admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-22T21:00:30.119467+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-22 21:00:33 +00:00
parent 946e2fb79b
commit 117e7d7ec1
250 changed files with 1951 additions and 532 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2021/CVE-2021-290xx/CVE-2021-29038.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-29038",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T22:15:08.010",
"lastModified": "2024-02-20T22:15:08.010",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers."
},
{
"lang": "es",
"value": "Liferay Portal 7.2.0 a 7.3.5 y versiones anteriores no compatibles, y Liferay DXP 7.3 anterior al fix pack 1, 7.2 anterior al fix pack 17 y versiones anteriores no compatibles no ofuscan las respuestas de recordatorio de contrase\u00f1a en la p\u00e1gina, lo que permite a los atacantes utilizar ataques de man-in-the-middle para robar las respuestas de recordatorio de contrase\u00f1a del usuario."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-290xx/CVE-2021-29050.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-29050",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T22:15:08.067",
"lastModified": "2024-02-20T22:15:08.067",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en la p\u00e1gina de t\u00e9rminos de uso en Liferay Portal anterior a 7.3.6 y Liferay DXP 7.3 anterior al service pack 1, 7.2 anterior al fix pack 11 permite a atacantes remotos aceptar los t\u00e9rminos de uso del sitio mediante ingenier\u00eda social e incitar al usuario a visitar una p\u00e1gina maliciosa."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-451xx/CVE-2022-45169.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-45169",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T16:15:49.060",
"lastModified": "2024-02-21T16:15:49.060",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v031. Se puede producir una redirecci\u00f3n de URL a un sitio que no es de confianza (redirecci\u00f3n abierta) en el endpoint /api/v1/notification/createnotification, lo que permite a un usuario autenticado enviar una notificaci\u00f3n push arbitraria a cualquier otro usuario del sistema. Esta notificaci\u00f3n push puede incluir un enlace (invisible) en el que se puede hacer clic."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-451xx/CVE-2022-45177.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-45177",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T16:15:49.127",
"lastModified": "2024-02-21T16:15:49.127",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v031. Puede ocurrir una discrepancia de respuesta observable en el endpoint /api/v1/vdeskintegration/user/isenableuser, el endpoin /api/v1/sharedsearch?search={NAME]+{SURNAME] y el endpoint /login. La aplicaci\u00f3n web proporciona diferentes respuestas a las solicitudes entrantes de una manera que revela informaci\u00f3n del estado interno a un actor no autorizado fuera de la esfera de control prevista."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-451xx/CVE-2022-45179.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-45179",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T16:15:49.173",
"lastModified": "2024-02-21T16:15:49.173",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user (authenticated to the product) can store arbitrary HTML code in the reminder section title in order to corrupt the web page (for example, by creating phishing sections to exfiltrate victims' credentials)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v031. Existe una vulnerabilidad XSS b\u00e1sica en el endpoint /api/v1/vdeskintegration/todo/createorupdate a trav\u00e9s del par\u00e1metro title y /dashboard/reminders. Un usuario remoto (autenticado en el producto) puede almacenar c\u00f3digo HTML arbitrario en el t\u00edtulo de la secci\u00f3n de recordatorio para corromper la p\u00e1gina web (por ejemplo, creando secciones de phishing para extraer las credenciales de las v\u00edctimas)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-243xx/CVE-2023-24330.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-24330",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.503",
"lastModified": "2024-02-21T21:15:08.503",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n de comandos en D-Link Dir 882 con la versi\u00f3n de firmware DIR882A1_FW130B06 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de una solicitud POST manipulada para /HNAP1/."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-243xx/CVE-2023-24331.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-24331",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.567",
"lastModified": "2024-02-21T21:15:08.567",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos en D-Link Dir 816 con versi\u00f3n de firmware DIR-816_A2_v1.10CNB04 permite a atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro urlAdd."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-243xx/CVE-2023-24332.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-24332",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.617",
"lastModified": "2024-02-21T21:15:08.617",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento en la regi\u00f3n stack de la memoria en Tenda AC6 con la versi\u00f3n de firmware US_AC6V5.0re_V03.03.02.01_cn_TDC01 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de una solicitud POST manipulada para /goform/PowerSaveSet."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-243xx/CVE-2023-24333.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-24333",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.673",
"lastModified": "2024-02-21T21:15:08.673",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento en la regi\u00f3n stack de la memoria en Tenda AC21 con la versi\u00f3n de firmware US_AC21V1.0re_V16.03.08.15_cn_TDC01 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de una solicitud POST manipulada para /goform/openSchedWifi."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-243xx/CVE-2023-24334.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-24334",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.723",
"lastModified": "2024-02-21T21:15:08.723",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento en la regi\u00f3n stack de la memoria en Tenda AC23 con la versi\u00f3n de firmware US_AC23V1.0re_V16.03.07.45_cn_TDC01 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro schedStartTime."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-291xx/CVE-2023-29179.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29179",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-22T10:15:07.693",
"lastModified": "2024-02-22T10:15:07.693",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests."
},
{
"lang": "es",
"value": "Una desreferencia de puntero nulo en Fortinet FortiOS versi\u00f3n 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, Fortiproxy versi\u00f3n 7.2.0 a 7.2.4, 7.0.0 a 7.0.10 permite atacante a la denegaci\u00f3n de servicio a trav\u00e9s de solicitudes HTTP especialmente manipuladas."
}
],
"metrics": {

8
CVE-2023/CVE-2023-291xx/CVE-2023-29180.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29180",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-22T10:15:07.947",
"lastModified": "2024-02-22T10:15:07.947",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests."
},
{
"lang": "es",
"value": "Una desreferencia de puntero nulo en Fortinet FortiOS versi\u00f3n 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.0.16, FortiProxy 7.2 .0 a 7.2.3, 7.0.0 a 7.0.10, 2.0.0 a 2.0.12, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7 permite al atacante negar del servicio a trav\u00e9s de solicitudes HTTP especialmente manipuladas."
}
],
"metrics": {

8
CVE-2023/CVE-2023-291xx/CVE-2023-29181.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29181",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-22T10:15:08.140",
"lastModified": "2024-02-22T10:15:08.140",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command."
},
{
"lang": "es",
"value": "Un uso de cadena de formato controlada externamente en Fortinet FortiOS 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.0.16 , FortiProxy 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, 2.0.0 a 2.0.12, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7, FortiPAM 1.0.0 a 1.0.3 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados mediante un comando especialmente manipulado."
}
],
"metrics": {

8
CVE-2023/CVE-2023-338xx/CVE-2023-33843.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-33843",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-21T15:15:08.537",
"lastModified": "2024-02-21T15:15:08.537",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 256544."
}
],
"metrics": {

8
CVE-2023/CVE-2023-35xx/CVE-2023-3509.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-3509",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-21T23:15:08.223",
"lastModified": "2024-02-21T23:15:08.223",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated with projects in the group."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab que afecta a todas las versiones anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Los miembros del grupo con funci\u00f3n de submantenedor pod\u00edan cambiar el t\u00edtulo de las claves de implementaci\u00f3n de acceso privado asociadas con los proyectos del grupo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-371xx/CVE-2023-37177.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37177",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.773",
"lastModified": "2024-02-21T21:15:08.773",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PMB Services PMB v.7.4.7 y anteriores permite que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de consulta en el endpoint /admin/convert/export_z3950.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-388xx/CVE-2023-38844.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38844",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T21:15:08.840",
"lastModified": "2024-02-21T21:15:08.840",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PMB v.7.4.7 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro tesauro en export_skos.php."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-39xx/CVE-2023-3966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3966",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-22T13:15:07.770",
"lastModified": "2024-02-22T13:15:07.770",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-401xx/CVE-2023-40191.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40191",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:07.870",
"lastModified": "2024-02-21T03:15:07.870",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the \u201cBlocked Email Domains\u201d text field"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-site scripting (XSS) reflejado en la configuraci\u00f3n de instancia para cuentas en Liferay Portal 7.4.3.44 a 7.4.3.97, y Liferay DXP 2023.Q3 antes del parche 6, y 7.4 actualizaci\u00f3n 44 a 92 permite a atacantes remotos inyectar script arbitrarios o HTML a trav\u00e9s de un payload manipulado inyectado en el campo de texto \"Dominios de correo electr\u00f3nico bloqueados\""
}
],
"metrics": {

8
CVE-2023/CVE-2023-424xx/CVE-2023-42496.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42496",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:08.057",
"lastModified": "2024-02-21T03:15:08.057",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-site scripting (XSS) reflejado al agregar asignados a una p\u00e1gina de rol en Liferay Portal 7.3.3 hasta 7.4.3.97 y Liferay DXP 2023.Q3 antes del parche 6, 7.4 GA hasta la actualizaci\u00f3n 92 y 7.3 antes de que la actualizaci\u00f3n 34 lo permita atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del par\u00e1metro _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-424xx/CVE-2023-42498.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42498",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:08.240",
"lastModified": "2024-02-21T03:15:08.240",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) reflejado en la pantalla de edici\u00f3n de Language Override en Liferay Portal 7.4.3.8 a 7.4.3.97, y Liferay DXP 2023.Q3 antes del parche 5, y 7.4 actualizaci\u00f3n 4 a 92 permite a atacantes remotos inyectar scripts web arbitrarios o HTML a trav\u00e9s del par\u00e1metro _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key."
}
],
"metrics": {

8
CVE-2023/CVE-2023-428xx/CVE-2023-42823.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42823",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:47.540",
"lastModified": "2024-02-21T07:15:47.540",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
},
{
"lang": "es",
"value": "El problema se resolvi\u00f3 sanitizando el registro. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42834.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42834",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:47.977",
"lastModified": "2024-02-21T07:15:47.977",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42835.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42835",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.167",
"lastModified": "2024-02-21T07:15:48.167",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1. Un atacante puede acceder a los datos del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42836.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42836",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.333",
"lastModified": "2024-02-21T07:15:48.333",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. Un atacante puede acceder a vol\u00famenes de red conectados montados en el directorio de inicio."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42838.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42838",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.543",
"lastModified": "2024-02-21T07:15:48.543",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de acceso con mejoras en la zona de pruebas. Este problema se solucion\u00f3 en macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas o con ciertos privilegios elevados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42839.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42839",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.633",
"lastModified": "2024-02-21T07:15:48.633",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "Esta cuesti\u00f3n se abord\u00f3 con una mejor gesti\u00f3n de estado. Este problema se solucion\u00f3 en tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42840.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42840",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.767",
"lastModified": "2024-02-21T07:15:48.767",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42843.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42843",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:48.940",
"lastModified": "2024-02-21T07:15:48.940",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de interfaz de usuario inconsistente con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visitar un sitio web malicioso puede provocar una suplantaci\u00f3n de la barra de direcciones."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42848.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42848",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.113",
"lastModified": "2024-02-21T07:15:49.113",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.1. Procesar una imagen creada con fines malintencionados puede provocar da\u00f1os en el mont\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42853.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42853",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.273",
"lastModified": "2024-02-21T07:15:49.273",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42855.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42855",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.460",
"lastModified": "2024-02-21T07:15:49.460",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved state management. This issue is fixed in iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to silently persist an Apple ID on an erased device."
},
{
"lang": "es",
"value": "Esta cuesti\u00f3n se abord\u00f3 con una mejor gesti\u00f3n de estado. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. Un atacante con acceso f\u00edsico puede conservar silenciosamente una ID de Apple en un dispositivo borrado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42858.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42858",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.533",
"lastModified": "2024-02-21T07:15:49.533",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42859.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42859",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.670",
"lastModified": "2024-02-21T07:15:49.670",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42860.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42860",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.827",
"lastModified": "2024-02-21T07:15:49.827",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42873.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42873",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.997",
"lastModified": "2024-02-21T07:15:49.997",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.1. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42877.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42877",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.173",
"lastModified": "2024-02-21T07:15:50.173",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42878.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42878",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.357",
"lastModified": "2024-02-21T07:15:50.357",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-428xx/CVE-2023-42889.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42889",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.453",
"lastModified": "2024-02-21T07:15:50.453",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda omitir ciertas preferencias de privacidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-429xx/CVE-2023-42928.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42928",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.603",
"lastModified": "2024-02-21T07:15:50.603",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda obtener privilegios elevados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-429xx/CVE-2023-42939.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42939",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.767",
"lastModified": "2024-02-21T07:15:50.767",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be unexpectedly saved in the App Privacy Report."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. La actividad de navegaci\u00f3n privada de un usuario puede guardarse inesperadamente en el Informe de privacidad de la aplicaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-429xx/CVE-2023-42942.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42942",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.963",
"lastModified": "2024-02-21T07:15:50.963",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 mejorando el manejo de los enlaces simb\u00f3licos. Este problema se solucion\u00f3 en watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n maliciosa pueda obtener privilegios de root."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-429xx/CVE-2023-42945.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42945",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.140",
"lastModified": "2024-02-21T07:15:51.140",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.1. Una aplicaci\u00f3n puede obtener acceso no autorizado a Bluetooth."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-429xx/CVE-2023-42946.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42946",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.307",
"lastModified": "2024-02-21T07:15:51.307",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda filtrar informaci\u00f3n confidencial del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-429xx/CVE-2023-42951.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42951",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.363",
"lastModified": "2024-02-21T07:15:51.363",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. Es posible que un usuario no pueda eliminar elementos del historial de navegaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-429xx/CVE-2023-42952.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42952",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.510",
"lastModified": "2024-02-21T07:15:51.510",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. Una aplicaci\u00f3n con privilegios de root puede acceder a informaci\u00f3n privada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-429xx/CVE-2023-42953.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42953",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.717",
"lastModified": "2024-02-21T07:15:51.717",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-443xx/CVE-2023-44379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44379",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T15:15:08.060",
"lastModified": "2024-02-22T15:15:08.060",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

12
CVE-2023/CVE-2023-458xx/CVE-2023-45868.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45868",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-26T15:15:08.957",
"lastModified": "2023-11-14T18:08:02.027",
"lastModified": "2024-02-22T19:06:44.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,7 +21,7 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -29,12 +29,12 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
"impactScore": 5.2
}
]
},

8
CVE-2023/CVE-2023-462xx/CVE-2023-46241.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46241",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-21T16:15:49.240",
"lastModified": "2024-02-21T16:15:49.240",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "`discourse-microsoft-auth` is a plugin that enables authentication via Microsoft. On sites with the `discourse-microsoft-auth` plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than `Accounts in this organizational directory only (O365 only - Single tenant)` are vulnerable. This vulnerability has been patched in commit c40665f44509724b64938c85def9fb2e79f62ec8 of `discourse-microsoft-auth`. A `microsoft_auth:revoke` rake task has also been added which will deactivate and log out all users that have connected their accounts to Microsoft. User API keys as well as API keys created by those users will also be revoked. The rake task will also remove the connection records to Microsoft for those users. This will allow affected users to re-verify their account emails as well as reconnect their Discourse account to Microsoft for authentication. As a workaround, disable the `discourse-microsoft-auth` plugin by setting the `microsoft_auth_enabled` site setting to `false`. Run the `microsoft_auth:log_out_users` rake task to log out all users with associated Microsoft accounts.\n"
},
{
"lang": "es",
"value": "`discourse-microsoft-auth` es un complemento que permite la autenticaci\u00f3n a trav\u00e9s de Microsoft. En sitios con el complemento `discourse-microsoft-auth` habilitado, un ataque puede potencialmente tomar el control de la cuenta de Discourse de una v\u00edctima. Los sitios que han configurado el tipo de cuenta de su aplicaci\u00f3n con cualquier opci\u00f3n distinta a \"Cuentas solo en este directorio organizacional (solo O365 - Inquilino \u00fanico)\" son vulnerables. Esta vulnerabilidad ha sido parcheada en el commit c40665f44509724b64938c85def9fb2e79f62ec8 de `discourse-microsoft-auth`. Tambi\u00e9n se agreg\u00f3 una tarea de rake `microsoft_auth:revoke` que desactivar\u00e1 y cerrar\u00e1 sesi\u00f3n a todos los usuarios que hayan conectado sus cuentas a Microsoft. Tambi\u00e9n se revocar\u00e1n las claves API de usuario, as\u00ed como las claves API creadas por esos usuarios. La tarea de rake tambi\u00e9n eliminar\u00e1 los registros de conexi\u00f3n a Microsoft para esos usuarios. Esto permitir\u00e1 a los usuarios afectados volver a verificar los correos electr\u00f3nicos de sus cuentas y volver a conectar su cuenta de Discourse a Microsoft para su autenticaci\u00f3n. Como workaround, deshabilite el complemento `discourse-microsoft-auth` estableciendo la configuraci\u00f3n del sitio `microsoft_auth_enabled` en `false`. Ejecute la tarea de rake `microsoft_auth:log_out_users` para cerrar la sesi\u00f3n de todos los usuarios con cuentas de Microsoft asociadas."
}
],
"metrics": {

8
CVE-2023/CVE-2023-474xx/CVE-2023-47422.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47422",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T22:15:08.143",
"lastModified": "2024-02-20T22:15:08.143",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL."
},
{
"lang": "es",
"value": "Un problema de control de acceso en /usr/sbin/httpd en Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46 y Tenda AX12 V1 V22.03.01.46 permite a los atacantes para omitir la autenticaci\u00f3n en cualquier endpoint a trav\u00e9s de una URL manipulada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-477xx/CVE-2023-47795.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47795",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T14:15:45.677",
"lastModified": "2024-02-21T14:15:45.677",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's \u201cTitle\u201d text field."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el widget Documentos y Medios en Liferay Portal 7.4.3.18 a 7.4.3.101, y Liferay DXP 2023.Q3 antes del parche 6, y 7.4 actualizaciones 18 a 92 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el campo de texto \"T\u00edtulo\" de un documento."
}
],
"metrics": {

6
CVE-2023/CVE-2023-487xx/CVE-2023-48715.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-48715",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-11T19:15:08.860",
"lastModified": "2023-12-14T14:51:04.473",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-22T19:15:08.410",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 or Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue."
"value": "Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue."
},
{
"lang": "es",

8
CVE-2023/CVE-2023-48xx/CVE-2023-4895.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4895",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T01:15:07.780",
"lastModified": "2024-02-22T01:15:07.780",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 12.0 a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Esta vulnerabilidad permite omitir la configuraci\u00f3n de 'restricci\u00f3n de IP de grupo' para acceder a los detalles del entorno de los proyectos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-491xx/CVE-2023-49100.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49100",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T16:15:49.457",
"lastModified": "2024-02-21T16:15:49.457",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however."
},
{
"lang": "es",
"value": "Trusted Firmware-A (TF-A) anterior a 2.10 tiene una posible lectura fuera de los l\u00edmites en el servicio SDEI. El par\u00e1metro de entrada pasado en el registro x1 no est\u00e1 suficientemente validado en la funci\u00f3n sdei_interrupt_bind. El par\u00e1metro se pasa a una llamada a plat_ic_get_interrupt_type. Puede ser cualquier valor arbitrario que pase las comprobaciones en la funci\u00f3n plat_ic_is_sgi. Un Normal World (kernel de Linux) comprometido puede permitir que un atacante con privilegios de root emita llamadas SMC arbitrarias. Usando esta primitiva, puede controlar el contenido de los registros x0 a x6, que se utilizan para enviar par\u00e1metros a TF-A. Las direcciones fuera de los l\u00edmites se pueden leer en el contexto de TF-A (EL3). Debido a que el valor le\u00eddo nunca se devuelve a la memoria no segura o a los registros, no es posible ninguna fuga. Sin embargo, un atacante a\u00fan puede bloquear TF-A."
}
],
"metrics": {},

120
CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4911",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T18:15:10.463",
"lastModified": "2024-01-03T15:15:09.770",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-22T20:18:58.020",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-11-21",
"cisaActionDue": "2023-12-12",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -93,8 +93,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68D5A70D-5CEE-4E19-BF35-0245A0E0F6BC"
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.34",
"versionEndExcluding": "2.39",
"matchCriteriaId": "71609239-5262-473E-ACCE-18AE51AB184E"
}
]
}
@ -131,11 +133,36 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1DF28D-0D84-4E40-8E46-BA0EFD371111"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1A0CA2-2BBD-4A7A-B467-F456867D5EC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "845B853C-8F99-4987-AA8E-76078CE6A977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
@ -145,6 +172,36 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C0ED62-9DEE-437C-AC01-0173128259DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "A633E21A-EBAA-41C9-A009-A36BDC762464"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"
}
]
}
@ -154,15 +211,28 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/11",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/2",
@ -190,19 +260,31 @@
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/11",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/14/3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/14/5",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/14/6",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
@ -227,11 +309,17 @@
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5476",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0033",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4911",
@ -280,7 +368,11 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231013-0006/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5514",

8
CVE-2023/CVE-2023-509xx/CVE-2023-50923.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50923",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T00:15:07.597",
"lastModified": "2024-02-21T00:15:07.597",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The \"Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK.\" paper says \"Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic.\""
},
{
"lang": "es",
"value": "En QUIC en RFC 9000, la especificaci\u00f3n Latency Spin Bit (secci\u00f3n 17.4) no restringe estrictamente el valor del bit cuando la caracter\u00edstica est\u00e1 deshabilitada, lo que podr\u00eda permitir a atacantes remotos construir un canal encubierto con datos representados como cambios en el valor del bit. NOTA: \"Sheridan, S., Keane, A. (2015). En Actas de la 14\u00aa Conferencia Europea sobre Guerra Cibern\u00e9tica y Seguridad (ECCWS), Universidad de Hertfordshire, Hatfield, Reino Unido\". El art\u00edculo dice: \"Los protocolos de comunicaci\u00f3n de Internet modernos proporcionan un n\u00famero casi infinito de formas en las que los datos pueden ocultarse o incrustarse en el tr\u00e1fico de red aparentemente normal\"."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-509xx/CVE-2023-50955.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50955",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-21T15:15:08.760",
"lastModified": "2024-02-21T15:15:08.760",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un usuario privilegiado autenticado obtenga la ruta absoluta de la instalaci\u00f3n del servidor web, lo que podr\u00eda ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 275777."
}
],
"metrics": {

8
CVE-2023/CVE-2023-509xx/CVE-2023-50975.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50975",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T19:15:08.373",
"lastModified": "2024-02-21T19:15:08.373",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information."
},
{
"lang": "es",
"value": "El cliente TD Bank TD Advanced Dashboard hasta 3.0.3 para macOS permite la ejecuci\u00f3n de c\u00f3digo arbitrario debido a la falta de electron::fuses::IsRunAsNodeEnabled (es decir, ELECTRON_RUN_AS_NODE se puede usar en producci\u00f3n). Esto facilita que un proceso comprometido acceda a la informaci\u00f3n bancaria."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-513xx/CVE-2023-51388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51388",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T16:15:53.413",
"lastModified": "2024-02-22T16:15:53.413",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-513xx/CVE-2023-51389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51389",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T16:15:53.623",
"lastModified": "2024-02-22T16:15:53.623",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-514xx/CVE-2023-51450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51450",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T15:15:08.290",
"lastModified": "2024-02-22T15:15:08.290",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-516xx/CVE-2023-51653.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51653",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T16:15:53.800",
"lastModified": "2024-02-22T16:15:53.800",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-518xx/CVE-2023-51828.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51828",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T22:15:48.960",
"lastModified": "2024-02-21T22:15:48.960",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /admin/convert/export.class.php en PMB 7.4.7 y versiones anteriores permite a atacantes remotos no autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro de consulta en la funci\u00f3n get_next_notice."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-521xx/CVE-2023-52153.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52153",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T22:15:49.023",
"lastModified": "2024-02-21T22:15:49.023",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /pmb/opac_css/includes/sessions.inc.php en PMB 7.4.7 y versiones anteriores permite a atacantes remotos no autenticados inyectar comandos SQL arbitrarios a trav\u00e9s del valor de cookie PmbOpac-LOGIN."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-521xx/CVE-2023-52154.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52154",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T22:15:49.073",
"lastModified": "2024-02-21T22:15:49.073",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos en pmb/camera_upload.php en PMB 7.4.7 y versiones anteriores permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de archivos PHTML manipulados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-521xx/CVE-2023-52155.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52155",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T22:15:49.117",
"lastModified": "2024-02-21T22:15:49.117",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /admin/sauvegarde/run.php en PMB 7.4.7 y anteriores permite a atacantes remotos autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de la variable sauvegardes a trav\u00e9s del endpoint /admin/sauvegarde/run.php."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-521xx/CVE-2023-52160.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52160",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T17:15:08.263",
"lastModified": "2024-02-22T18:15:48.530",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-521xx/CVE-2023-52161.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52161",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T17:15:08.327",
"lastModified": "2024-02-22T17:15:08.327",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-524xx/CVE-2023-52440.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52440",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.203",
"lastModified": "2024-02-21T08:15:45.203",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()\n\nIf authblob->SessionKey.Length is bigger than session key\nsize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.\ncifs_arc4_crypt copy to session key array from SessionKey from client."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: corrige el desbordamiento de slub en ksmbd_decode_ntlmssp_auth_blob() Si authblob->SessionKey.Length es mayor que el tama\u00f1o de la clave de sesi\u00f3n (CIFS_KEY_SIZE), puede ocurrir un desbordamiento de slub en los c\u00f3digos de intercambio de claves. cifs_arc4_crypt copia a la matriz de claves de sesi\u00f3n desde SessionKey del cliente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52441.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52441",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.463",
"lastModified": "2024-02-21T08:15:45.463",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out of bounds in init_smb2_rsp_hdr()\n\nIf client send smb2 negotiate request and then send smb1 negotiate\nrequest, init_smb2_rsp_hdr is called for smb1 negotiate request since\nneed_neg is set to false. This patch ignore smb1 packets after ->need_neg\nis set to false."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: correcci\u00f3n fuera de los l\u00edmites en init_smb2_rsp_hdr() Si el cliente env\u00eda una solicitud de negociaci\u00f3n smb2 y luego env\u00eda una solicitud de negociaci\u00f3n smb1, se llama a init_smb2_rsp_hdr para la solicitud de negociaci\u00f3n smb1 ya que need_neg est\u00e1 configurado en falso. Este parche ignora los paquetes smb1 despu\u00e9s de que ->need_neg se establece en falso."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52442.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52442",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.547",
"lastModified": "2024-02-21T08:15:45.547",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate session id and tree id in compound request\n\n`smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()\nwill always return the first request smb2 header in a compound request.\nif `SMB2_TREE_CONNECT_HE` is the first command in compound request, will\nreturn 0, i.e. The tree id check is skipped.\nThis patch use ksmbd_req_buf_next() to get current command in compound."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: validar la identificaci\u00f3n de la sesi\u00f3n y la identificaci\u00f3n del \u00e1rbol en la solicitud compuesta `smb2_get_msg()` en smb2_get_ksmbd_tcon() y smb2_check_user_session() siempre devolver\u00e1 el encabezado smb2 de la primera solicitud en una solicitud compuesta. si `SMB2_TREE_CONNECT_HE` es el primer comando en la solicitud compuesta, devolver\u00e1 0, es decir, se omite la verificaci\u00f3n de identificaci\u00f3n del \u00e1rbol. Este parche usa ksmbd_req_buf_next() para obtener el comando actual en compuesto."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-524xx/CVE-2023-52443.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52443",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.377",
"lastModified": "2024-02-22T17:15:08.377",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-524xx/CVE-2023-52444.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52444",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.430",
"lastModified": "2024-02-22T17:15:08.430",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-524xx/CVE-2023-52445.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52445",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.477",
"lastModified": "2024-02-22T17:15:08.477",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-524xx/CVE-2023-52446.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52446",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.527",
"lastModified": "2024-02-22T17:15:08.527",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-524xx/CVE-2023-52447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52447",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.580",
"lastModified": "2024-02-22T17:15:08.580",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-524xx/CVE-2023-52448.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52448",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.630",
"lastModified": "2024-02-22T17:15:08.630",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-524xx/CVE-2023-52449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52449",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.677",
"lastModified": "2024-02-22T17:15:08.677",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-524xx/CVE-2023-52450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52450",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.733",
"lastModified": "2024-02-22T17:15:08.733",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-524xx/CVE-2023-52451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52451",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.777",
"lastModified": "2024-02-22T17:15:08.777",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-524xx/CVE-2023-52452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52452",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.830",
"lastModified": "2024-02-22T17:15:08.830",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-64xx/CVE-2023-6477.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6477",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:51.533",
"lastModified": "2024-02-22T00:15:51.533",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 16.5 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Cuando a un usuario se le asigna una funci\u00f3n personalizada con permiso admin_group_member, es posible que pueda convertir un grupo, otros miembros o ellos mismos en propietarios de ese grupo, lo que puede llevar a una escalada de privilegios."
}
],
"metrics": {

8
CVE-2023/CVE-2023-65xx/CVE-2023-6533.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6533",
"sourceIdentifier": "product-security@silabs.com",
"published": "2024-02-21T20:15:46.283",
"lastModified": "2024-02-21T20:15:46.283",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.\u00a0"
},
{
"lang": "es",
"value": "Se pueden enviar paquetes de clase de comando de reinicio local de dispositivo con formato incorrecto al controlador, lo que hace que el controlador asuma que el dispositivo final ha abandonado la red. Despu\u00e9s de esto, el controlador no reconocer\u00e1 las tramas enviadas por el dispositivo final. Esta vulnerabilidad existe en PC Controller v5.54.0 y versiones anteriores."
}
],
"metrics": {

8
CVE-2023/CVE-2023-66xx/CVE-2023-6640.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6640",
"sourceIdentifier": "product-security@silabs.com",
"published": "2024-02-21T20:15:46.497",
"lastModified": "2024-02-21T20:15:46.497",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.\u00a0"
},
{
"lang": "es",
"value": "Se pueden enviar paquetes S2 Nonce Get Command Class con formato incorrecto para bloquear el PC Controller v5.54.0 y versiones anteriores."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6936.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6936",
"sourceIdentifier": "facts@wolfssl.com",
"published": "2024-02-20T22:15:08.197",
"lastModified": "2024-02-20T22:15:08.197",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).\n"
},
{
"lang": "es",
"value": "En wolfSSL anterior a 5.6.6, si las funciones de devoluci\u00f3n de llamada est\u00e1n habilitadas (a trav\u00e9s del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS malicioso o un atacante de red puede desencadenar una sobrelectura del b\u00fafer en el mont\u00f3n de 5 bytes (WOLFSSL_CALLBACKS solo est\u00e1 destinado a la depuraci\u00f3n)."
}
],
"metrics": {

4
CVE-2023/CVE-2023-72xx/CVE-2023-7235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7235",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-02-21T11:15:07.673",
"lastModified": "2024-02-21T11:15:07.673",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-02xx/CVE-2024-0220.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0220",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-02-22T11:15:08.840",
"lastModified": "2024-02-22T11:15:08.840",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-04xx/CVE-2024-0407.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0407",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-02-21T01:15:07.753",
"lastModified": "2024-02-21T01:15:07.753",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store."
},
{
"lang": "es",
"value": "Ciertas impresoras HP Enterprise LaserJet y HP LaserJet Managed son potencialmente vulnerables a la divulgaci\u00f3n de informaci\u00f3n, cuando las conexiones realizadas por el dispositivo a los servicios habilitados por algunas soluciones pueden haber sido confiables sin el certificado CA apropiado en el almac\u00e9n de certificados del dispositivo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-04xx/CVE-2024-0410.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0410",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:51.723",
"lastModified": "2024-02-22T00:15:51.723",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n en GitLab que afecta a las versiones 15.1 anteriores a 16.7.6, 16.8 anteriores a 16.8.3 y 16.9 anteriores a 16.9.1. Un desarrollador podr\u00eda eludir las aprobaciones de CODEOWNERS creando un conflicto de fusi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-04xx/CVE-2024-0446.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0446",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-02-22T00:15:51.903",
"lastModified": "2024-02-22T00:15:51.903",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u00a0\n"
},
{
"lang": "es",
"value": "Un archivo STP, CATPART o MODEL creado con fines malintencionados cuando se analiza en ASMKERN228A.dll a trav\u00e9s de Autodesk AutoCAD puede forzar una escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, escribir datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-05xx/CVE-2024-0593.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0593",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T07:15:52.520",
"lastModified": "2024-02-21T07:15:52.520",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information."
},
{
"lang": "es",
"value": "El complemento Simple Job Board para WordPress es vulnerable al acceso no autorizado a los datos | debido a una verificaci\u00f3n de autorizaci\u00f3n insuficiente en la funci\u00f3n fetch_quick_job() en todas las versiones hasta la 2.10.8 incluida. Esto hace posible que atacantes no autenticados obtengan publicaciones arbitrarias, que pueden estar protegidas con contrase\u00f1a o ser privadas y contener informaci\u00f3n confidencial."
}
],
"metrics": {

8
CVE-2024/CVE-2024-08xx/CVE-2024-0861.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0861",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:51.973",
"lastModified": "2024-02-22T00:15:51.973",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones desde 16.4 anteriores a 16.7.6, todas las versiones desde 16.8 anteriores a 16.8.3, todas las versiones desde 16.9 anteriores a 16.9.1. Los usuarios con el rol \"Invitado\" pueden cambiar la configuraci\u00f3n de \"Proyectos de panel personalizados\" en contra de los permisos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0903.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0903",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-22T06:15:57.453",
"lastModified": "2024-02-22T06:15:57.453",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execute when a user clicks the link, while also pressing the command key."
},
{
"lang": "es",
"value": "El complemento User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del valor de \"enlace\" 'page_submitted' en todas las versiones hasta la 1.0.13 incluida, debido a una sanitizaci\u00f3n insuficiente de los insumos y escape de los productos. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en la p\u00e1gina de env\u00edo de comentarios que se ejecutar\u00e1n cuando un usuario haga clic en el enlace y al mismo tiempo presione la tecla Comando."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1053.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1053",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-22T06:15:57.703",
"lastModified": "2024-02-22T06:15:57.703",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves."
},
{
"lang": "es",
"value": "El complemento Event Tickets and Registration para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la acci\u00f3n 'email' en todas las versiones hasta la 5.8.1 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, se env\u00eden por correo electr\u00f3nico la lista de asistentes."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1081.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1081",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T07:15:53.183",
"lastModified": "2024-02-21T07:15:53.183",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento 3D FlipBook \u2013 PDF Flipbook WordPress para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la funci\u00f3n de marcador del complemento en todas las versiones hasta la 1.15.3 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2024/CVE-2024-11xx/CVE-2024-1104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1104",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-02-22T12:15:46.033",
"lastModified": "2024-02-22T12:15:46.033",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-11xx/CVE-2024-1108.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1108",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T03:15:08.567",
"lastModified": "2024-02-21T03:15:08.567",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration."
},
{
"lang": "es",
"value": "El complemento Plugin Groups para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n admin_init() en todas las versiones hasta la 2.0.6 incluida. Esto hace posible que atacantes no autenticados cambien la configuraci\u00f3n del complemento, lo que tambi\u00e9n puede provocar una denegaci\u00f3n de servicio debido a una mala configuraci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-12xx/CVE-2024-1212.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1212",
"sourceIdentifier": "security@progress.com",
"published": "2024-02-21T18:15:50.417",
"lastModified": "2024-02-21T18:15:50.417",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n\n\n"
},
{
"lang": "es",
"value": "Los atacantes remotos no autenticados pueden acceder al sistema a trav\u00e9s de la interfaz de administraci\u00f3n de LoadMaster, lo que permite la ejecuci\u00f3n arbitraria de comandos del sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-14xx/CVE-2024-1451.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1451",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:52.153",
"lastModified": "2024-02-22T00:15:52.153",
"vulnStatus": "Received",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims.\""
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde la 16.9 hasta la 16.9.1. un payload manipulado y agregado a la p\u00e1gina de perfil del usuario podr\u00eda generar un XSS almacenado en el lado del cliente, lo que permitir\u00eda a los atacantes realizar acciones arbitrarias en nombre de las v\u00edctimas\"."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More