22:15:51.563", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.\n" + }, + { + "lang": "es", + "value": "Azure IPAM (administraci\u00f3n de direcciones IP) es una soluci\u00f3n liviana desarrollada sobre la plataforma Azure dise\u00f1ada para ayudar a los clientes de Azure a administrar su espacio de direcciones IP de manera f\u00e1cil y efectiva. Por dise\u00f1o, no hay acceso de escritura a los entornos de Azure de los clientes, ya que a la entidad de servicio utilizada solo se le asigna la funci\u00f3n de lector en el nivel del grupo de administraci\u00f3n ra\u00edz. Hasta hace poco, la soluci\u00f3n carec\u00eda de la validaci\u00f3n del token de autenticaci\u00f3n pasado, lo que puede provocar que un atacante se haga pasar por cualquier usuario privilegiado para acceder a los datos almacenados en la instancia de IPAM y posteriormente desde Azure, lo que provoca una elevaci\u00f3n de privilegios. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21665.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21665.json index d0fe33fbf29..75642b37d0b 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21665.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21665.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21665", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T01:15:45.413", - "lastModified": "2024-01-11T01:15:45.413", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10." + }, + { + "lang": "es", + "value": "ecommerce-framework-bundle es el paquete Pimcore Ecommerce Framework. Un usuario autenticado y no autorizado puede acceder a la lista de pedidos administrativos y consultar la informaci\u00f3n devuelta. No se aplican controles de acceso ni permisos. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 1.0.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21666.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21666.json index a38ccc536d9..5a0e10f4128 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21666.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21666.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21666", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T01:15:45.623", - "lastModified": "2024-01-11T01:15:45.623", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.\n" + }, + { + "lang": "es", + "value": "Customer Management Framework (CMF) para Pimcore agrega funcionalidad para la gesti\u00f3n de datos de clientes, segmentaci\u00f3n, personalizaci\u00f3n y automatizaci\u00f3n de marketing. Un usuario autenticado y no autorizado puede acceder a la lista de posibles usuarios duplicados y ver sus datos. Los permisos se aplican al llegar al endpoint `/admin/customermanagementframework/duplicates/list`, lo que permite a un usuario autenticado sin permisos acceder al endpoint y consultar los datos disponibles all\u00ed. Los usuarios no autorizados pueden acceder a los datos PII de los clientes. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 4.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21667.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21667.json index 2ee31f1be89..fc77a06f663 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21667.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21667.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21667", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T01:15:45.810", - "lastModified": "2024-01-11T01:15:45.810", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.\n" + }, + { + "lang": "es", + "value": "pimcore/customer-data-framework es el Customer Management Framework para la gesti\u00f3n de datos de clientes dentro de Pimcore. Un usuario autenticado y no autorizado puede acceder a la funci\u00f3n de extracci\u00f3n de datos del RGPD y consultar la informaci\u00f3n devuelta, lo que lleva a la exposici\u00f3n de los datos del cliente. Los permisos no se aplican al llegar al endpoint `/admin/customermanagementframework/gdpr-data/search-data-objects`, lo que permite a un usuario autenticado sin permisos acceder al endpoint y consultar los datos disponibles all\u00ed. Un usuario no autorizado puede acceder a los datos PII de los clientes. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 4.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21669.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21669.json index 1ecb1c68424..982d44942ee 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21669.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21669.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21669", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T06:15:44.067", - "lastModified": "2024-01-11T06:15:44.067", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own. This vulnerability has been present since version 0.7.0 and fixed in version 0.10.5." + }, + { + "lang": "es", + "value": "Hyperledger Aries Cloud Agent Python (ACA-Py) es una base para crear aplicaciones y servicios de identidad descentralizados que se ejecutan en entornos no m\u00f3viles. Al verificar las credenciales verificables en formato W3C usando JSON-LD con Linked Data Proofs (LDP-VC), el resultado de verificar la presentaci\u00f3n `document.proof` no se tuvo en cuenta en el valor final `verified` (`true`/`false`) en el acta de presentaci\u00f3n. La falla permite a los titulares de credenciales verificables en formato W3C que utilizan JSON-LD con pruebas de datos vinculados (LDP) presentar pruebas construidas incorrectamente y permite a verificadores maliciosos guardar y reproducir una presentaci\u00f3n de dichos titulares como propia. Esta vulnerabilidad ha estado presente desde la versi\u00f3n 0.7.0 y se corrigi\u00f3 en la versi\u00f3n 0.10.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21773.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21773.json index 501d4e343d9..c63e57a1fc0 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21773.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21773.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21773", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-11T00:15:44.560", - "lastModified": "2024-01-11T00:15:44.560", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Archer AX5400 firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", Deco X50 firmware versions prior to \"Deco X50(JP)_V1_1.4.1 Build 20231122\", and Deco XE200 firmware versions prior to \"Deco XE200(JP)_V1_1.2.5 Build 20231120\"." + }, + { + "lang": "es", + "value": "M\u00faltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red con acceso al producto ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware Archer AX3000 anteriores a \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Versiones de firmware Archer AX5400 anteriores a \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", Versiones de firmware Deco X50 anteriores a \"Deco X50(JP)_V1_1.4.1 Build 20231122\" y versiones de firmware Deco XE200 anteriores a \"Deco XE200(JP)_V1_1.2.5 Build 20231120\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21821.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21821.json index 5d4dca60075..96ac638a64e 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21821.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21821.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21821", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-11T00:15:44.633", - "lastModified": "2024-01-11T00:15:44.633", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Archer AX5400 firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", and Archer AXE75 firmware versions prior to \"Archer AXE75(JP)_V1_231115\"." + }, + { + "lang": "es", + "value": "M\u00faltiples productos TP-LINK permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware de Archer AX3000 anteriores a \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", versiones de firmware de Archer AX5400 anteriores a \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\" y firmware de Archer AXE75 versiones anteriores a \"Archer AXE75(JP)_V1_231115\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21833.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21833.json index cea49b585ee..a94ac05f441 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21833.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21833.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21833", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-11T00:15:44.683", - "lastModified": "2024-01-11T00:15:44.683", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Archer AX5400 firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", Archer AXE75 firmware versions prior to \"Archer AXE75(JP)_V1_231115\", Deco X50 firmware versions prior to \"Deco X50(JP)_V1_1.4.1 Build 20231122\", and Deco XE200 firmware versions prior to \"Deco XE200(JP)_V1_1.2.5 Build 20231120\"." + }, + { + "lang": "es", + "value": "M\u00faltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red con acceso al producto ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware de Archer AX3000 anteriores a \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Versiones de firmware de Archer AX5400 anteriores a \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", Versiones de firmware de Archer AXE75 anteriores a \"Archer AXE75(JP)_V1_231115\", versiones de firmware Deco X50 anteriores a \"Deco X50(JP)_V1_1.4.1 Build 20231122\" y versiones de firmware Deco XE200 anteriores a \"Deco XE200(JP)_V1_1.2.5 Build 20231120\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22190.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22190.json index d529ab6e0ba..ff22945195a 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22190.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22190.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22190", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T02:15:48.250", - "lastModified": "2024-01-11T02:15:48.250", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41." + }, + { + "lang": "es", + "value": "GitPython es una librer\u00eda de Python que se utiliza para interactuar con los repositorios de Git. Existe una soluci\u00f3n incompleta para CVE-2023-40590. En Windows, GitPython usa una ruta de b\u00fasqueda que no es de confianza si usa un shell para ejecutar `git`, as\u00ed como cuando ejecuta `bash.exe` para interpretar ganchos. Si cualquiera de esas funciones se utiliza en Windows, se puede ejecutar un `git.exe` o `bash.exe` malicioso desde un repositorio que no es de confianza. Este problema se solucion\u00f3 en la versi\u00f3n 3.1.41." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22194.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22194.json index e6846fa57e7..45983065c3b 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22194.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22194.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22194", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T03:15:10.933", - "lastModified": "2024-01-11T03:15:10.933", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. " + }, + { + "lang": "es", + "value": "El proyecto cdo-local-uuid proporciona una funci\u00f3n especializada de generaci\u00f3n de UUID que puede, a petici\u00f3n del usuario, hacer que un programa genere UUID deterministas. Una vulnerabilidad de fuga de informaci\u00f3n est\u00e1 presente en `cdo-local-uuid` en la versi\u00f3n `0.4.0`, y en `case-utils` en versiones sin parches (que coinciden con el patr\u00f3n `0.x.0`) en y desde `0.5. 0`, antes de `0.15.0`. La vulnerabilidad surge de una funci\u00f3n de Python, `cdo_local_uuid.local_uuid()`, y su implementaci\u00f3n original `case_utils.local_uuid()`." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22195.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22195.json index 9ae371832d9..238c45361bc 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22195.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22195.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22195", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-11T03:15:11.200", - "lastModified": "2024-01-11T03:15:11.200", - "vulnStatus": "Received", + "lastModified": "2024-01-11T13:57:26.160", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.\n" + }, + { + "lang": "es", + "value": "Jinja es un motor de plantillas extensible. Los marcadores de posici\u00f3n especiales en la plantilla permiten escribir c\u00f3digo similar a la sintaxis de Python. Es posible inyectar atributos HTML arbitrarios en la plantilla HTML renderizada, lo que podr\u00eda generar cross site scripting (XSS). Se puede abusar del filtro Jinja `xmlattr` para inyectar claves y valores de atributos HTML arbitrarios, evitando el mecanismo de escape autom\u00e1tico y potencialmente conduciendo a XSS. Tambi\u00e9n es posible omitir las comprobaciones de validaci\u00f3n de atributos si est\u00e1n basadas en listas negras." } ], "metrics": { diff --git a/README.md b/README.md index c0af9bc445f..f806d5bce6a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-11T13:00:24.838448+00:00 +2024-01-11T15:00:25.194916+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-11T12:15:42.767000+00:00 +2024-01-11T14:54:52.880000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235626 +235632 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `6` -* [CVE-2022-4958](CVE-2022/CVE-2022-49xx/CVE-2022-4958.json) (`2024-01-11T12:15:42.767`) +* [CVE-2023-20573](CVE-2023/CVE-2023-205xx/CVE-2023-20573.json) (`2024-01-11T14:15:43.963`) +* [CVE-2023-50159](CVE-2023/CVE-2023-501xx/CVE-2023-50159.json) (`2024-01-11T14:15:44.070`) +* [CVE-2023-51748](CVE-2023/CVE-2023-517xx/CVE-2023-51748.json) (`2024-01-11T14:15:44.123`) +* [CVE-2023-51749](CVE-2023/CVE-2023-517xx/CVE-2023-51749.json) (`2024-01-11T14:15:44.167`) +* [CVE-2023-51750](CVE-2023/CVE-2023-517xx/CVE-2023-51750.json) (`2024-01-11T14:15:44.230`) +* [CVE-2023-51751](CVE-2023/CVE-2023-517xx/CVE-2023-51751.json) (`2024-01-11T14:15:44.270`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `178` +* [CVE-2023-40438](CVE-2023/CVE-2023-404xx/CVE-2023-40438.json) (`2024-01-11T13:57:35.163`) +* [CVE-2023-47560](CVE-2023/CVE-2023-475xx/CVE-2023-47560.json) (`2024-01-11T14:07:09.593`) +* [CVE-2023-51502](CVE-2023/CVE-2023-515xx/CVE-2023-51502.json) (`2024-01-11T14:16:03.027`) +* [CVE-2023-52178](CVE-2023/CVE-2023-521xx/CVE-2023-52178.json) (`2024-01-11T14:17:42.607`) +* [CVE-2023-52184](CVE-2023/CVE-2023-521xx/CVE-2023-52184.json) (`2024-01-11T14:19:23.967`) +* [CVE-2023-50027](CVE-2023/CVE-2023-500xx/CVE-2023-50027.json) (`2024-01-11T14:26:14.217`) +* [CVE-2023-52123](CVE-2023/CVE-2023-521xx/CVE-2023-52123.json) (`2024-01-11T14:28:17.513`) +* [CVE-2023-52128](CVE-2023/CVE-2023-521xx/CVE-2023-52128.json) (`2024-01-11T14:29:37.127`) +* [CVE-2023-23588](CVE-2023/CVE-2023-235xx/CVE-2023-23588.json) (`2024-01-11T14:31:50.550`) +* [CVE-2023-39853](CVE-2023/CVE-2023-398xx/CVE-2023-39853.json) (`2024-01-11T14:47:18.230`) +* [CVE-2023-50609](CVE-2023/CVE-2023-506xx/CVE-2023-50609.json) (`2024-01-11T14:54:52.880`) +* [CVE-2024-0333](CVE-2024/CVE-2024-03xx/CVE-2024-0333.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-21638](CVE-2024/CVE-2024-216xx/CVE-2024-21638.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-21773](CVE-2024/CVE-2024-217xx/CVE-2024-21773.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-21821](CVE-2024/CVE-2024-218xx/CVE-2024-21821.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-21833](CVE-2024/CVE-2024-218xx/CVE-2024-21833.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-21665](CVE-2024/CVE-2024-216xx/CVE-2024-21665.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-21666](CVE-2024/CVE-2024-216xx/CVE-2024-21666.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-21667](CVE-2024/CVE-2024-216xx/CVE-2024-21667.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-22190](CVE-2024/CVE-2024-221xx/CVE-2024-22190.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-22194](CVE-2024/CVE-2024-221xx/CVE-2024-22194.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-22195](CVE-2024/CVE-2024-221xx/CVE-2024-22195.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-21637](CVE-2024/CVE-2024-216xx/CVE-2024-21637.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-21669](CVE-2024/CVE-2024-216xx/CVE-2024-21669.json) (`2024-01-11T13:57:26.160`) +* [CVE-2024-0252](CVE-2024/CVE-2024-02xx/CVE-2024-0252.json) (`2024-01-11T13:57:26.160`) ## Download and Usage