diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48622.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48622.json index 640a2ae9993..2015166d817 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48622.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48622.json @@ -2,12 +2,16 @@ "id": "CVE-2022-48622", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T09:15:07.570", - "lastModified": "2024-01-26T09:15:07.570", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c." + }, + { + "lang": "es", + "value": "En GNOME GdkPixbuf (tambi\u00e9n conocido como gdk-pixbuf) hasta 2.42.10, el decodificador ANI (cursor animado de Windows) encuentra corrupci\u00f3n en la memoria del mont\u00f3n (en ani_load_chunk en io-ani.c) al analizar fragmentos en un archivo .ani manipulado. Un archivo manipulado podr\u00eda permitir a un atacante sobrescribir metadatos del mont\u00f3n, lo que provocar\u00eda una denegaci\u00f3n de servicio o un ataque de ejecuci\u00f3n de c\u00f3digo. Esto ocurre en gdk_pixbuf_set_option() en gdk-pixbuf.c." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31274.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31274.json index db81581077e..270e5299532 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31274.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31274.json @@ -2,16 +2,40 @@ "id": "CVE-2023-31274", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-01-18T18:15:08.253", - "lastModified": "2024-01-18T19:25:46.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T14:59:22.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "AVEVA PI Server versiones 2023 y 2018 SP3 P05 y anteriores contienen una vulnerabilidad que podr\u00eda permitir que un usuario no autenticado haga que el PI Message Subsystem de un PI Server consuma memoria disponible, lo que provocar\u00eda un procesamiento limitado de nuevos eventos de PI Data Archive y una condici\u00f3n de denegaci\u00f3n de servicio parcial." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-772" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +80,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:pi_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2018", + "matchCriteriaId": "B427F81B-747A-415A-8F39-6940EDAEA2B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:pi_server:2018:-:*:*:*:*:*:*", + "matchCriteriaId": "142C4BE1-01DF-467A-8C26-106E6417F567" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:pi_server:2018:sp3_patch_5:*:*:*:*:*:*", + "matchCriteriaId": "A3C413F1-F310-4406-B0F8-A76C7B361EF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:pi_server:2023:-:*:*:*:*:*:*", + "matchCriteriaId": "3CB964E4-0A1C-4BDC-B5C1-B1BDE2DB6CD2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34348.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34348.json index 44844a19b5d..a5d2f39bdfb 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34348.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34348.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34348", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-01-18T18:15:08.457", - "lastModified": "2024-01-18T19:25:46.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T14:58:57.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "AVEVA PI Server versiones 2023 y 2018 SP3 P05 y anteriores contienen una vulnerabilidad que podr\u00eda permitir que un usuario no autenticado bloquee de forma remota el subsistema de mensajes PI de un PI Server, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +80,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:pi_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2018", + "matchCriteriaId": "B427F81B-747A-415A-8F39-6940EDAEA2B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:pi_server:2018:-:*:*:*:*:*:*", + "matchCriteriaId": "142C4BE1-01DF-467A-8C26-106E6417F567" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:pi_server:2018:sp3_patch_5:*:*:*:*:*:*", + "matchCriteriaId": "A3C413F1-F310-4406-B0F8-A76C7B361EF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aveva:pi_server:2023:-:*:*:*:*:*:*", + "matchCriteriaId": "3CB964E4-0A1C-4BDC-B5C1-B1BDE2DB6CD2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38317.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38317.json index 70aa0129105..75be138ea74 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38317.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38317.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38317", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T05:15:11.553", - "lastModified": "2024-01-26T05:15:11.553", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS antes de 10.1.3. No logra sanitizar la entrada del nombre de la interfaz de red en el archivo de configuraci\u00f3n, lo que permite a los atacantes que tienen acceso directo o indirecto a este archivo ejecutar comandos arbitrarios del sistema operativo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json index 9ae724a4729..3d274b74b12 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38318", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T05:15:11.970", - "lastModified": "2024-01-26T05:15:11.970", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS antes de 10.1.3. No logra sanitizar la entrada FQDN de la puerta de enlace en el archivo de configuraci\u00f3n, lo que permite a los atacantes que tienen acceso directo o indirecto a este archivo ejecutar comandos arbitrarios del sistema operativo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json index b4ddb7e9954..9292d02b73e 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38319", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T05:15:12.063", - "lastModified": "2024-01-26T05:15:12.063", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS antes de 10.1.3. No logra sanitizar la entrada de la clave FAS en el archivo de configuraci\u00f3n, lo que permite a los atacantes que tienen acceso directo o indirecto a este archivo ejecutar comandos arbitrarios del sistema operativo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38323.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38323.json index 69a2f87d887..a8d945aff0b 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38323.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38323.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38323", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T05:15:12.130", - "lastModified": "2024-01-26T05:15:12.130", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OpenNDS antes de 10.1.3. No logra sanitizar la entrada del script de ruta de estado en el archivo de configuraci\u00f3n, lo que permite a los atacantes que tienen acceso directo o indirecto a este archivo ejecutar comandos arbitrarios del sistema operativo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48126.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48126.json index ff1185db88b..e831e862889 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48126.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48126.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48126", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T07:15:56.110", - "lastModified": "2024-01-26T07:15:56.110", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la miniaplicaci\u00f3n Luxe Beauty Clinic en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48127.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48127.json index 59f6a833ddb..93b4623f965 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48127.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48127.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48127", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T07:15:56.860", - "lastModified": "2024-01-26T07:15:56.860", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la miniaplicaci\u00f3n myGAKUYA en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48128.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48128.json index 89f3c23bbef..06b78820ad0 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48128.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48128.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48128", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T07:15:57.120", - "lastModified": "2024-01-26T07:15:57.120", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la miniaplicaci\u00f3n UNITED BOXING GYM en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json index 8d494e21a8c..9307f698889 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48129", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T08:15:42.070", - "lastModified": "2024-01-26T08:15:42.070", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la miniaplicaci\u00f3n kimono-oldnew en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48130.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48130.json index f9b98073f52..ac3a8f5f9ac 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48130.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48130.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48130", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T07:15:57.447", - "lastModified": "2024-01-26T07:15:57.447", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la miniaplicaci\u00f3n GINZA CAFE en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48131.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48131.json index 9a55e3dbb44..a274a239316 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48131.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48131.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48131", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T07:15:57.917", - "lastModified": "2024-01-26T07:15:57.917", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la miniaplicaci\u00f3n CHIGASAKI BAKERY en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json index 8d54ff7a56c..8796f0479b9 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48132", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T07:15:58.333", - "lastModified": "2024-01-26T07:15:58.333", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la miniaplicaci\u00f3n kosei entertainment esportsstudioLegends en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48133.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48133.json index de19f0c2eef..81a7e1db514 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48133.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48133.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48133", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T07:15:58.693", - "lastModified": "2024-01-26T07:15:58.693", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la miniaplicaci\u00f3n Angel Coffee en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48135.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48135.json index 8b43e2bb9ac..506b536cc53 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48135.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48135.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48135", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T07:15:58.987", - "lastModified": "2024-01-26T07:15:58.987", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + }, + { + "lang": "es", + "value": "Un problema en la miniaplicaci\u00f3n mimasaka_farm en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50447.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50447.json index d615fd3d0d0..9711ee61b6d 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50447.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50447.json @@ -2,31 +2,102 @@ "id": "CVE-2023-50447", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T20:15:11.870", - "lastModified": "2024-01-20T18:15:31.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T13:50:30.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter)." + }, + { + "lang": "es", + "value": "Pillow hasta la versi\u00f3n 10.1.0 permite la ejecuci\u00f3n de c\u00f3digo arbitrario PIL.ImageMath.eval a trav\u00e9s del par\u00e1metro de entorno, una vulnerabilidad diferente a CVE-2022-22817 (que se refer\u00eda al par\u00e1metro de expresi\u00f3n)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*", + "versionEndIncluding": "10.1.0", + "matchCriteriaId": "80E5F323-E99B-4BE0-9F99-4FB9AD370C8C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/20/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/python-pillow/Pillow/releases", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-506xx/CVE-2023-50693.json b/CVE-2023/CVE-2023-506xx/CVE-2023-50693.json index cee3ba78709..575aecb8743 100644 --- a/CVE-2023/CVE-2023-506xx/CVE-2023-50693.json +++ b/CVE-2023/CVE-2023-506xx/CVE-2023-50693.json @@ -2,27 +2,94 @@ "id": "CVE-2023-50693", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T20:15:11.917", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T13:50:52.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request." + }, + { + "lang": "es", + "value": "Un problema en dom96 Jester v.0.6.0 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jester_project:jester:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.6.0", + "matchCriteriaId": "6D43F839-FF7B-4BBD-90F6-E61080F6A55A" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/anas-cherni/dd297786750f300a2bab3bb73fee919b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/dom96/jester/issues/326", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/dom96/jester/pull/327", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-506xx/CVE-2023-50694.json b/CVE-2023/CVE-2023-506xx/CVE-2023-50694.json index 2c7113d12cf..883f0c22da1 100644 --- a/CVE-2023/CVE-2023-506xx/CVE-2023-50694.json +++ b/CVE-2023/CVE-2023-506xx/CVE-2023-50694.json @@ -2,27 +2,95 @@ "id": "CVE-2023-50694", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T20:15:11.967", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T13:44:08.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to execute arbitrary code via a crafted request to the parser.nim component." + }, + { + "lang": "es", + "value": "Un problema en dom96 HTTPbeast v.0.4.1 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al componente parser.nim." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dom96:httpbeast:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.4.1", + "matchCriteriaId": "62DC807D-29F6-4F44-A0C0-251D41FF998D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/dom96/httpbeast/issues/95", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/dom96/httpbeast/pull/96", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-512xx/CVE-2023-51217.json b/CVE-2023/CVE-2023-512xx/CVE-2023-51217.json index ca54fc7597a..be0a29ac640 100644 --- a/CVE-2023/CVE-2023-512xx/CVE-2023-51217.json +++ b/CVE-2023/CVE-2023-512xx/CVE-2023-51217.json @@ -2,19 +2,91 @@ "id": "CVE-2023-51217", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T21:15:08.243", - "lastModified": "2024-01-19T01:51:14.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T14:40:49.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component." + }, + { + "lang": "es", + "value": "Un problema descubierto en la versi\u00f3n del firmware TenghuTOS TWS-200: V4.0-201809201424 permite a un atacante remoto ejecutar c\u00f3digo arbitrario mediante un comando manipulado en el componente de la p\u00e1gina ping." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenhot:tws-200_firmware:4.0-201809201424:*:*:*:*:*:*:*", + "matchCriteriaId": "2CE78407-59C3-41E1-A7EF-70514CB0B3A3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenhot:tws-200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0BD4A85F-233F-46C5-81CB-D1D25A20A668" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/websafe2021/CVE/blob/main/TenghuTOS-TWS-200.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5612.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5612.json index 01d3b9b8436..4b41870182b 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5612.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5612.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5612", "sourceIdentifier": "cve@gitlab.com", "published": "2024-01-26T02:15:07.357", - "lastModified": "2024-01-26T02:15:07.357", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en GitLab que afecta a todas las versiones anteriores a 16.6.6, 16.7 anteriores a 16.7.4 y 16.8 anteriores a 16.8.1. Era posible leer la direcci\u00f3n de correo electr\u00f3nico del usuario a trav\u00e9s del feed de etiquetas, aunque la visibilidad en el perfil del usuario se ha desactivado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5933.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5933.json index 6236f2b3ddc..0caca068c01 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5933.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5933.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5933", "sourceIdentifier": "cve@gitlab.com", "published": "2024-01-26T01:15:08.660", - "lastModified": "2024-01-26T01:15:08.660", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones posteriores a 13.7 anteriores a 16.6.6, 16.7 anteriores a 16.7.4 y 16.8 anteriores a 16.8.1. La sanitizaci\u00f3n inadecuada de la entrada del nombre de usuario permite solicitudes PUT de API arbitrarias." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6159.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6159.json index a64a5591fbd..3103fcb04db 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6159.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6159.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6159", "sourceIdentifier": "cve@gitlab.com", "published": "2024-01-26T02:15:07.567", - "lastModified": "2024-01-26T02:15:07.567", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde 12.7 anterior a 16.6.6, 16.7 anterior a 16.7.4 y 16.8 anterior a 16.8.1. Era posible que un atacante desencadenara una denegaci\u00f3n de servicio de expresi\u00f3n regular a trav\u00e9s de un `Cargo.toml` que contiene entradas manipuladas con fines malintencionados." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6919.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6919.json index 43df9dc51bd..696d813fb26 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6919.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6919.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6919", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-01-26T08:15:42.203", - "lastModified": "2024-01-26T08:15:42.203", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Path Traversal: '/../filedir' en Biges Safe Life Technologies Electronics Inc. VGuard permite Absolute Path Traversal. Este problema afecta a VGuard: antes de V500.0003.R008.4011.C0012.B351.C." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0402.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0402.json index 469a8fbe344..35bdd8ec25e 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0402.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0402.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0402", "sourceIdentifier": "cve@gitlab.com", "published": "2024-01-26T01:15:08.920", - "lastModified": "2024-01-26T01:15:08.920", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde 16.0 anterior a 16.6.6, 16.7 anterior a 16.7.4 y 16.8 anterior a 16.8.1, lo que permite a un usuario autenticado escribir archivos en ubicaciones arbitrarias en el servidor GitLab mientras crea un workspace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0456.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0456.json index 1070f819741..795da5f8534 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0456.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0456.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0456", "sourceIdentifier": "cve@gitlab.com", "published": "2024-01-26T01:15:09.110", - "lastModified": "2024-01-26T01:15:09.110", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project " + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de autorizaci\u00f3n en las versiones de GitLab 14.0 anteriores a 16.6.6, 16.7 anteriores a 16.7.4 y 16.8 anteriores a 16.8.1. Un atacante no autorizado puede asignar usuarios arbitrarios a los MR que crearon dentro del proyecto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0654.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0654.json index 39d5da8f83f..e0063966a23 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0654.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0654.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0654", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-18T01:15:44.347", - "lastModified": "2024-01-18T13:42:01.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T13:40:11.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,22 +95,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iperov:deepfacelab:df.wf.288res.384.92.72.22:*:*:*:*:*:*:*", + "matchCriteriaId": "F080F016-24B8-4DFE-9592-D049AAAFBB54" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/bayuncao/vul-cve-4", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.251382", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251382", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0696.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0696.json index 5737f87b99d..59e0e67dd1c 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0696.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0696.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0696", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-18T23:15:08.940", - "lastModified": "2024-01-19T01:51:14.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T13:18:49.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en AtroCore AtroPIM 1.8.4 y clasificada como problem\u00e1tica. Una parte desconocida del archivo /#ProductSerie/view/ del componente Product Series Overview afecta a una parte desconocida. La manipulaci\u00f3n conduce a Cross-Site Scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251481. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atrocore:atropim:1.8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "2E15E2E0-7044-4F2B-80C0-B160D71FD57A" + } + ] + } + ] + } + ], "references": [ { "url": "https://pasteboard.co/wsTTLjp5UEPq.png", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.251481", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251481", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0727.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0727.json index 92bcdf7cab5..2ba3635c1be 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0727.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0727.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0727", "sourceIdentifier": "openssl-security@openssl.org", "published": "2024-01-26T09:15:07.637", - "lastModified": "2024-01-26T09:15:07.637", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue." + }, + { + "lang": "es", + "value": "Resumen del problema: el procesamiento de un archivo PKCS12 con formato malintencionado puede hacer que OpenSSL falle y provoque un posible ataque de denegaci\u00f3n de servicio. Resumen de impacto: las aplicaciones que cargan archivos en formato PKCS12 desde fuentes que no son de confianza pueden finalizar abruptamente. Un archivo en formato PKCS12 puede contener certificados y claves y puede provenir de una fuente que no es de confianza. La especificaci\u00f3n PKCS12 permite que ciertos campos sean NULL, pero OpenSSL no verifica correctamente este caso. Esto puede provocar una desreferencia del puntero NULL que provoque el bloqueo de OpenSSL. Si una aplicaci\u00f3n procesa archivos PKCS12 de una fuente que no es de confianza utilizando las API de OpenSSL, esa aplicaci\u00f3n ser\u00e1 vulnerable a este problema. Las API de OpenSSL que son vulnerables a esto son: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() y PKCS12_newpass(). Tambi\u00e9n solucionamos un problema similar en SMIME_write_PKCS7(). Sin embargo, dado que esta funci\u00f3n est\u00e1 relacionada con la escritura de datos, no la consideramos importante para la seguridad. Los m\u00f3dulos FIPS en 3.2, 3.1 y 3.0 no se ven afectados por este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0731.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0731.json index ea0b277f257..2f824677b84 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0731.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0731.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0731", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T20:15:13.120", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T13:33:02.857", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en PCMan FTP Server 2.0.7 y clasificada como problem\u00e1tica. C\u00f3digo desconocido del componente PUT Command Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-251554 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +105,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pcman_ftp_server_project:pcman_ftp_server:2.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "33ACD9B6-5E83-4D68-A829-FA67A55CA6A3" + } + ] + } + ] + } + ], "references": [ { "url": "https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.251554", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251554", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0732.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0732.json index b0fd48ab562..fcc7b7346c2 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0732.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0732.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0732", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T20:15:13.353", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T13:37:50.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en PCMan FTP Server 2.0.7 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del componente STOR Command Handler. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251555." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +105,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pcman_ftp_server_project:pcman_ftp_server:2.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "33ACD9B6-5E83-4D68-A829-FA67A55CA6A3" + } + ] + } + ] + } + ], "references": [ { "url": "https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.251555", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251555", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0737.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0737.json index 42ed4fd4e6e..b815dd330be 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0737.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0737.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0737", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T22:15:07.770", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T14:44:48.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Xlightftpd Xlight FTP Server 1.1 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente Login. La manipulaci\u00f3n del argumento usuario conduce a la denegaci\u00f3n de servicio. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251560." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xlightftpd:xlight_ftp_server:1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6B63E384-61B3-4819-804C-CD462EA49A4B" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?ctiid.251560", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251560", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0889.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0889.json index 81b6d4db30c..bb81044c121 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0889.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0889.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0889", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-25T23:15:08.790", - "lastModified": "2024-01-25T23:15:08.790", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Kmint21 Golden FTP Server 2.02b y clasificada como problem\u00e1tica. Este problema afecta a un procesamiento desconocido del componente PASV Command Handler. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252041." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0890.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0890.json index f077df05acf..0ea0fcfb00d 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0890.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0890.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0890", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-25T23:15:09.017", - "lastModified": "2024-01-25T23:15:09.017", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en hongmaple octopus 1.0. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /system/dept/edit es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ancestors conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Este producto utiliza entrega continua con lanzamientos continuos. Por lo tanto, no hay detalles de las versiones afectadas ni actualizadas disponibles. VDB-252042 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0891.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0891.json index a5fa328ccbf..df37c049bb5 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0891.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0891.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0891", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-25T23:15:09.250", - "lastModified": "2024-01-25T23:15:09.250", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en hongmaple octopus 1.0. Ha sido declarada problem\u00e1tica. Una funcionalidad desconocida es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento description con la entrada conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Este producto no utiliza versiones. Esta es la raz\u00f3n por la que la informaci\u00f3n sobre las versiones afectadas y no afectadas no est\u00e1 disponible. El identificador asociado de esta vulnerabilidad es VDB-252043." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0918.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0918.json index ac3df3c799d..4bc5cd5a0d2 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0918.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0918.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0918", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-26T09:15:07.707", - "lastModified": "2024-01-26T09:15:07.707", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en TRENDnet TEW-800MB 1.0.1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del componente POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento DeviceURL conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252122 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0919.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0919.json index 735ad56ab50..35bdfa2ab6e 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0919.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0919.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0919", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-26T09:15:08.023", - "lastModified": "2024-01-26T09:15:08.023", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TRENDnet TEW-815DAP 1.0.2.0. Ha sido clasificada como cr\u00edtica. Esto afecta la funci\u00f3n do_setNTP del componente POST Request Handler. La manipulaci\u00f3n del argumento NtpDstStart/NtpDstEnd conduce a la inyecci\u00f3n de comandos. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252123. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0920.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0920.json index e02bcaa1711..1478198147b 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0920.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0920.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0920", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-26T09:15:08.293", - "lastModified": "2024-01-26T09:15:08.293", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TRENDnet TEW-822DRE 1.03B02. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin_ping.htm del componente POST Request Handler. La manipulaci\u00f3n del argumento ipv4_ping/ipv6_ping conduce a la inyecci\u00f3n de comandos. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252124. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0921.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0921.json new file mode 100644 index 00000000000..0e4163ccc4b --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0921.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0921", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T14:15:50.237", + "lastModified": "2024-01-26T14:15:50.237", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xiyuanhuaigu/cve/blob/main/rce.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252139", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252139", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0922.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0922.json new file mode 100644 index 00000000000..9867636a39a --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0922.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0922", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T14:15:50.527", + "lastModified": "2024-01-26T14:15:50.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252127", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252127", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0923.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0923.json new file mode 100644 index 00000000000..252cf321829 --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0923.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0923", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-26T14:15:50.747", + "lastModified": "2024-01-26T14:15:50.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252128", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252128", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21326.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21326.json index 1d99e528454..51ec2ca537f 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21326.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21326.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21326", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-26T01:15:10.010", - "lastModified": "2024-01-26T01:15:10.010", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Edge (basado en Chromium)" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21382.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21382.json index ebfbb4a0bd8..dae51b4069e 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21382.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21382.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21382", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-26T01:15:10.187", - "lastModified": "2024-01-26T01:15:10.187", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Microsoft Edge for Android Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Edge para Android" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21383.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21383.json index f47f0fa0135..42c064a4e71 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21383.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21383.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21383", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-26T01:15:10.367", - "lastModified": "2024-01-26T01:15:10.367", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Edge (basado en Chromium)" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21385.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21385.json index 8c9cf936466..e3c128eea0f 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21385.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21385.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21385", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-26T01:15:10.540", - "lastModified": "2024-01-26T01:15:10.540", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Edge (basado en Chromium)" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21387.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21387.json index 9e0e327e650..229222b0648 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21387.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21387.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21387", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-26T01:15:10.703", - "lastModified": "2024-01-26T01:15:10.703", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Microsoft Edge for Android Spoofing Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de suplantaci\u00f3n de identidad de Microsoft Edge para Android" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21619.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21619.json index 5b1b02a10cb..2ac0b6a69cd 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21619.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21619.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21619", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-25T23:15:09.467", - "lastModified": "2024-01-25T23:15:09.467", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information.\n\nWhen a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de autenticaci\u00f3n faltante para funci\u00f3n cr\u00edtica combinada con una vulnerabilidad de generaci\u00f3n de mensaje de error que contiene informaci\u00f3n confidencial en J-Web de Juniper Networks Junos OS en las series SRX y EX permite que un atacante basado en red no autenticado acceda a informaci\u00f3n confidencial del sistema. Cuando un usuario inicia sesi\u00f3n, se crea un archivo temporal que contiene la configuraci\u00f3n del dispositivo (como es visible para ese usuario) en la carpeta /cache. Un atacante no autenticado puede intentar acceder a dicho archivo enviando una solicitud espec\u00edfica al dispositivo para intentar adivinar el nombre de dicho archivo. La explotaci\u00f3n exitosa revelar\u00e1 informaci\u00f3n de configuraci\u00f3n. Este problema afecta a Juniper Networks Junos OS en las series SRX y EX: * Todas las versiones anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S6; * Versiones 22.1 anteriores a 22.1R3-S5; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R3; * Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21620.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21620.json index 5e77dd37f6c..192a5f5f9e0 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21620.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21620.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21620", "sourceIdentifier": "sirt@juniper.net", "published": "2024-01-25T23:15:09.680", - "lastModified": "2024-01-25T23:15:09.680", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator.\n\nA specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S10;\n * 21.2 versions earlier than 21.2R3-S8;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3-S1;\n * 23.2 versions earlier than 23.2R2;\n * 23.4 versions earlier than 23.4R2.\n\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en J-Web de Juniper Networks Junos OS en las series SRX y EX permite a un atacante construir una URL que, cuando la visita otro usuario, le permite ejecutar comandos con los permisos del objetivo, incluido un administrador. Una invocaci\u00f3n espec\u00edfica del m\u00e9todo emit_debug_note en webauth_operation.php devolver\u00e1 los datos que recibe. Este problema afecta a Juniper Networks Junos OS en las series SRX y EX: * Todas las versiones anteriores a 20.4R3-S10; * Versiones 21.2 anteriores a 21.2R3-S8; * Versiones 21.4 anteriores a 21.4R3-S6; * Versiones 22.1 anteriores a 22.1R3-S5; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R3-S1; * Versiones 23.2 anteriores a 23.2R2; * Versiones 23.4 anteriores a 23.4R2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21733.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21733.json index 7eb2b073c42..00bf58f9a19 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21733.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21733.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21733", "sourceIdentifier": "security@apache.org", "published": "2024-01-19T11:15:08.043", - "lastModified": "2024-01-19T15:56:26.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T13:51:42.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de generaci\u00f3n de mensaje de error que contiene informaci\u00f3n confidencial en Apache Tomcat. Este problema afecta a Apache Tomcat: desde 8.5.7 hasta 8.5.63, desde 9.0.0-M11 hasta 9.0.43. Se recomienda a los usuarios actualizar a la versi\u00f3n 8.5.64 en adelante o 9.0.44 en adelante, que contienen una soluci\u00f3n para el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -27,14 +50,135 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.7", + "versionEndExcluding": "8.5.64", + "matchCriteriaId": "2FC8F5FF-3E97-49CE-BF17-9ECFD0786E8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.1", + "versionEndExcluding": "9.0.44", + "matchCriteriaId": "51D2E845-77E6-4D63-B3AA-E5C819589BAD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", + "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", + "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", + "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", + "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", + "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", + "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", + "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", + "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", + "matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", + "matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", + "matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", + "matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", + "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", + "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", + "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", + "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", + "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/19/2", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22212.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22212.json index d28b2d7a326..7cb8605bb4d 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22212.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22212.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22212", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-18T19:15:10.353", - "lastModified": "2024-01-18T19:25:46.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T14:58:18.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue." + }, + { + "lang": "es", + "value": "Nextcloud Global Site Selector es una herramienta que le permite ejecutar m\u00faltiples instancias peque\u00f1as de Nextcloud y redirigir a los usuarios al servidor correcto. Un problema en el m\u00e9todo de verificaci\u00f3n de contrase\u00f1a permite que un atacante se autentique como otro usuario. Se recomienda actualizar Nextcloud Global Site Selector a la versi\u00f3n 1.4.1, 2.1.2, 2.3.4 o 2.4.5. No se conocen workarounds para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,69 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.1.0", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "2534CD35-8367-48DB-A2F9-25035D763F70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.1.2", + "matchCriteriaId": "E217B435-E2A5-4186-9905-898DACA4D502" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.0", + "versionEndExcluding": "2.3.4", + "matchCriteriaId": "ABAB048C-B643-445F-AECF-DFB4356ED026" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.4.0", + "versionEndExcluding": "2.4.5", + "matchCriteriaId": "214AE852-2C02-45E0-99AD-47886EEB074D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2248689", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22401.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22401.json index b3715742e4d..5dcf27b6936 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22401.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22401.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22401", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-18T21:15:08.343", - "lastModified": "2024-01-19T01:51:14.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T14:42:35.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n para invitados Nextcloud es una utilidad para crear usuarios invitados que solo pueden ver los archivos compartidos con ellos. En las versiones afectadas, los usuarios pod\u00edan cambiar la lista permitida de aplicaciones, permiti\u00e9ndoles usar aplicaciones que no estaban destinadas a ser utilizadas. Se recomienda actualizar la aplicaci\u00f3n Invitados a 2.4.1, 2.5.1 o 3.0.1. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:guests:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.1", + "matchCriteriaId": "96F65F1E-19D7-4B72-8618-A7D8BE0578E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:guests:2.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "57F1277A-3A44-4CDF-AF3C-B8A5AE395549" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:guests:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F64336EF-9FEA-4DC2-B44A-70470D52632B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/guests/pull/1082", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2250398", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22402.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22402.json index 450ff1d5304..b86eb6b305c 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22402.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22402.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22402", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-18T21:15:08.590", - "lastModified": "2024-01-19T13:15:07.783", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T14:11:30.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:guests:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.1", + "matchCriteriaId": "96F65F1E-19D7-4B72-8618-A7D8BE0578E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:guests:2.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "57F1277A-3A44-4CDF-AF3C-B8A5AE395549" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:guests:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F64336EF-9FEA-4DC2-B44A-70470D52632B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/guests/pull/1082", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v3qw-7vgv-2fxj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2251074", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22404.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22404.json index 4c6551918f4..bd9f9c26ea0 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22404.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22404.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22404", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-18T21:15:08.830", - "lastModified": "2024-01-19T01:51:14.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T14:37:23.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download \"view-only\" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n Nextcloud files Zip es una herramienta para crear archivos zip a partir de uno o varios archivos desde Nextcloud. En las versiones afectadas, los usuarios pueden descargar archivos de \"s\u00f3lo lectura\" comprimiendo la carpeta completa. Se recomienda actualizar la aplicaci\u00f3n Archivos ZIP a 1.2.1, 1.4.1 o 1.5.0. Los usuarios que no puedan actualizar deben desactivar la aplicaci\u00f3n de archivos zip." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:zipper:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.1", + "matchCriteriaId": "2CACAF88-8B0B-4909-B633-02EE818C3F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:zipper:1.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AEFDD9DF-54EB-47B4-A70D-D3910C77F2B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2247457", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22545.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22545.json index ecf27cdc62d..9768b73be10 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22545.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22545.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22545", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T08:15:42.480", - "lastModified": "2024-01-26T08:15:42.480", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "TRENDnet TEW-824DRU version 1.04b01 is vulnerable to Command Injection via the system.ntp.server in the sub_420AE0() function." + }, + { + "lang": "es", + "value": "TRENDnet TEW-824DRU versi\u00f3n 1.04b01 es vulnerable a la inyecci\u00f3n de comandos a trav\u00e9s de system.ntp.server en la funci\u00f3n sub_420AE0()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23388.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23388.json index 96087bd9fd8..91a0d51a3de 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23388.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23388.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23388", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-26T07:15:59.320", - "lastModified": "2024-01-26T07:15:59.320", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper authorization in handler for custom URL scheme issue in \"Mercari\" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack." + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n inadecuada en el controlador para un problema de esquema de URL personalizado en la aplicaci\u00f3n \"Mercari\" para Android anterior a la versi\u00f3n 5.78.0 permite a un atacante remoto llevar a un usuario a acceder a un sitio web arbitrario a trav\u00e9s de la aplicaci\u00f3n vulnerable. Como resultado, el usuario puede convertirse en v\u00edctima de un ataque de phishing." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23613.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23613.json index 28d9536ff3f..940c67477fe 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23613.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23613.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23613", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:08.123", - "lastModified": "2024-01-26T00:15:08.123", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en Symantec Deployment Solution versi\u00f3n 7.9 al analizar los tokens UpdateComputer. Un atacante remoto y an\u00f3nimo puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo como SYSTEM." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23614.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23614.json index 387131aac2d..4863114d86d 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23614.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23614.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23614", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:08.373", - "lastModified": "2024-01-26T00:15:08.373", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en las versiones 9.5 y anteriores de Symantec Messaging Gateway. Un atacante remoto y an\u00f3nimo puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo como root." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23615.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23615.json index 11680851dfa..187afad34c4 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23615.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23615.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23615", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:08.627", - "lastModified": "2024-01-26T00:15:08.627", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en las versiones 10.5 y anteriores de Symantec Messaging Gateway. Un atacante remoto y an\u00f3nimo puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo como root." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23616.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23616.json index a0473ca8d1e..ee0fb0d8956 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23616.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23616.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23616", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:08.843", - "lastModified": "2024-01-26T00:15:08.843", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en Symantec Server Management Suite versi\u00f3n 7.9 y anteriores. Un atacante remoto y an\u00f3nimo puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo como SYSTEM." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23617.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23617.json index 1daff22e583..a5cfbd5ca74 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23617.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23617.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23617", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:09.060", - "lastModified": "2024-01-26T00:15:09.060", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en Symantec Data Loss Prevention versi\u00f3n 14.0.2 y anteriores. Un atacante remoto y no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un documento manipulado para lograr la ejecuci\u00f3n del c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23618.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23618.json index 20aabee0d41..512ef6b1924 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23618.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23618.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23618", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:09.263", - "lastModified": "2024-01-26T00:15:09.263", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en los dispositivos Arris SURFboard SGB6950AC2. Un atacante no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n del c\u00f3digo como root." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23619.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23619.json index bfabcaa3b2d..dd206fcca4a 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23619.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23619.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23619", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:09.470", - "lastModified": "2024-01-26T00:15:09.470", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de credencial codificada en IBM Merge Healthcare eFilm Workstation. Un atacante remoto y no autenticado puede aprovechar esta vulnerabilidad para lograr la divulgaci\u00f3n de informaci\u00f3n o la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23620.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23620.json index 322cde19d82..b89ad2c2d79 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23620.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23620.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23620", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:09.687", - "lastModified": "2024-01-26T00:15:09.687", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de gesti\u00f3n de privilegios inadecuada en IBM Merge Healthcare eFilm Workstation. Un atacante local autenticado puede aprovechar esta vulnerabilidad para escalar privilegios al SISTEMA." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23621.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23621.json index 0714a5e10f3..b512e6e5469 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23621.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23621.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23621", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:09.957", - "lastModified": "2024-01-26T00:15:09.957", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution." + }, + { + "lang": "es", + "value": "Existe un desbordamiento de b\u00fafer en el servidor de licencias de IBM Merge Healthcare eFilm Workstation. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23622.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23622.json index fa0ac7dff79..5cecb66de40 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23622.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23622.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23622", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:10.190", - "lastModified": "2024-01-26T00:15:10.190", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.\n" + }, + { + "lang": "es", + "value": "Existe un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el servidor de licencias de IBM Merge Healthcare eFilm Workstation. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n remota de c\u00f3digo con privilegios de SYSTEM." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23624.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23624.json index f46bbf43752..2634068a77e 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23624.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23624.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23624", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:10.397", - "lastModified": "2024-01-26T00:15:10.397", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el m\u00f3dulo gena.cgi de los dispositivos D-Link DAP-1650. Un atacante no autenticado puede aprovechar esta vulnerabilidad para obtener la ejecuci\u00f3n de comandos en el dispositivo como root." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23625.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23625.json index 343bb8987c6..be576c5a787 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23625.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23625.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23625", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:10.620", - "lastModified": "2024-01-26T00:15:10.620", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en los dispositivos D-Link DAP-1650 al manejar mensajes de SUBSCRIBE UPnP. Un atacante no autenticado puede aprovechar esta vulnerabilidad para obtener la ejecuci\u00f3n de comandos en el dispositivo como root." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23626.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23626.json index 4cb1bfcef4d..ce0ae07c422 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23626.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23626.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23626", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:10.820", - "lastModified": "2024-01-26T00:15:10.820", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A command injection vulnerability exists in the \u2018SaveSysLogParams\u2019 \nparameter of the Motorola MR2600. A remote attacker can exploit this \nvulnerability to achieve command execution. Authentication is required, \nhowever can be bypassed.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro 'SaveSysLogParams' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de comandos. Se requiere autenticaci\u00f3n, pero se puede omitir." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23627.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23627.json index 392887b7230..cba8e100f4c 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23627.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23627.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23627", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:11.037", - "lastModified": "2024-01-26T00:15:11.037", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro 'SaveStaticRouteIPv4Params' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de comandos. Se requiere autenticaci\u00f3n, pero se puede omitir." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23628.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23628.json index ce5a0ba22f5..38c8987fc6a 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23628.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23628.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23628", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:11.273", - "lastModified": "2024-01-26T00:15:11.273", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A command injection vulnerability exists in the \n'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote \nattacker can exploit this vulnerability to achieve command execution. \nAuthentication is required, however can be bypassed." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro 'SaveStaticRouteIPv6Params' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de comandos. Se requiere autenticaci\u00f3n, pero se puede omitir." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23629.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23629.json index 4ffc6b36087..e5c8be4d982 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23629.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23629.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23629", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:11.650", - "lastModified": "2024-01-26T00:15:11.650", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el componente web del Motorola MR2600. Un atacante puede aprovechar esta vulnerabilidad para acceder a URL protegidas y recuperar informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23630.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23630.json index ea32bda0f41..70d4bad6338 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23630.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23630.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23630", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2024-01-26T00:15:12.187", - "lastModified": "2024-01-26T00:15:12.187", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An arbitrary firmware upload vulnerability exists in the Motorola \nMR2600. An attacker can exploit this vulnerability to achieve code \nexecution on the device. Authentication is required, however can be \nbypassed." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de carga de firmware arbitraria en el Motorola MR2600. Un atacante puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de c\u00f3digo en el dispositivo. Se requiere autenticaci\u00f3n, pero se puede omitir." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23689.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23689.json index f6996575243..2f549aa43ec 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23689.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23689.json @@ -2,16 +2,53 @@ "id": "CVE-2024-23689", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T21:15:10.520", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-26T14:50:45.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.\n\n" + }, + { + "lang": "es", + "value": "La exposici\u00f3n de informaci\u00f3n confidencial en excepciones en las versiones clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc y com.clickhouse:clickhouse-client de ClichHouse inferiores a 0.4.6 permite a usuarios no autorizados obtener acceso a las contrase\u00f1as de los certificados del cliente a trav\u00e9s de los registros de excepciones del cliente. Esto ocurre cuando se especifica 'sslkey' y se genera una excepci\u00f3n, como ClickHouseException o SQLException, durante las operaciones de la base de datos; la contrase\u00f1a del certificado se incluye en el mensaje de excepci\u00f3n registrado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -23,30 +60,68 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:java_libraries:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.4.6", + "matchCriteriaId": "F7EFEC79-6EFB-4FCD-A772-C6A600512D6A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ClickHouse/clickhouse-java/issues/1331", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/ClickHouse/clickhouse-java/pull/1334", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/advisories/GHSA-g8ph-74m6-8m7r", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23856.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23856.json index 916ef97d90e..7fbd6b75149 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23856.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23856.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23856", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T09:15:08.620", - "lastModified": "2024-01-26T09:15:08.620", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description\u00a0parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/itemlist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23857.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23857.json index 862f5bc0729..775343b0ada 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23857.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23857.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23857", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T09:15:08.820", - "lastModified": "2024-01-26T09:15:08.820", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grnlinecreate.php, en el par\u00e1metro batchno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23858.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23858.json index cf862d2fb78..f6c64c9f11a 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23858.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23858.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23858", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T09:15:09.023", - "lastModified": "2024-01-26T09:15:09.023", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de cross site scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuancelinecreate.php, en el par\u00e1metro batchno. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23859.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23859.json index 9f81f7c909a..b3e9dfc6694 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23859.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23859.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23859", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T09:15:09.230", - "lastModified": "2024-01-26T09:15:09.230", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxstructurelinecreate.php, en el par\u00e1metro flatamount . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23860.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23860.json index a88f132d2f9..d6a365e6838 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23860.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23860.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23860", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T09:15:09.427", - "lastModified": "2024-01-26T09:15:09.427", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/currencylist.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23861.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23861.json index 7b169498dea..68736fc1a2e 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23861.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23861.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23861", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T09:15:09.620", - "lastModified": "2024-01-26T09:15:09.620", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementcreate.php, in the unitofmeasurementid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/unitofmeasurementcreate.php, en el par\u00e1metro unitofmeasurementid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23862.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23862.json index 206306fe28f..1bb89b446ba 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23862.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23862.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23862", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T09:15:09.840", - "lastModified": "2024-01-26T09:15:09.840", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grndisplay.php, en el par\u00e1metro grnno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23863.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23863.json index bf5a20b2302..71d722a699a 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23863.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23863.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23863", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:07.693", - "lastModified": "2024-01-26T10:15:07.693", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxstructuredisplay.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23864.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23864.json index b9e5d5f3f2a..77c3d186546 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23864.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23864.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23864", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:07.953", - "lastModified": "2024-01-26T10:15:07.953", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/countrylist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23865.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23865.json index 051cc659f58..ce3bc510fa7 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23865.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23865.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23865", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:08.223", - "lastModified": "2024-01-26T10:15:08.223", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxstructurelist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23866.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23866.json index 169e7d313d7..019a8f2341b 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23866.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23866.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23866", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:08.420", - "lastModified": "2024-01-26T10:15:08.420", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/countrycreate.php, en el par\u00e1metro countryid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23867.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23867.json index 75d8a797425..7f012e101f9 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23867.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23867.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23867", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:08.640", - "lastModified": "2024-01-26T10:15:08.640", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/statecreate.php, en el par\u00e1metro stateid. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23868.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23868.json index d8518ca5dc2..0b436feec61 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23868.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23868.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23868", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:08.840", - "lastModified": "2024-01-26T10:15:08.840", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grnlist.php, en el par\u00e1metro deleted. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23869.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23869.json index 180de85e8b4..6379d4216d8 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23869.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23869.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23869", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:09.047", - "lastModified": "2024-01-26T10:15:09.047", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuanceprint.php, en el par\u00e1metro issuanceno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23870.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23870.json index d1dcb2b8190..fe96c6c75ca 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23870.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23870.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23870", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:09.243", - "lastModified": "2024-01-26T10:15:09.243", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuancelist.php, en el par\u00e1metro delete. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23871.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23871.json index 29567841359..a00a409bea4 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23871.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23871.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23871", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:09.437", - "lastModified": "2024-01-26T10:15:09.437", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/unitofmeasurementmodify.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23872.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23872.json index 5c5bb8ae9a1..cc14ee5dbfc 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23872.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23872.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23872", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:09.637", - "lastModified": "2024-01-26T10:15:09.637", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/locationmodify.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23873.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23873.json index 4d925a67fb0..a5ae2c61a23 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23873.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23873.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23873", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:09.830", - "lastModified": "2024-01-26T10:15:09.830", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/currencymodify.php, en el par\u00e1metro currencyid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23874.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23874.json index c518a1fb74e..4320a7a0e8d 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23874.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23874.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23874", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:10.023", - "lastModified": "2024-01-26T10:15:10.023", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/companymodify.php, en el par\u00e1metro address1. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23875.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23875.json index 2fc62c49ef5..d479fd177fc 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23875.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23875.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23875", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:10.213", - "lastModified": "2024-01-26T10:15:10.213", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:45.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuancedisplay.php, en el par\u00e1metro issuanceno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23876.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23876.json index 4e8290b1759..3586b91fc3f 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23876.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23876.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23876", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:10.410", - "lastModified": "2024-01-26T10:15:10.410", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurecreate.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxstructurecreate.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23877.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23877.json index 0bd2f172cb4..2531e2c4a60 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23877.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23877.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23877", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:10.597", - "lastModified": "2024-01-26T10:15:10.597", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/currencycreate.php, en el par\u00e1metro currencyid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23878.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23878.json index 5272492ca8d..be496bac963 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23878.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23878.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23878", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:10.803", - "lastModified": "2024-01-26T10:15:10.803", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grnprint.php, en el par\u00e1metro grnno . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23879.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23879.json index 0aaf81042f3..102cc647400 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23879.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23879.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23879", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:10.997", - "lastModified": "2024-01-26T10:15:10.997", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/statemodify.php, en el par\u00e1metro description . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23880.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23880.json index 2c87b31cf7f..c23e37d9d55 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23880.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23880.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23880", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:11.203", - "lastModified": "2024-01-26T10:15:11.203", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxcodelist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23881.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23881.json index 35c2fdeee38..f4827fb400d 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23881.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23881.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23881", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:11.410", - "lastModified": "2024-01-26T10:15:11.410", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/statelist.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23882.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23882.json index bb050c74b2f..26aa052861c 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23882.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23882.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23882", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:11.600", - "lastModified": "2024-01-26T10:15:11.600", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxcodecreate.php, en el par\u00e1metro taxcodeid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23883.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23883.json index cdd5d607f28..01a19af6e52 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23883.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23883.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23883", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:11.800", - "lastModified": "2024-01-26T10:15:11.800", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuremodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/taxstructuremodify.php, en el par\u00e1metro description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23884.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23884.json index 8a57ed2b8ed..b7f75b7cbf4 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23884.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23884.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23884", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:11.993", - "lastModified": "2024-01-26T10:15:11.993", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnmodify.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grnmodify.php, en el par\u00e1metro grndate . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23885.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23885.json index 11842a65628..26434ceb597 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23885.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23885.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23885", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:12.180", - "lastModified": "2024-01-26T10:15:12.180", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrymodify.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/countrymodify.php, en el par\u00e1metro countryid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23886.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23886.json index 7b7803c29d4..7763cc10f33 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23886.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23886.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23886", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:12.370", - "lastModified": "2024-01-26T10:15:12.370", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemmodify.php, in the bincardinfo parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/itemmodify.php, en el par\u00e1metro bincardinfo . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23887.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23887.json index bf92aed70de..3a96e7f234d 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23887.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23887.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23887", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:12.570", - "lastModified": "2024-01-26T10:15:12.570", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/grncreate.php, en el par\u00e1metro grndate . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23888.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23888.json index a0c8e01dcfc..714aae1e0f7 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23888.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23888.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23888", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:12.760", - "lastModified": "2024-01-26T10:15:12.760", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stocktransactionslist.php, in the itemidy parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stocktransactionslist.php, en el par\u00e1metro itemidy . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23889.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23889.json index 3f3ecc63c75..29f51eac95c 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23889.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23889.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23889", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T10:15:12.953", - "lastModified": "2024-01-26T10:15:12.953", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de cross site scripting (XSS) a trav\u00e9s de /cupseasylive/itemgroupcreate.php, en el par\u00e1metro itemgroupid . La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23890.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23890.json index fbab5606730..ed5f9aa5ee7 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23890.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23890.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23890", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T11:15:08.053", - "lastModified": "2024-01-26T11:15:08.053", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23891.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23891.json index f2e481e4cdd..c8cf1bd7f16 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23891.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23891.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23891", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T11:15:08.707", - "lastModified": "2024-01-26T11:15:08.707", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23892.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23892.json index 9f5703197e5..0d25e7da006 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23892.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23892.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23892", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T11:15:08.970", - "lastModified": "2024-01-26T11:15:08.970", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23893.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23893.json index a8e57b83d16..bf1e1076721 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23893.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23893.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23893", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T11:15:09.223", - "lastModified": "2024-01-26T11:15:09.223", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23894.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23894.json index ce1101e803d..601f552c658 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23894.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23894.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23894", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T11:15:09.477", - "lastModified": "2024-01-26T11:15:09.477", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23896.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23896.json index a1ab6be05e6..f6c4326d76c 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23896.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23896.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23896", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-26T11:15:09.747", - "lastModified": "2024-01-26T11:15:09.747", - "vulnStatus": "Received", + "lastModified": "2024-01-26T13:51:15.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 3d2aa794173..f8c9fc04d1b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-26T13:00:25.097940+00:00 +2024-01-26T15:00:24.884467+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-26T11:15:09.747000+00:00 +2024-01-26T14:59:22.727000+00:00 ``` ### Last Data Feed Release @@ -29,25 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236914 +236917 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `3` -* [CVE-2024-23890](CVE-2024/CVE-2024-238xx/CVE-2024-23890.json) (`2024-01-26T11:15:08.053`) -* [CVE-2024-23891](CVE-2024/CVE-2024-238xx/CVE-2024-23891.json) (`2024-01-26T11:15:08.707`) -* [CVE-2024-23892](CVE-2024/CVE-2024-238xx/CVE-2024-23892.json) (`2024-01-26T11:15:08.970`) -* [CVE-2024-23893](CVE-2024/CVE-2024-238xx/CVE-2024-23893.json) (`2024-01-26T11:15:09.223`) -* [CVE-2024-23894](CVE-2024/CVE-2024-238xx/CVE-2024-23894.json) (`2024-01-26T11:15:09.477`) -* [CVE-2024-23896](CVE-2024/CVE-2024-238xx/CVE-2024-23896.json) (`2024-01-26T11:15:09.747`) +* [CVE-2024-0921](CVE-2024/CVE-2024-09xx/CVE-2024-0921.json) (`2024-01-26T14:15:50.237`) +* [CVE-2024-0922](CVE-2024/CVE-2024-09xx/CVE-2024-0922.json) (`2024-01-26T14:15:50.527`) +* [CVE-2024-0923](CVE-2024/CVE-2024-09xx/CVE-2024-0923.json) (`2024-01-26T14:15:50.747`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `110` +* [CVE-2024-23857](CVE-2024/CVE-2024-238xx/CVE-2024-23857.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23858](CVE-2024/CVE-2024-238xx/CVE-2024-23858.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23859](CVE-2024/CVE-2024-238xx/CVE-2024-23859.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23860](CVE-2024/CVE-2024-238xx/CVE-2024-23860.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23861](CVE-2024/CVE-2024-238xx/CVE-2024-23861.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23862](CVE-2024/CVE-2024-238xx/CVE-2024-23862.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23863](CVE-2024/CVE-2024-238xx/CVE-2024-23863.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23864](CVE-2024/CVE-2024-238xx/CVE-2024-23864.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23865](CVE-2024/CVE-2024-238xx/CVE-2024-23865.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23866](CVE-2024/CVE-2024-238xx/CVE-2024-23866.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23867](CVE-2024/CVE-2024-238xx/CVE-2024-23867.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23868](CVE-2024/CVE-2024-238xx/CVE-2024-23868.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23869](CVE-2024/CVE-2024-238xx/CVE-2024-23869.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23870](CVE-2024/CVE-2024-238xx/CVE-2024-23870.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23871](CVE-2024/CVE-2024-238xx/CVE-2024-23871.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23872](CVE-2024/CVE-2024-238xx/CVE-2024-23872.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23873](CVE-2024/CVE-2024-238xx/CVE-2024-23873.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23874](CVE-2024/CVE-2024-238xx/CVE-2024-23874.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-23875](CVE-2024/CVE-2024-238xx/CVE-2024-23875.json) (`2024-01-26T13:51:45.267`) +* [CVE-2024-22402](CVE-2024/CVE-2024-224xx/CVE-2024-22402.json) (`2024-01-26T14:11:30.677`) +* [CVE-2024-22404](CVE-2024/CVE-2024-224xx/CVE-2024-22404.json) (`2024-01-26T14:37:23.880`) +* [CVE-2024-22401](CVE-2024/CVE-2024-224xx/CVE-2024-22401.json) (`2024-01-26T14:42:35.147`) +* [CVE-2024-0737](CVE-2024/CVE-2024-07xx/CVE-2024-0737.json) (`2024-01-26T14:44:48.370`) +* [CVE-2024-23689](CVE-2024/CVE-2024-236xx/CVE-2024-23689.json) (`2024-01-26T14:50:45.023`) +* [CVE-2024-22212](CVE-2024/CVE-2024-222xx/CVE-2024-22212.json) (`2024-01-26T14:58:18.877`) ## Download and Usage