mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-01-11T15:00:25.194916+00:00
This commit is contained in:
cad-safe-bot
parent
bd555f554c
commit
097fa0b89a
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-32919",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.173",
|
||||
"lastModified": "2024-01-10T22:15:47.173",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 mejorando el manejo de la interfaz de usuario. Este problema se solucion\u00f3 en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1. Visitar un sitio web que enmarque contenido malicioso puede provocar una suplantaci\u00f3n de la interfaz de usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-32931",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.240",
|
||||
"lastModified": "2024-01-10T22:15:47.240",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 mejorando la protecci\u00f3n de datos. Este problema se solucion\u00f3 en macOS Ventura 13. Una aplicaci\u00f3n con privilegios de root puede acceder a informaci\u00f3n privada."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-40361",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-11T03:15:09.157",
|
||||
"lastModified": "2024-01-11T03:15:09.157",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La vulnerabilidad de cross site scripting en Elite CRM v1.2.11 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de idioma en el endpoint /ngs/login."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-42816",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.290",
|
||||
"lastModified": "2024-01-10T22:15:47.290",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se abord\u00f3 una cuesti\u00f3n de l\u00f3gica con una mejor gesti\u00f3n estatal. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-42839",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.330",
|
||||
"lastModified": "2024-01-10T22:15:47.330",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-45793",
|
||||
"sourceIdentifier": "ot-cert@dragos.com",
|
||||
"published": "2024-01-10T21:15:08.193",
|
||||
"lastModified": "2024-01-10T21:15:08.193",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "[PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT]."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "[PROBLEMTYPE] en [VENDOR] [PRODUCT] [VERSION] en [PLATFORMS] permite al [ATTACKER] hacer [IMPACT]."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-45794",
|
||||
"sourceIdentifier": "ot-cert@dragos.com",
|
||||
"published": "2024-01-10T23:15:08.397",
|
||||
"lastModified": "2024-01-10T23:15:08.397",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files form the PLC internal memory and memory card.\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un atacante con acceso a la red del PLC afectado (PLC de las series CJ y CS, todas las versiones) puede utilizar un protocolo de red para leer y escribir archivos desde la memoria interna y la tarjeta de memoria del PLC."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-46710",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.380",
|
||||
"lastModified": "2024-01-10T22:15:47.380",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 16.2 y iPadOS 16.2, macOS Ventura 13.1. Los datos de Location se pueden compartir a trav\u00e9s de enlaces de iCloud incluso si los metadatos de Location est\u00e1n deshabilitados a trav\u00e9s de Share Sheet."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-46721",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.430",
|
||||
"lastModified": "2024-01-10T22:15:47.430",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-47915",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.473",
|
||||
"lastModified": "2024-01-10T22:15:47.473",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-47965",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.523",
|
||||
"lastModified": "2024-01-10T22:15:47.523",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-48504",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.563",
|
||||
"lastModified": "2024-01-10T22:15:47.563",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-48577",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.610",
|
||||
"lastModified": "2024-01-10T22:15:47.610",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de acceso mejorando las restricciones de acceso. Este problema se solucion\u00f3 en macOS Ventura 13. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2022-4958",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-01-11T12:15:42.767",
|
||||
"lastModified": "2024-01-11T12:15:42.767",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:09.767",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
20
CVE-2023/CVE-2023-205xx/CVE-2023-20573.json
Normal file
20
CVE-2023/CVE-2023-205xx/CVE-2023-20573.json
Normal file
@ -0,0 +1,20 @@
|
||||
{
|
||||
"id": "CVE-2023-20573",
|
||||
"sourceIdentifier": "psirt@amd.com",
|
||||
"published": "2024-01-11T14:15:43.963",
|
||||
"lastModified": "2024-01-11T14:15:43.963",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006",
|
||||
"source": "psirt@amd.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-23588",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2023-04-11T10:15:18.097",
|
||||
"lastModified": "2023-04-19T20:00:49.490",
|
||||
"lastModified": "2024-01-11T14:31:50.550",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -167,9 +167,9 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:microsemi:maxview_storage_manager:*:*:*:*:*:windows:*:*",
|
||||
"criteria": "cpe:2.3:a:microchip:maxview_storage_manager:*:*:*:*:*:windows:*:*",
|
||||
"versionEndExcluding": "4.09.00.25611",
|
||||
"matchCriteriaId": "2FA3A785-43FF-407B-854D-2C0D931FBE14"
|
||||
"matchCriteriaId": "77C02716-54AE-4545-AB8C-4760F92271A2"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28185",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.803",
|
||||
"lastModified": "2024-01-10T22:15:47.803",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un desbordamiento de enteros mediante una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 y iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 y iPadOS 15.7.4. Una aplicaci\u00f3n puede provocar una denegaci\u00f3n de servicio."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28197",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.853",
|
||||
"lastModified": "2024-01-10T22:15:47.853",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de acceso con restricciones adicionales de sandbox. Este problema se solucion\u00f3 en macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-29444",
|
||||
"sourceIdentifier": "ot-cert@dragos.com",
|
||||
"published": "2024-01-10T17:15:08.493",
|
||||
"lastModified": "2024-01-10T17:15:08.493",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha descubierto una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada (secuestro de DLL) que podr\u00eda permitir a un adversario autenticado localmente escalar privilegios a SYSTEM. Alternativamente, podr\u00edan alojar una versi\u00f3n con troyano del software y enga\u00f1ar a las v\u00edctimas para que descarguen e instalen su versi\u00f3n maliciosa para obtener acceso inicial y ejecuci\u00f3n del c\u00f3digo."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-29445",
|
||||
"sourceIdentifier": "ot-cert@dragos.com",
|
||||
"published": "2024-01-10T21:15:08.410",
|
||||
"lastModified": "2024-01-10T21:15:08.410",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha descubierto una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada (secuestro de DLL) que podr\u00eda permitir a un adversario autenticado localmente escalar privilegios a SYSTEM."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-29446",
|
||||
"sourceIdentifier": "ot-cert@dragos.com",
|
||||
"published": "2024-01-10T21:15:08.603",
|
||||
"lastModified": "2024-01-10T21:15:08.603",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.\u00a0"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha descubierto una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda permitir a un adversario inyectar una ruta UNC a trav\u00e9s de un archivo de proyecto malicioso. Esto permite a un adversario capturar hashes NLTMv2 y potencialmente descifrarlos offline."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-29447",
|
||||
"sourceIdentifier": "ot-cert@dragos.com",
|
||||
"published": "2024-01-10T21:15:08.790",
|
||||
"lastModified": "2024-01-10T21:15:08.790",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de credenciales insuficientemente protegidas en KEPServerEX podr\u00eda permitir que un adversario capture las credenciales del usuario mientras el servidor web utiliza autenticaci\u00f3n b\u00e1sica."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-31001",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-01-11T03:15:09.413",
|
||||
"lastModified": "2024-01-11T03:15:09.413",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) almacena temporalmente informaci\u00f3n confidencial en archivos a los que un usuario local podr\u00eda acceder. ID de IBM X-Force: 254653."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-31003",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-01-11T03:15:09.617",
|
||||
"lastModified": "2024-01-11T03:15:09.617",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podr\u00eda permitir que un usuario local obtenga acceso ra\u00edz debido a controles de acceso inadecuados. ID de IBM X-Force: 254658."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-31488",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-10T20:15:45.330",
|
||||
"lastModified": "2024-01-10T20:15:45.330",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Las versiones de Hyland Perceived Filters anteriores al 8 de diciembre de 2023 (por ejemplo, 11.4.0.2647), tal como se utilizan en el software Cisco IronPort Email Security Appliance, Cisco Secure Email Gateway y varios productos que no son de Cisco, permiten a los atacantes desencadenar un fallo de segmentaci\u00f3n y ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento manipulado."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-32366",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.897",
|
||||
"lastModified": "2024-01-10T22:15:47.897",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de escritura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 y iPadOS 16.4, iOS 15.7.4 y iPadOS 15.7.4, macOS Monterey 12.6.4. El procesamiento de un archivo de fuente puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-32378",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.943",
|
||||
"lastModified": "2024-01-10T22:15:47.943",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-32383",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:47.987",
|
||||
"lastModified": "2024-01-10T22:15:47.987",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 forzando un runtime reforzado en los archivos binarios afectados a nivel del sistema. Este problema se solucion\u00f3 en macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Es posible que una aplicaci\u00f3n pueda inyectar c\u00f3digo en archivos binarios confidenciales incluidos con Xcode."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-32401",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.040",
|
||||
"lastModified": "2024-01-10T22:15:48.040",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un desbordamiento de b\u00fafer mejorando la verificaci\u00f3n de l\u00edmites. Este problema se solucion\u00f3 en macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. El an\u00e1lisis de un documento de Office puede provocar la finalizaci\u00f3n inesperada de una aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-32424",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.087",
|
||||
"lastModified": "2024-01-10T22:15:48.087",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en iOS 16.4 y iPadOS 16.4, watchOS 9.4. Un atacante que ya haya logrado la ejecuci\u00f3n del c\u00f3digo del kernel puede omitir las mitigaciones de memoria del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-32436",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.140",
|
||||
"lastModified": "2024-01-10T22:15:48.140",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 con comprobaciones de l\u00edmites mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.3. Una aplicaci\u00f3n puede provocar la finalizaci\u00f3n inesperada del sistema o escribir en la memoria del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-37644",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-11T08:15:35.737",
|
||||
"lastModified": "2024-01-11T08:15:35.737",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "SWFTools 0.9.2 772e55a permite a los atacantes desencadenar un gran intento de asignaci\u00f3n de memoria a trav\u00e9s de un documento manipulado, como lo demuestra pdf2swf. Esto ocurre en png_read_chunk en lib/png.c."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-37932",
|
||||
"sourceIdentifier": "psirt@fortinet.com",
|
||||
"published": "2024-01-10T18:15:45.570",
|
||||
"lastModified": "2024-01-10T18:15:45.570",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path traversal\") [CWE-22] en FortiVoiceEntreprise versi\u00f3n 7.0.0 y anteriores a 6.4.7 permite a un atacante autenticado leer archivos arbitrarios del sistema mediante el env\u00edo de solicitudes HTTP o HTTPS manipuladas."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-37934",
|
||||
"sourceIdentifier": "psirt@fortinet.com",
|
||||
"published": "2024-01-10T18:15:45.823",
|
||||
"lastModified": "2024-01-10T18:15:45.823",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites o de limitaci\u00f3n [CWE-770] en FortiPAM 1.0 en todas las versiones permite a un atacante autenticado realizar un ataque de denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes HTTP o HTTPS manipuladas con alta frecuencia."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,19 +2,43 @@
|
||||
"id": "CVE-2023-3726",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2024-01-04T15:15:09.117",
|
||||
"lastModified": "2024-01-04T18:46:53.270",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-11T13:40:50.757",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "OCSInventory permite almacenar plantillas de correo electr\u00f3nico con caracteres especiales que conducen a cross-site Scripting almacenado."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "help@fluidattacks.com",
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.7,
|
||||
"impactScore": 4.7
|
||||
},
|
||||
{
|
||||
"source": "help@fluidattacks.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
|
||||
@ -46,14 +70,38 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
"configurations": [
|
||||
{
|
||||
"url": "https://fluidattacks.com/advisories/creed/",
|
||||
"source": "help@fluidattacks.com"
|
||||
},
|
||||
"nodes": [
|
||||
{
|
||||
"url": "https://ocsinventory-ng.org/",
|
||||
"source": "help@fluidattacks.com"
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ocsinventory-ng:ocsinventory-ocsreports:2.12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D586CDF1-3C6D-4E0D-965C-707304577526"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://fluidattacks.com/advisories/creed/",
|
||||
"source": "help@fluidattacks.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://ocsinventory-ng.org/",
|
||||
"source": "help@fluidattacks.com",
|
||||
"tags": [
|
||||
"Product"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-38267",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-01-11T03:15:09.803",
|
||||
"lastModified": "2024-01-11T03:15:09.803",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain sensitive configuration information. IBM X-Force ID: 260584."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podr\u00eda permitir que un usuario local obtenga informaci\u00f3n de configuraci\u00f3n confidencial. ID de IBM X-Force: 260584."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-38607",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.310",
|
||||
"lastModified": "2024-01-10T22:15:48.310",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda modificar la configuraci\u00f3n de la impresora."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-38610",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.357",
|
||||
"lastModified": "2024-01-10T22:15:48.357",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de corrupci\u00f3n de memoria eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Una aplicaci\u00f3n puede provocar la finalizaci\u00f3n inesperada del sistema o escribir en la memoria del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-38612",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.403",
|
||||
"lastModified": "2024-01-10T22:15:48.403",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Monterey 12.7, iOS 16.7 y iPadOS 16.7, iOS 17 y iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. Es posible que una aplicaci\u00f3n pueda acceder a datos de usuario protegidos."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-39853",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-06T04:15:08.863",
|
||||
"lastModified": "2024-01-08T12:02:30.513",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-11T14:47:18.230",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,67 @@
|
||||
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Dzzoffice versi\u00f3n 2.01, permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de los par\u00e1metros doobj y doevent en el m\u00f3dulo backend de Network Disk."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://github.com/EternalGemini/dzz",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:dzzoffice:dzzoffice:2.01:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D2D4D8E0-87E3-437D-9F20-6E2292F3B41E"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/EternalGemini/dzz",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40383",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.460",
|
||||
"lastModified": "2024-01-10T22:15:48.460",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de path handling con una validaci\u00f3n mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40385",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.503",
|
||||
"lastModified": "2024-01-10T22:15:48.503",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. Un atacante remoto puede ver consultas de DNS filtradas con Private Relay activado."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40393",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.550",
|
||||
"lastModified": "2024-01-10T22:15:48.550",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de autenticaci\u00f3n con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14. Las fotos de Hidden Photos Album se pueden ver sin autenticaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40394",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.593",
|
||||
"lastModified": "2024-01-10T22:15:48.593",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se abord\u00f3 con una validaci\u00f3n mejorada de las variables ambientales. Este problema se solucion\u00f3 en iOS 16.6 y iPadOS 16.6. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40411",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.643",
|
||||
"lastModified": "2024-01-10T22:15:48.643",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 mejorando la protecci\u00f3n de datos. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40414",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.687",
|
||||
"lastModified": "2024-01-10T22:15:48.687",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en watchOS 10, iOS 17 y iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. El procesamiento de contenido web puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40430",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.740",
|
||||
"lastModified": "2024-01-10T22:15:48.740",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a vol\u00famenes extra\u00edbles sin el consentimiento del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40433",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.787",
|
||||
"lastModified": "2024-01-10T22:15:48.787",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Ventura 13.3. Una aplicaci\u00f3n puede omitir las comprobaciones de Gatekeeper."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40437",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.827",
|
||||
"lastModified": "2024-01-10T22:15:48.827",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en iOS 16.6 y iPadOS 16.6, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40438",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.870",
|
||||
"lastModified": "2024-01-10T22:15:48.870",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema con el manejo mejorado de archivos temporales. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 16.7 y iPadOS 16.7. Es posible que una aplicaci\u00f3n pueda acceder a fotos editadas guardadas en un directorio temporal."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40439",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.920",
|
||||
"lastModified": "2024-01-10T22:15:48.920",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en iOS 16.6 y iPadOS 16.6, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40529",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:48.970",
|
||||
"lastModified": "2024-01-10T22:15:48.970",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en iOS 17 y iPadOS 17. Una persona con acceso f\u00edsico a un dispositivo puede usar VoiceOver para acceder a informaci\u00f3n privada del calendario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-41060",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.107",
|
||||
"lastModified": "2024-01-10T22:15:49.107",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de confusi\u00f3n de tipos con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Un usuario remoto puede provocar la ejecuci\u00f3n del c\u00f3digo del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-41069",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.150",
|
||||
"lastModified": "2024-01-10T22:15:49.150",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 mejorando los modelos anti-spoofing de Face ID. Este problema se solucion\u00f3 en iOS 17 y iPadOS 17. Un modelo 3D construido para parecerse al usuario registrado puede autenticarse a trav\u00e9s de Face ID."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-41075",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.190",
|
||||
"lastModified": "2024-01-10T22:15:49.190",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de confusi\u00f3n de tipos con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 y iPadOS 16.4, iOS 15.7.4 y iPadOS 15.7.4, macOS Monterey 12.6.4. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-41974",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.240",
|
||||
"lastModified": "2024-01-10T22:15:49.240",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-41987",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.290",
|
||||
"lastModified": "2024-01-10T22:15:49.290",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-41994",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.640",
|
||||
"lastModified": "2024-01-10T22:15:49.640",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema l\u00f3gico con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una extensi\u00f3n de c\u00e1mara pueda acceder a la vista de la c\u00e1mara desde aplicaciones distintas de aquella para la que se le otorg\u00f3 permiso."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42826",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.707",
|
||||
"lastModified": "2024-01-10T22:15:49.707",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. El procesamiento de un archivo puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42828",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.757",
|
||||
"lastModified": "2024-01-10T22:15:49.757",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda obtener privilegios de root."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42829",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.803",
|
||||
"lastModified": "2024-01-10T22:15:49.803",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 con restricciones adicionales sobre la observabilidad de los estados de las aplicaciones. Este problema se solucion\u00f3 en macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda acceder a frases de contrase\u00f1a SSH."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42830",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.850",
|
||||
"lastModified": "2024-01-10T22:15:49.850",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en macOS Ventura 13.3, iOS 16.4 y iPadOS 16.4. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42831",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.903",
|
||||
"lastModified": "2024-01-10T22:15:49.903",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Big Sur 11.7.9, iOS 15.7.8 y iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda tomar las huellas digitales del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42832",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:49.953",
|
||||
"lastModified": "2024-01-10T22:15:49.953",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 una condici\u00f3n de ejecuci\u00f3n con un mejor manejo del estado. Este problema se solucion\u00f3 en macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. Es posible que una aplicaci\u00f3n pueda obtener privilegios de root."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42833",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.000",
|
||||
"lastModified": "2024-01-10T22:15:50.000",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de correcci\u00f3n con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. El procesamiento de contenido web puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42862",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.047",
|
||||
"lastModified": "2024-01-10T22:15:50.047",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 una lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3, tvOS 16.4, iOS 16.4 y iPadOS 16.4, watchOS 9.4. El procesamiento de una imagen puede resultar en la divulgaci\u00f3n de la memoria del proceso."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42865",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.093",
|
||||
"lastModified": "2024-01-10T22:15:50.093",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 una lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3, tvOS 16.4, iOS 16.4 y iPadOS 16.4, watchOS 9.4. El procesamiento de una imagen puede resultar en la divulgaci\u00f3n de la memoria del proceso."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42866",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.143",
|
||||
"lastModified": "2024-01-10T22:15:50.143",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13.5, iOS 16.6 y iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42869",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.200",
|
||||
"lastModified": "2024-01-10T22:15:50.200",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se abordaron m\u00faltiples problemas de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.4, iOS 16.5 y iPadOS 16.5. M\u00faltiples problemas en libxml2."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42870",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.240",
|
||||
"lastModified": "2024-01-10T22:15:50.240",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de uso despu\u00e9s de la liberaci\u00f3n con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42871",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.280",
|
||||
"lastModified": "2024-01-10T22:15:50.280",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42872",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.327",
|
||||
"lastModified": "2024-01-10T22:15:50.327",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 con comprobaciones de permisos adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42876",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.370",
|
||||
"lastModified": "2024-01-10T22:15:50.370",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 con comprobaciones de l\u00edmites mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14. Procesar un archivo puede provocar una denegaci\u00f3n de servicio o potencialmente revelar el contenido de la memoria."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42929",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.417",
|
||||
"lastModified": "2024-01-10T22:15:50.417",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda acceder a datos de usuario protegidos."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42933",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.460",
|
||||
"lastModified": "2024-01-10T22:15:50.460",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14. Es posible que una aplicaci\u00f3n pueda obtener privilegios elevados."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42934",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.507",
|
||||
"lastModified": "2024-01-10T22:15:50.507",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se solucion\u00f3 un problema de divulgaci\u00f3n de informaci\u00f3n eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Es posible que una aplicaci\u00f3n con privilegios de root pueda acceder a informaci\u00f3n privada."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-42941",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-10T22:15:50.543",
|
||||
"lastModified": "2024-01-11T07:15:07.880",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-4246",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-11T09:15:46.190",
|
||||
"lastModified": "2024-01-11T09:15:46.190",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento GiveWP para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.33.3 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n Give_sendwp_remote_install_handler. Esto hace posible que atacantes no autenticados instalen y activen el complemento SendWP a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-4247",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-11T09:15:46.390",
|
||||
"lastModified": "2024-01-11T09:15:46.390",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento GiveWP para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.33.3 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n Give_sendwp_disconnect. Esto hace posible que atacantes no autenticados desactiven el complemento SendWP mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-4248",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-11T09:15:46.613",
|
||||
"lastModified": "2024-01-11T09:15:46.613",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it possible for unauthenticated attackers to deactivate the plugin's stripe integration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento GiveWP para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.33.3 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n Give_stripe_disconnect_connect_stripe_account. Esto hace posible que atacantes no autenticados desactiven la configuraci\u00f3n de integraci\u00f3n de franjas del complemento a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-4372",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-11T09:15:46.773",
|
||||
"lastModified": "2024-01-11T09:15:46.773",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento LiteSpeed Cache para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'esi' en versiones hasta la 5.6 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-44250",
|
||||
"sourceIdentifier": "psirt@fortinet.com",
|
||||
"published": "2024-01-10T18:15:46.030",
|
||||
"lastModified": "2024-01-10T18:15:46.030",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de administraci\u00f3n de privilegios inadecuada [CWE-269] en un cl\u00faster Fortinet FortiOS HA versi\u00f3n 7.4.0 a 7.4.1 y 7.2.5 y en un cl\u00faster FortiProxy HA versi\u00f3n 7.4.0 a 7.4.1 permite que un atacante autenticado realice acciones elevadas a trav\u00e9s de solicitudes HTTP o HTTPS manipuladas."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-45169",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-01-11T03:15:09.990",
|
||||
"lastModified": "2024-01-11T03:15:09.990",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en la extensi\u00f3n del kernel pmsvcs para provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267967."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-45171",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-01-11T03:15:10.173",
|
||||
"lastModified": "2024-01-11T03:15:10.173",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el kernel para provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267969."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-45173",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-01-11T02:15:47.857",
|
||||
"lastModified": "2024-01-11T02:15:47.857",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en la extensi\u00f3n del kernel NFS para provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267971."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-45175",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-01-11T02:15:48.063",
|
||||
"lastModified": "2024-01-11T02:15:48.063",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en la extensi\u00f3n del kernel TCP/IP para provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267973."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-46712",
|
||||
"sourceIdentifier": "psirt@fortinet.com",
|
||||
"published": "2024-01-10T18:15:46.223",
|
||||
"lastModified": "2024-01-10T18:15:46.223",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un control de acceso inadecuado en Fortinet FortiPortal versi\u00f3n 7.0.0 a 7.0.6, Fortinet FortiPortal versi\u00f3n 7.2.0 a 7.2.1 permite al atacante escalar su privilegio a trav\u00e9s de solicitudes HTTP espec\u00edficamente manipuladas."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2023-47559",
|
||||
"sourceIdentifier": "security@qnapsecurity.com.tw",
|
||||
"published": "2024-01-05T17:15:11.487",
|
||||
"lastModified": "2024-01-05T18:23:40.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-11T13:56:50.057",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha informado que una vulnerabilidad de cross-site scripting (XSS) afecta a QuMagie. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QuMagie 2.2.1 y posteriores."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.3,
|
||||
"impactScore": 2.7
|
||||
},
|
||||
{
|
||||
"source": "security@qnapsecurity.com.tw",
|
||||
"type": "Secondary",
|
||||
@ -46,10 +70,30 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
"configurations": [
|
||||
{
|
||||
"url": "https://www.qnap.com/en/security-advisory/qsa-23-23",
|
||||
"source": "security@qnapsecurity.com.tw"
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:qnap:qumagie:2.2.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8A352625-B754-4ED7-AAF6-F532F75336B0"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.qnap.com/en/security-advisory/qsa-23-23",
|
||||
"source": "security@qnapsecurity.com.tw",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2023-47560",
|
||||
"sourceIdentifier": "security@qnapsecurity.com.tw",
|
||||
"published": "2024-01-05T17:15:11.683",
|
||||
"lastModified": "2024-01-05T18:23:40.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-11T14:07:09.593",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a QuMagie. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QuMagie 2.2.1 y posteriores."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "security@qnapsecurity.com.tw",
|
||||
"type": "Secondary",
|
||||
@ -50,10 +74,30 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
"configurations": [
|
||||
{
|
||||
"url": "https://www.qnap.com/en/security-advisory/qsa-23-23",
|
||||
"source": "security@qnapsecurity.com.tw"
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:qnap:qumagie:2.2.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8A352625-B754-4ED7-AAF6-F532F75336B0"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.qnap.com/en/security-advisory/qsa-23-23",
|
||||
"source": "security@qnapsecurity.com.tw",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-48783",
|
||||
"sourceIdentifier": "psirt@fortinet.com",
|
||||
"published": "2024-01-10T18:15:46.807",
|
||||
"lastModified": "2024-01-10T18:15:46.807",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An\u00a0Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario [CWE-639] que afecta a PortiPortal versi\u00f3n 7.2.1 e inferior, versi\u00f3n 7.0.6 e inferior, versi\u00f3n 6.0.14 e inferior, versi\u00f3n 5.3.8 e inferior puede permitir que un usuario autenticado remotamente con al menos permisos de solo lectura para acceder a otros endpoints de la organizaci\u00f3n a trav\u00e9s de solicitudes GET manipuladas."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49295",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-01-10T22:15:50.610",
|
||||
"lastModified": "2024-01-10T22:15:50.610",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "quic-go es una implementaci\u00f3n del protocolo QUIC (RFC 9000, RFC 9001, RFC 9002) en Go. Un atacante puede hacer que su par se quede sin memoria enviando una gran cantidad de tramas PATH_CHALLENGE. Se supone que el receptor debe responder a cada trama PATH_CHALLENGE con una trama PATH_RESPONSE. El atacante puede evitar que el receptor env\u00ede (la gran mayor\u00eda de) estas tramas PATH_RESPONSE colapsando la ventana de congesti\u00f3n del par (al reconocer selectivamente los paquetes recibidos) y manipulando la estimaci\u00f3n de RTT del par. Esta vulnerabilidad ha sido parcheada en las versiones 0.37.7, 0.38.2 y 0.39.4."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-4960",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-11T09:15:46.930",
|
||||
"lastModified": "2024-01-11T09:15:46.930",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento WCFM Marketplace para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'wcfm_stores' en versiones hasta la 3.6.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-4962",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-11T09:15:47.093",
|
||||
"lastModified": "2024-01-11T09:15:47.093",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento Video PopUp para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'video_popup' en versiones hasta la 1.1.3 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-50027",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-05T09:15:08.743",
|
||||
"lastModified": "2024-01-05T11:54:11.040",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-11T14:26:14.217",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,69 @@
|
||||
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Buy Addons baproductzoommagnifier para PrestaShop versiones 1.0.16 y anteriores, permite a atacantes remotos escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del m\u00e9todo BaproductzoommagnifierZoomModuleFrontController::run()."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:buy-addons:bazoom_magnifier:*:*:*:*:*:prestashop:*:*",
|
||||
"versionEndIncluding": "1.0.16",
|
||||
"matchCriteriaId": "1FE736E4-BFBB-4F9F-8F5F-51441BD62AF2"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Patch",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
24
CVE-2023/CVE-2023-501xx/CVE-2023-50159.json
Normal file
24
CVE-2023/CVE-2023-501xx/CVE-2023-50159.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"id": "CVE-2023-50159",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-11T14:15:44.070",
|
||||
"lastModified": "2024-01-11T14:15:44.070",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-50609",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-06T04:15:08.930",
|
||||
"lastModified": "2024-01-08T12:02:30.513",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-11T14:54:52.880",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,66 @@
|
||||
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en la plataforma de servicios de aplicaciones de v\u00eddeo de ense\u00f1anza AVA versi\u00f3n 3.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en ajax.aspx."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://gist.github.com/zhishituboshu/f8f07e9df411b1ee3d8212a166b2034e",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ava:teaching_video_application_service_platform:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B3E9111B-3DF7-4902-BF66-06546EB80C15"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://gist.github.com/zhishituboshu/f8f07e9df411b1ee3d8212a166b2034e",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-50916",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-10T19:15:08.227",
|
||||
"lastModified": "2024-01-10T19:15:08.227",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \\ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Kyocera Device Manager anterior a 3.1.1213.0 permite la exposici\u00f3n de credenciales NTLM durante la autenticaci\u00f3n de ruta UNC mediante un cambio manipulado de una ruta local a una ruta UNC. Permite a los administradores configurar la ubicaci\u00f3n de la copia de seguridad de la base de datos utilizada por la aplicaci\u00f3n. Se rechaza el intento de cambiar esta ubicaci\u00f3n a una ruta UNC a trav\u00e9s de la GUI debido al uso de un car\u00e1cter \\ (backslash), que se supone no est\u00e1 permitido en un nombre de ruta. Interceptar y modificar esta solicitud a trav\u00e9s de un proxy, o enviar la solicitud directamente al endpoint de la aplicaci\u00f3n, permite establecer rutas UNC para la ubicaci\u00f3n de la copia de seguridad. Una vez establecida dicha ubicaci\u00f3n, Kyocera Device Manager intenta confirmar el acceso e intentar\u00e1 autenticarse en la ruta UNC; Dependiendo de la configuraci\u00f3n del entorno, esto puede autenticarse en la UNC con hashes NTLM de Windows. Esto podr\u00eda permitir la retransmisi\u00f3n de credenciales NTLM o ataques de cracking."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51073",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-11T03:15:10.710",
|
||||
"lastModified": "2024-01-11T03:15:10.710",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un problema en Buffalo LS210D v.1.78-0.03 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del script de actualizaci\u00f3n de firmware en /etc/init.d/update_notifications.sh."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51123",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-10T22:15:50.823",
|
||||
"lastModified": "2024-01-10T22:15:50.823",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:26.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un problema descubierto en D-Link dir815 v.1.01SSb08.bin permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud POST manipulada al par\u00e1metro service en la funci\u00f3n SOAPCGI_main del componente binario cgibin."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51126",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-10T21:15:09.083",
|
||||
"lastModified": "2024-01-10T21:15:09.083",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-11T13:57:35.163",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de inyecci\u00f3n de comandos en /usr/www/res.php en FLIR AX8 hasta 1.46.16 permite a atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro value."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user