admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-26T15:00:24.884467+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-26 15:00:28 +00:00
parent 0d55a750df
commit 0f55908d22
114 changed files with 2096 additions and 288 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-486xx/CVE-2022-48622.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-48622",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T09:15:07.570",
"lastModified": "2024-01-26T09:15:07.570",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c."
},
{
"lang": "es",
"value": "En GNOME GdkPixbuf (tambi\u00e9n conocido como gdk-pixbuf) hasta 2.42.10, el decodificador ANI (cursor animado de Windows) encuentra corrupci\u00f3n en la memoria del mont\u00f3n (en ani_load_chunk en io-ani.c) al analizar fragmentos en un archivo .ani manipulado. Un archivo manipulado podr\u00eda permitir a un atacante sobrescribir metadatos del mont\u00f3n, lo que provocar\u00eda una denegaci\u00f3n de servicio o un ataque de ejecuci\u00f3n de c\u00f3digo. Esto ocurre en gdk_pixbuf_set_option() en gdk-pixbuf.c."
}
],
"metrics": {},

78
CVE-2023/CVE-2023-312xx/CVE-2023-31274.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-31274",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-01-18T18:15:08.253",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T14:59:22.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.\n\n\n\n\n"
},
{
"lang": "es",
"value": "AVEVA PI Server versiones 2023 y 2018 SP3 P05 y anteriores contienen una vulnerabilidad que podr\u00eda permitir que un usuario no autenticado haga que el PI Message Subsystem de un PI Server consuma memoria disponible, lo que provocar\u00eda un procesamiento limitado de nuevos eventos de PI Data Archive y una condici\u00f3n de denegaci\u00f3n de servicio parcial."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-772"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:pi_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2018",
"matchCriteriaId": "B427F81B-747A-415A-8F39-6940EDAEA2B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:pi_server:2018:-:*:*:*:*:*:*",
"matchCriteriaId": "142C4BE1-01DF-467A-8C26-106E6417F567"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:pi_server:2018:sp3_patch_5:*:*:*:*:*:*",
"matchCriteriaId": "A3C413F1-F310-4406-B0F8-A76C7B361EF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:pi_server:2023:-:*:*:*:*:*:*",
"matchCriteriaId": "3CB964E4-0A1C-4BDC-B5C1-B1BDE2DB6CD2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

78
CVE-2023/CVE-2023-343xx/CVE-2023-34348.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34348",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-01-18T18:15:08.457",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T14:58:57.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.\n\n\n\n\n"
},
{
"lang": "es",
"value": "AVEVA PI Server versiones 2023 y 2018 SP3 P05 y anteriores contienen una vulnerabilidad que podr\u00eda permitir que un usuario no autenticado bloquee de forma remota el subsistema de mensajes PI de un PI Server, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +80,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:pi_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2018",
"matchCriteriaId": "B427F81B-747A-415A-8F39-6940EDAEA2B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:pi_server:2018:-:*:*:*:*:*:*",
"matchCriteriaId": "142C4BE1-01DF-467A-8C26-106E6417F567"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:pi_server:2018:sp3_patch_5:*:*:*:*:*:*",
"matchCriteriaId": "A3C413F1-F310-4406-B0F8-A76C7B361EF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aveva:pi_server:2023:-:*:*:*:*:*:*",
"matchCriteriaId": "3CB964E4-0A1C-4BDC-B5C1-B1BDE2DB6CD2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

8
CVE-2023/CVE-2023-383xx/CVE-2023-38317.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38317",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T05:15:11.553",
"lastModified": "2024-01-26T05:15:11.553",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS antes de 10.1.3. No logra sanitizar la entrada del nombre de la interfaz de red en el archivo de configuraci\u00f3n, lo que permite a los atacantes que tienen acceso directo o indirecto a este archivo ejecutar comandos arbitrarios del sistema operativo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38318.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38318",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T05:15:11.970",
"lastModified": "2024-01-26T05:15:11.970",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS antes de 10.1.3. No logra sanitizar la entrada FQDN de la puerta de enlace en el archivo de configuraci\u00f3n, lo que permite a los atacantes que tienen acceso directo o indirecto a este archivo ejecutar comandos arbitrarios del sistema operativo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38319.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38319",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T05:15:12.063",
"lastModified": "2024-01-26T05:15:12.063",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS antes de 10.1.3. No logra sanitizar la entrada de la clave FAS en el archivo de configuraci\u00f3n, lo que permite a los atacantes que tienen acceso directo o indirecto a este archivo ejecutar comandos arbitrarios del sistema operativo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38323.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38323",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T05:15:12.130",
"lastModified": "2024-01-26T05:15:12.130",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenNDS antes de 10.1.3. No logra sanitizar la entrada del script de ruta de estado en el archivo de configuraci\u00f3n, lo que permite a los atacantes que tienen acceso directo o indirecto a este archivo ejecutar comandos arbitrarios del sistema operativo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48126.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48126",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T07:15:56.110",
"lastModified": "2024-01-26T07:15:56.110",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n Luxe Beauty Clinic en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48127.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48127",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T07:15:56.860",
"lastModified": "2024-01-26T07:15:56.860",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n myGAKUYA en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48128.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48128",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T07:15:57.120",
"lastModified": "2024-01-26T07:15:57.120",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n UNITED BOXING GYM en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48129.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48129",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T08:15:42.070",
"lastModified": "2024-01-26T08:15:42.070",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n kimono-oldnew en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48130.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48130",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T07:15:57.447",
"lastModified": "2024-01-26T07:15:57.447",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n GINZA CAFE en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48131.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48131",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T07:15:57.917",
"lastModified": "2024-01-26T07:15:57.917",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n CHIGASAKI BAKERY en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48132.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48132",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T07:15:58.333",
"lastModified": "2024-01-26T07:15:58.333",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n kosei entertainment esportsstudioLegends en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48133.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48133",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T07:15:58.693",
"lastModified": "2024-01-26T07:15:58.693",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n Angel Coffee en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48135.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48135",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T07:15:58.987",
"lastModified": "2024-01-26T07:15:58.987",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token."
},
{
"lang": "es",
"value": "Un problema en la miniaplicaci\u00f3n mimasaka_farm en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal."
}
],
"metrics": {},

85
CVE-2023/CVE-2023-504xx/CVE-2023-50447.json
View File

@ -2,31 +2,102 @@
"id": "CVE-2023-50447",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T20:15:11.870",
"lastModified": "2024-01-20T18:15:31.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T13:50:30.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter)."
},
{
"lang": "es",
"value": "Pillow hasta la versi\u00f3n 10.1.0 permite la ejecuci\u00f3n de c\u00f3digo arbitrario PIL.ImageMath.eval a trav\u00e9s del par\u00e1metro de entorno, una vulnerabilidad diferente a CVE-2022-22817 (que se refer\u00eda al par\u00e1metro de expresi\u00f3n)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.1.0",
"matchCriteriaId": "80E5F323-E99B-4BE0-9F99-4FB9AD370C8C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/20/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/python-pillow/Pillow/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

79
CVE-2023/CVE-2023-506xx/CVE-2023-50693.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-50693",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T20:15:11.917",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T13:50:52.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request."
},
{
"lang": "es",
"value": "Un problema en dom96 Jester v.0.6.0 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jester_project:jester:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.6.0",
"matchCriteriaId": "6D43F839-FF7B-4BBD-90F6-E61080F6A55A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/anas-cherni/dd297786750f300a2bab3bb73fee919b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/dom96/jester/issues/326",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/dom96/jester/pull/327",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

80
CVE-2023/CVE-2023-506xx/CVE-2023-50694.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2023-50694",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T20:15:11.967",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T13:44:08.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to execute arbitrary code via a crafted request to the parser.nim component."
},
{
"lang": "es",
"value": "Un problema en dom96 HTTPbeast v.0.4.1 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al componente parser.nim."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dom96:httpbeast:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.4.1",
"matchCriteriaId": "62DC807D-29F6-4F44-A0C0-251D41FF998D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/dom96/httpbeast/issues/95",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/dom96/httpbeast/pull/96",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

80
CVE-2023/CVE-2023-512xx/CVE-2023-51217.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51217",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T21:15:08.243",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T14:40:49.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component."
},
{
"lang": "es",
"value": "Un problema descubierto en la versi\u00f3n del firmware TenghuTOS TWS-200: V4.0-201809201424 permite a un atacante remoto ejecutar c\u00f3digo arbitrario mediante un comando manipulado en el componente de la p\u00e1gina ping."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenhot:tws-200_firmware:4.0-201809201424:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE78407-59C3-41E1-A7EF-70514CB0B3A3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenhot:tws-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD4A85F-233F-46C5-81CB-D1D25A20A668"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/websafe2021/CVE/blob/main/TenghuTOS-TWS-200.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-56xx/CVE-2023-5612.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5612",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T02:15:07.357",
"lastModified": "2024-01-26T02:15:07.357",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab que afecta a todas las versiones anteriores a 16.6.6, 16.7 anteriores a 16.7.4 y 16.8 anteriores a 16.8.1. Era posible leer la direcci\u00f3n de correo electr\u00f3nico del usuario a trav\u00e9s del feed de etiquetas, aunque la visibilidad en el perfil del usuario se ha desactivado."
}
],
"metrics": {

8
CVE-2023/CVE-2023-59xx/CVE-2023-5933.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5933",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T01:15:08.660",
"lastModified": "2024-01-26T01:15:08.660",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones posteriores a 13.7 anteriores a 16.6.6, 16.7 anteriores a 16.7.4 y 16.8 anteriores a 16.8.1. La sanitizaci\u00f3n inadecuada de la entrada del nombre de usuario permite solicitudes PUT de API arbitrarias."
}
],
"metrics": {

8
CVE-2023/CVE-2023-61xx/CVE-2023-6159.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6159",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T02:15:07.567",
"lastModified": "2024-01-26T02:15:07.567",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde 12.7 anterior a 16.6.6, 16.7 anterior a 16.7.4 y 16.8 anterior a 16.8.1. Era posible que un atacante desencadenara una denegaci\u00f3n de servicio de expresi\u00f3n regular a trav\u00e9s de un `Cargo.toml` que contiene entradas manipuladas con fines malintencionados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6919.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6919",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-01-26T08:15:42.203",
"lastModified": "2024-01-26T08:15:42.203",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Path Traversal: '/../filedir' en Biges Safe Life Technologies Electronics Inc. VGuard permite Absolute Path Traversal. Este problema afecta a VGuard: antes de V500.0003.R008.4011.C0012.B351.C."
}
],
"metrics": {

8
CVE-2024/CVE-2024-04xx/CVE-2024-0402.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0402",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T01:15:08.920",
"lastModified": "2024-01-26T01:15:08.920",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde 16.0 anterior a 16.6.6, 16.7 anterior a 16.7.4 y 16.8 anterior a 16.8.1, lo que permite a un usuario autenticado escribir archivos en ubicaciones arbitrarias en el servidor GitLab mientras crea un workspace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-04xx/CVE-2024-0456.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0456",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T01:15:09.110",
"lastModified": "2024-01-26T01:15:09.110",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project "
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de autorizaci\u00f3n en las versiones de GitLab 14.0 anteriores a 16.6.6, 16.7 anteriores a 16.7.4 y 16.8 anteriores a 16.8.1. Un atacante no autorizado puede asignar usuarios arbitrarios a los MR que crearon dentro del proyecto."
}
],
"metrics": {

63
CVE-2024/CVE-2024-06xx/CVE-2024-0654.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0654",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-18T01:15:44.347",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T13:40:11.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iperov:deepfacelab:df.wf.288res.384.92.72.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F080F016-24B8-4DFE-9592-D049AAAFBB54"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bayuncao/vul-cve-4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.251382",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251382",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-06xx/CVE-2024-0696.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0696",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-18T23:15:08.940",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T13:18:49.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en AtroCore AtroPIM 1.8.4 y clasificada como problem\u00e1tica. Una parte desconocida del archivo /#ProductSerie/view/ del componente Product Series Overview afecta a una parte desconocida. La manipulaci\u00f3n conduce a Cross-Site Scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251481. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atrocore:atropim:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E15E2E0-7044-4F2B-80C0-B160D71FD57A"
}
]
}
]
}
],
"references": [
{
"url": "https://pasteboard.co/wsTTLjp5UEPq.png",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.251481",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251481",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-07xx/CVE-2024-0727.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0727",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2024-01-26T09:15:07.637",
"lastModified": "2024-01-26T09:15:07.637",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue."
},
{
"lang": "es",
"value": "Resumen del problema: el procesamiento de un archivo PKCS12 con formato malintencionado puede hacer que OpenSSL falle y provoque un posible ataque de denegaci\u00f3n de servicio. Resumen de impacto: las aplicaciones que cargan archivos en formato PKCS12 desde fuentes que no son de confianza pueden finalizar abruptamente. Un archivo en formato PKCS12 puede contener certificados y claves y puede provenir de una fuente que no es de confianza. La especificaci\u00f3n PKCS12 permite que ciertos campos sean NULL, pero OpenSSL no verifica correctamente este caso. Esto puede provocar una desreferencia del puntero NULL que provoque el bloqueo de OpenSSL. Si una aplicaci\u00f3n procesa archivos PKCS12 de una fuente que no es de confianza utilizando las API de OpenSSL, esa aplicaci\u00f3n ser\u00e1 vulnerable a este problema. Las API de OpenSSL que son vulnerables a esto son: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() y PKCS12_newpass(). Tambi\u00e9n solucionamos un problema similar en SMIME_write_PKCS7(). Sin embargo, dado que esta funci\u00f3n est\u00e1 relacionada con la escritura de datos, no la consideramos importante para la seguridad. Los m\u00f3dulos FIPS en 3.2, 3.1 y 3.0 no se ven afectados por este problema."
}
],
"metrics": {},

74
CVE-2024/CVE-2024-07xx/CVE-2024-0731.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0731",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T20:15:13.120",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T13:33:02.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en PCMan FTP Server 2.0.7 y clasificada como problem\u00e1tica. C\u00f3digo desconocido del componente PUT Command Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-251554 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pcman_ftp_server_project:pcman_ftp_server:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "33ACD9B6-5E83-4D68-A829-FA67A55CA6A3"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.251554",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251554",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-07xx/CVE-2024-0732.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0732",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T20:15:13.353",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T13:37:50.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en PCMan FTP Server 2.0.7 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del componente STOR Command Handler. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251555."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pcman_ftp_server_project:pcman_ftp_server:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "33ACD9B6-5E83-4D68-A829-FA67A55CA6A3"
}
]
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.251555",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251555",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-07xx/CVE-2024-0737.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0737",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T22:15:07.770",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T14:44:48.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Xlightftpd Xlight FTP Server 1.1 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente Login. La manipulaci\u00f3n del argumento usuario conduce a la denegaci\u00f3n de servicio. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251560."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xlightftpd:xlight_ftp_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63E384-61B3-4819-804C-CD462EA49A4B"
}
]
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.251560",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251560",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-08xx/CVE-2024-0889.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0889",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T23:15:08.790",
"lastModified": "2024-01-25T23:15:08.790",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kmint21 Golden FTP Server 2.02b y clasificada como problem\u00e1tica. Este problema afecta a un procesamiento desconocido del componente PASV Command Handler. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252041."
}
],
"metrics": {

8
CVE-2024/CVE-2024-08xx/CVE-2024-0890.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0890",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T23:15:09.017",
"lastModified": "2024-01-25T23:15:09.017",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en hongmaple octopus 1.0. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /system/dept/edit es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ancestors conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Este producto utiliza entrega continua con lanzamientos continuos. Por lo tanto, no hay detalles de las versiones afectadas ni actualizadas disponibles. VDB-252042 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-08xx/CVE-2024-0891.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0891",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T23:15:09.250",
"lastModified": "2024-01-25T23:15:09.250",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en hongmaple octopus 1.0. Ha sido declarada problem\u00e1tica. Una funcionalidad desconocida es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento description con la entrada conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Este producto no utiliza versiones. Esta es la raz\u00f3n por la que la informaci\u00f3n sobre las versiones afectadas y no afectadas no est\u00e1 disponible. El identificador asociado de esta vulnerabilidad es VDB-252043."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0918.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0918",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T09:15:07.707",
"lastModified": "2024-01-26T09:15:07.707",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en TRENDnet TEW-800MB 1.0.1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del componente POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento DeviceURL conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252122 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0919.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0919",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T09:15:08.023",
"lastModified": "2024-01-26T09:15:08.023",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en TRENDnet TEW-815DAP 1.0.2.0. Ha sido clasificada como cr\u00edtica. Esto afecta la funci\u00f3n do_setNTP del componente POST Request Handler. La manipulaci\u00f3n del argumento NtpDstStart/NtpDstEnd conduce a la inyecci\u00f3n de comandos. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252123. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0920.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0920",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T09:15:08.293",
"lastModified": "2024-01-26T09:15:08.293",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en TRENDnet TEW-822DRE 1.03B02. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin_ping.htm del componente POST Request Handler. La manipulaci\u00f3n del argumento ipv4_ping/ipv6_ping conduce a la inyecci\u00f3n de comandos. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252124. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

88
CVE-2024/CVE-2024-09xx/CVE-2024-0921.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0921",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T14:15:50.237",
"lastModified": "2024-01-26T14:15:50.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/xiyuanhuaigu/cve/blob/main/rce.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252139",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252139",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0922.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0922",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T14:15:50.527",
"lastModified": "2024-01-26T14:15:50.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252127",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252127",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0923.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0923",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T14:15:50.747",
"lastModified": "2024-01-26T14:15:50.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252128",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252128",
"source": "cna@vuldb.com"
}
]
}

8
CVE-2024/CVE-2024-213xx/CVE-2024-21326.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21326",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.010",
"lastModified": "2024-01-26T01:15:10.010",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-213xx/CVE-2024-21382.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21382",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.187",
"lastModified": "2024-01-26T01:15:10.187",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge for Android Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Edge para Android"
}
],
"metrics": {

8
CVE-2024/CVE-2024-213xx/CVE-2024-21383.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21383",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.367",
"lastModified": "2024-01-26T01:15:10.367",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-213xx/CVE-2024-21385.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21385",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.540",
"lastModified": "2024-01-26T01:15:10.540",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-213xx/CVE-2024-21387.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21387",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.703",
"lastModified": "2024-01-26T01:15:10.703",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge for Android Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad de Microsoft Edge para Android"
}
],
"metrics": {

8
CVE-2024/CVE-2024-216xx/CVE-2024-21619.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21619",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-25T23:15:09.467",
"lastModified": "2024-01-25T23:15:09.467",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information.\n\nWhen a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n faltante para funci\u00f3n cr\u00edtica combinada con una vulnerabilidad de generaci\u00f3n de mensaje de error que contiene informaci\u00f3n confidencial en J-Web de Juniper Networks Junos OS en las series SRX y EX permite que un atacante basado en red no autenticado acceda a informaci\u00f3n confidencial del sistema. Cuando un usuario inicia sesi\u00f3n, se crea un archivo temporal que contiene la configuraci\u00f3n del dispositivo (como es visible para ese usuario) en la carpeta /cache. Un atacante no autenticado puede intentar acceder a dicho archivo enviando una solicitud espec\u00edfica al dispositivo para intentar adivinar el nombre de dicho archivo. La explotaci\u00f3n exitosa revelar\u00e1 informaci\u00f3n de configuraci\u00f3n. Este problema afecta a Juniper Networks Junos OS en las series SRX y EX: * Todas las versiones anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S6; * Versiones 22.1 anteriores a 22.1R3-S5; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R3; * Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-216xx/CVE-2024-21620.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21620",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-25T23:15:09.680",
"lastModified": "2024-01-25T23:15:09.680",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator.\n\nA specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S10;\n * 21.2 versions earlier than 21.2R3-S8;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3-S1;\n * 23.2 versions earlier than 23.2R2;\n * 23.4 versions earlier than 23.4R2.\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en J-Web de Juniper Networks Junos OS en las series SRX y EX permite a un atacante construir una URL que, cuando la visita otro usuario, le permite ejecutar comandos con los permisos del objetivo, incluido un administrador. Una invocaci\u00f3n espec\u00edfica del m\u00e9todo emit_debug_note en webauth_operation.php devolver\u00e1 los datos que recibe. Este problema afecta a Juniper Networks Junos OS en las series SRX y EX: * Todas las versiones anteriores a 20.4R3-S10; * Versiones 21.2 anteriores a 21.2R3-S8; * Versiones 21.4 anteriores a 21.4R3-S6; * Versiones 22.1 anteriores a 22.1R3-S5; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R3-S1; * Versiones 23.2 anteriores a 23.2R2; * Versiones 23.4 anteriores a 23.4R2."
}
],
"metrics": {

154
CVE-2024/CVE-2024-217xx/CVE-2024-21733.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21733",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-19T11:15:08.043",
"lastModified": "2024-01-19T15:56:26.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T13:51:42.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "Vulnerabilidad de generaci\u00f3n de mensaje de error que contiene informaci\u00f3n confidencial en Apache Tomcat. Este problema afecta a Apache Tomcat: desde 8.5.7 hasta 8.5.63, desde 9.0.0-M11 hasta 9.0.43. Se recomienda a los usuarios actualizar a la versi\u00f3n 8.5.64 en adelante o 9.0.44 en adelante, que contienen una soluci\u00f3n para el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,14 +50,135 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.7",
"versionEndExcluding": "8.5.64",
"matchCriteriaId": "2FC8F5FF-3E97-49CE-BF17-9ECFD0786E8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.1",
"versionEndExcluding": "9.0.44",
"matchCriteriaId": "51D2E845-77E6-4D63-B3AA-E5C819589BAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
"matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
"matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
"matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
"matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
"matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
"matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
"matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
"matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
"matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
"matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
"matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
"matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
"matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
"matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
"matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
"matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/2",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
}
]
}

85
CVE-2024/CVE-2024-222xx/CVE-2024-22212.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22212",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T19:15:10.353",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T14:58:18.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "Nextcloud Global Site Selector es una herramienta que le permite ejecutar m\u00faltiples instancias peque\u00f1as de Nextcloud y redirigir a los usuarios al servidor correcto. Un problema en el m\u00e9todo de verificaci\u00f3n de contrase\u00f1a permite que un atacante se autentique como otro usuario. Se recomienda actualizar Nextcloud Global Site Selector a la versi\u00f3n 1.4.1, 2.1.2, 2.3.4 o 2.4.5. No se conocen workarounds para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,69 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "2534CD35-8367-48DB-A2F9-25035D763F70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.1.2",
"matchCriteriaId": "E217B435-E2A5-4186-9905-898DACA4D502"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.3.4",
"matchCriteriaId": "ABAB048C-B643-445F-AECF-DFB4356ED026"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.4.5",
"matchCriteriaId": "214AE852-2C02-45E0-99AD-47886EEB074D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2248689",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-224xx/CVE-2024-22401.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22401",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:08.343",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T14:42:35.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n para invitados Nextcloud es una utilidad para crear usuarios invitados que solo pueden ver los archivos compartidos con ellos. En las versiones afectadas, los usuarios pod\u00edan cambiar la lista permitida de aplicaciones, permiti\u00e9ndoles usar aplicaciones que no estaban destinadas a ser utilizadas. Se recomienda actualizar la aplicaci\u00f3n Invitados a 2.4.1, 2.5.1 o 3.0.1. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:guests:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.1",
"matchCriteriaId": "96F65F1E-19D7-4B72-8618-A7D8BE0578E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:guests:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57F1277A-3A44-4CDF-AF3C-B8A5AE395549"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:guests:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F64336EF-9FEA-4DC2-B44A-70470D52632B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/guests/pull/1082",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2250398",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-224xx/CVE-2024-22402.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22402",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:08.590",
"lastModified": "2024-01-19T13:15:07.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T14:11:30.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:guests:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.1",
"matchCriteriaId": "96F65F1E-19D7-4B72-8618-A7D8BE0578E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:guests:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57F1277A-3A44-4CDF-AF3C-B8A5AE395549"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:guests:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F64336EF-9FEA-4DC2-B44A-70470D52632B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/guests/pull/1082",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v3qw-7vgv-2fxj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2251074",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-224xx/CVE-2024-22404.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22404",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:08.830",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T14:37:23.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download \"view-only\" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Nextcloud files Zip es una herramienta para crear archivos zip a partir de uno o varios archivos desde Nextcloud. En las versiones afectadas, los usuarios pueden descargar archivos de \"s\u00f3lo lectura\" comprimiendo la carpeta completa. Se recomienda actualizar la aplicaci\u00f3n Archivos ZIP a 1.2.1, 1.4.1 o 1.5.0. Los usuarios que no puedan actualizar deben desactivar la aplicaci\u00f3n de archivos zip."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:zipper:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.1",
"matchCriteriaId": "2CACAF88-8B0B-4909-B633-02EE818C3F8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:zipper:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDD9DF-54EB-47B4-A70D-D3910C77F2B0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2247457",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-225xx/CVE-2024-22545.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22545",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T08:15:42.480",
"lastModified": "2024-01-26T08:15:42.480",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-824DRU version 1.04b01 is vulnerable to Command Injection via the system.ntp.server in the sub_420AE0() function."
},
{
"lang": "es",
"value": "TRENDnet TEW-824DRU versi\u00f3n 1.04b01 es vulnerable a la inyecci\u00f3n de comandos a trav\u00e9s de system.ntp.server en la funci\u00f3n sub_420AE0()."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-233xx/CVE-2024-23388.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23388",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-26T07:15:59.320",
"lastModified": "2024-01-26T07:15:59.320",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in handler for custom URL scheme issue in \"Mercari\" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack."
},
{
"lang": "es",
"value": "La autorizaci\u00f3n inadecuada en el controlador para un problema de esquema de URL personalizado en la aplicaci\u00f3n \"Mercari\" para Android anterior a la versi\u00f3n 5.78.0 permite a un atacante remoto llevar a un usuario a acceder a un sitio web arbitrario a trav\u00e9s de la aplicaci\u00f3n vulnerable. Como resultado, el usuario puede convertirse en v\u00edctima de un ataque de phishing."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-236xx/CVE-2024-23613.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23613",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:08.123",
"lastModified": "2024-01-26T00:15:08.123",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en Symantec Deployment Solution versi\u00f3n 7.9 al analizar los tokens UpdateComputer. Un atacante remoto y an\u00f3nimo puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo como SYSTEM."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23614.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23614",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:08.373",
"lastModified": "2024-01-26T00:15:08.373",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en las versiones 9.5 y anteriores de Symantec Messaging Gateway. Un atacante remoto y an\u00f3nimo puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo como root."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23615.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23615",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:08.627",
"lastModified": "2024-01-26T00:15:08.627",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en las versiones 10.5 y anteriores de Symantec Messaging Gateway. Un atacante remoto y an\u00f3nimo puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo como root."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23616.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23616",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:08.843",
"lastModified": "2024-01-26T00:15:08.843",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en Symantec Server Management Suite versi\u00f3n 7.9 y anteriores. Un atacante remoto y an\u00f3nimo puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo como SYSTEM."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23617.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23617",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.060",
"lastModified": "2024-01-26T00:15:09.060",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en Symantec Data Loss Prevention versi\u00f3n 14.0.2 y anteriores. Un atacante remoto y no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un documento manipulado para lograr la ejecuci\u00f3n del c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23618.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23618",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.263",
"lastModified": "2024-01-26T00:15:09.263",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en los dispositivos Arris SURFboard SGB6950AC2. Un atacante no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n del c\u00f3digo como root."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23619.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23619",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.470",
"lastModified": "2024-01-26T00:15:09.470",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de credencial codificada en IBM Merge Healthcare eFilm Workstation. Un atacante remoto y no autenticado puede aprovechar esta vulnerabilidad para lograr la divulgaci\u00f3n de informaci\u00f3n o la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23620.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23620",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.687",
"lastModified": "2024-01-26T00:15:09.687",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de gesti\u00f3n de privilegios inadecuada en IBM Merge Healthcare eFilm Workstation. Un atacante local autenticado puede aprovechar esta vulnerabilidad para escalar privilegios al SISTEMA."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23621.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23621",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.957",
"lastModified": "2024-01-26T00:15:09.957",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution."
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en el servidor de licencias de IBM Merge Healthcare eFilm Workstation. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23622.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23622",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.190",
"lastModified": "2024-01-26T00:15:10.190",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.\n"
},
{
"lang": "es",
"value": "Existe un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el servidor de licencias de IBM Merge Healthcare eFilm Workstation. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo con privilegios de SYSTEM."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23624.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23624",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.397",
"lastModified": "2024-01-26T00:15:10.397",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el m\u00f3dulo gena.cgi de los dispositivos D-Link DAP-1650. Un atacante no autenticado puede aprovechar esta vulnerabilidad para obtener la ejecuci\u00f3n de comandos en el dispositivo como root."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23625.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23625",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.620",
"lastModified": "2024-01-26T00:15:10.620",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en los dispositivos D-Link DAP-1650 al manejar mensajes de SUBSCRIBE UPnP. Un atacante no autenticado puede aprovechar esta vulnerabilidad para obtener la ejecuci\u00f3n de comandos en el dispositivo como root."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23626.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23626",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.820",
"lastModified": "2024-01-26T00:15:10.820",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the \u2018SaveSysLogParams\u2019 \nparameter of the Motorola MR2600. A remote attacker can exploit this \nvulnerability to achieve command execution. Authentication is required, \nhowever can be bypassed.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro 'SaveSysLogParams' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de comandos. Se requiere autenticaci\u00f3n, pero se puede omitir."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23627.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23627",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:11.037",
"lastModified": "2024-01-26T00:15:11.037",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro 'SaveStaticRouteIPv4Params' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de comandos. Se requiere autenticaci\u00f3n, pero se puede omitir."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23628.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23628",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:11.273",
"lastModified": "2024-01-26T00:15:11.273",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the \n'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote \nattacker can exploit this vulnerability to achieve command execution. \nAuthentication is required, however can be bypassed."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro 'SaveStaticRouteIPv6Params' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de comandos. Se requiere autenticaci\u00f3n, pero se puede omitir."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23629.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23629",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:11.650",
"lastModified": "2024-01-26T00:15:11.650",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el componente web del Motorola MR2600. Un atacante puede aprovechar esta vulnerabilidad para acceder a URL protegidas y recuperar informaci\u00f3n confidencial."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23630.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23630",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:12.187",
"lastModified": "2024-01-26T00:15:12.187",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary firmware upload vulnerability exists in the Motorola \nMR2600. An attacker can exploit this vulnerability to achieve code \nexecution on the device. Authentication is required, however can be \nbypassed."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de carga de firmware arbitraria en el Motorola MR2600. Un atacante puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de c\u00f3digo en el dispositivo. Se requiere autenticaci\u00f3n, pero se puede omitir."
}
],
"metrics": {

93
CVE-2024/CVE-2024-236xx/CVE-2024-23689.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-23689",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-19T21:15:10.520",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T14:50:45.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.\n\n"
},
{
"lang": "es",
"value": "La exposici\u00f3n de informaci\u00f3n confidencial en excepciones en las versiones clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc y com.clickhouse:clickhouse-client de ClichHouse inferiores a 0.4.6 permite a usuarios no autorizados obtener acceso a las contrase\u00f1as de los certificados del cliente a trav\u00e9s de los registros de excepciones del cliente. Esto ocurre cuando se especifica 'sslkey' y se genera una excepci\u00f3n, como ClickHouseException o SQLException, durante las operaciones de la base de datos; la contrase\u00f1a del certificado se incluye en el mensaje de excepci\u00f3n registrado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,30 +60,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clickhouse:java_libraries:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.4.6",
"matchCriteriaId": "F7EFEC79-6EFB-4FCD-A772-C6A600512D6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ClickHouse/clickhouse-java/issues/1331",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/ClickHouse/clickhouse-java/pull/1334",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/advisories/GHSA-g8ph-74m6-8m7r",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-238xx/CVE-2024-23856.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23856",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T09:15:08.620",
"lastModified": "2024-01-26T09:15:08.620",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description\u00a0parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/itemlist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23857.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23857",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T09:15:08.820",
"lastModified": "2024-01-26T09:15:08.820",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grnlinecreate.php, en el par\u00e1metro batchno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23858.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23858",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T09:15:09.023",
"lastModified": "2024-01-26T09:15:09.023",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de cross site scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuancelinecreate.php, en el par\u00e1metro batchno. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23859.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23859",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T09:15:09.230",
"lastModified": "2024-01-26T09:15:09.230",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxstructurelinecreate.php, en el par\u00e1metro flatamount . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23860.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23860",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T09:15:09.427",
"lastModified": "2024-01-26T09:15:09.427",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/currencylist.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23861.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23861",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T09:15:09.620",
"lastModified": "2024-01-26T09:15:09.620",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementcreate.php, in the unitofmeasurementid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/unitofmeasurementcreate.php, en el par\u00e1metro unitofmeasurementid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23862.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23862",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T09:15:09.840",
"lastModified": "2024-01-26T09:15:09.840",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grndisplay.php, en el par\u00e1metro grnno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23863.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23863",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:07.693",
"lastModified": "2024-01-26T10:15:07.693",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxstructuredisplay.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23864.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23864",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:07.953",
"lastModified": "2024-01-26T10:15:07.953",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/countrylist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23865.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23865",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:08.223",
"lastModified": "2024-01-26T10:15:08.223",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxstructurelist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23866.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23866",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:08.420",
"lastModified": "2024-01-26T10:15:08.420",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/countrycreate.php, en el par\u00e1metro countryid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23867.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23867",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:08.640",
"lastModified": "2024-01-26T10:15:08.640",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/statecreate.php, en el par\u00e1metro stateid. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23868.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23868",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:08.840",
"lastModified": "2024-01-26T10:15:08.840",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grnlist.php, en el par\u00e1metro deleted. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23869.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23869",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:09.047",
"lastModified": "2024-01-26T10:15:09.047",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuanceprint.php, en el par\u00e1metro issuanceno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23870.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23870",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:09.243",
"lastModified": "2024-01-26T10:15:09.243",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuancelist.php, en el par\u00e1metro delete. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23871.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23871",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:09.437",
"lastModified": "2024-01-26T10:15:09.437",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/unitofmeasurementmodify.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23872.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23872",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:09.637",
"lastModified": "2024-01-26T10:15:09.637",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/locationmodify.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23873.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23873",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:09.830",
"lastModified": "2024-01-26T10:15:09.830",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/currencymodify.php, en el par\u00e1metro currencyid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23874.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23874",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:10.023",
"lastModified": "2024-01-26T10:15:10.023",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/companymodify.php, en el par\u00e1metro address1. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23875.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23875",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:10.213",
"lastModified": "2024-01-26T10:15:10.213",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuancedisplay.php, en el par\u00e1metro issuanceno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23876.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23876",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:10.410",
"lastModified": "2024-01-26T10:15:10.410",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:15.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurecreate.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxstructurecreate.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23877.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23877",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:10.597",
"lastModified": "2024-01-26T10:15:10.597",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:15.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/currencycreate.php, en el par\u00e1metro currencyid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23878.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23878",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:10.803",
"lastModified": "2024-01-26T10:15:10.803",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:15.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grnprint.php, en el par\u00e1metro grnno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23879.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23879",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:10.997",
"lastModified": "2024-01-26T10:15:10.997",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:15.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/statemodify.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23880.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23880",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:11.203",
"lastModified": "2024-01-26T10:15:11.203",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:15.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxcodelist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23881.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23881",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:11.410",
"lastModified": "2024-01-26T10:15:11.410",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:15.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/statelist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23882.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23882",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T10:15:11.600",
"lastModified": "2024-01-26T10:15:11.600",
"vulnStatus": "Received",
"lastModified": "2024-01-26T13:51:15.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase &amp; Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxcodecreate.php, en el par\u00e1metro taxcodeid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More