mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-07 19:16:29 +00:00
Auto-Update: 2024-06-16T02:00:18.245901+00:00
This commit is contained in:
cad-safe-bot
parent
b173dba9b5
commit
22bafe98ad
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2019-02-15T23:29:00.277",
|
||||
"lastModified": "2020-08-24T17:37:01.140",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2022-08-18T23:15:08.187",
|
||||
"lastModified": "2022-08-19T16:25:20.040",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2021-05-06T13:15:10.850",
|
||||
"lastModified": "2024-03-21T20:02:24.913",
|
||||
"vulnStatus": "Analyzed",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v018. Se puede omitir la autenticaci\u00f3n de dos factores en el endpoint /login/backup_code y en el endpoint /api/v1/vdeskintegration/createbackupcodes, porque la aplicaci\u00f3n permite al usuario generar o regenerar los c\u00f3digos de respaldo antes de verificar el TOTP."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v018. Cross-site Scripting (XSS) Almacenado puede ocurrir en el endpoint /api/v1/getbodyfile a trav\u00e9s del par\u00e1metro uri. La aplicaci\u00f3n web (a trav\u00e9s de su secci\u00f3n de funcionalidad vShare) no verifica adecuadamente los par\u00e1metros, enviados en solicitudes HTTP como entrada, antes de guardarlos en el servidor. Adem\u00e1s, el contenido JavaScript manipulado puede reflejarse en el usuario final y ejecutarse mediante el navegador web."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security-alert@sophos.com",
|
||||
"published": "2023-04-04T10:15:07.197",
|
||||
"lastModified": "2023-04-26T17:15:11.037",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-11-16",
|
||||
"cisaActionDue": "2023-12-07",
|
||||
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2023-09-27T18:15:10.860",
|
||||
"lastModified": "2024-01-25T17:15:29.877",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-10-10",
|
||||
"cisaActionDue": "2023-10-31",
|
||||
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2023-10-16T16:15:10.023",
|
||||
"lastModified": "2024-01-25T17:15:34.820",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-10-16",
|
||||
"cisaActionDue": "2023-10-20",
|
||||
"cisaRequiredAction": "Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2023-10-25T18:17:23.017",
|
||||
"lastModified": "2024-01-25T17:15:43.297",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-10-23",
|
||||
"cisaActionDue": "2023-10-27",
|
||||
"cisaRequiredAction": "Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@atlassian.com",
|
||||
"published": "2023-10-31T15:15:08.573",
|
||||
"lastModified": "2023-12-19T16:15:07.883",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-11-07",
|
||||
"cisaActionDue": "2023-11-28",
|
||||
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en MainWP MainWP Staging Extension. Este problema afecta a MainWP Staging Extension: desde n/a hasta 4.0.3."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en MainWP MainWP UpdraftPlus Extension. Este problema afecta a MainWP UpdraftPlus Extension: desde n/a hasta 4.0.6."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en NervyThemes SKU Label Changer For WooCommerce. Este problema afecta a SKU Label Changer For WooCommerce: desde n/a hasta 3.0."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Unlimited Elements Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos). Este problema afecta a Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos): desde n/a hasta 1.5.65."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:12.067",
|
||||
"lastModified": "2024-04-12T16:15:20.047",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-12-05",
|
||||
"cisaActionDue": "2023-12-26",
|
||||
"cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:14.673",
|
||||
"lastModified": "2024-04-12T16:15:27.653",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-12-05",
|
||||
"cisaActionDue": "2023-12-26",
|
||||
"cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:14.860",
|
||||
"lastModified": "2024-04-12T16:15:28.040",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-12-05",
|
||||
"cisaActionDue": "2023-12-26",
|
||||
"cisaRequiredAction": "Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Woo WooCommerce Box Office. Este problema afecta a WooCommerce Box Office: desde n/a hasta 1.1.51."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en SendPress SendPress Newsletters. Este problema afecta a SendPress Newsletters: desde n/a hasta 1.23.11.6."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through 2.6.7."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Fat Rat Fat Rat Collect. Este problema afecta a Fat Rat Collect: desde n/a hasta 2.6.7."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Las vulnerabilidades de inyecci\u00f3n XPath en el blog y las funciones RSS de Modern Campus - Omni CMS 2023.1 permiten que un atacante remoto no autenticado obtenga informaci\u00f3n de la aplicaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado en la funci\u00f3n de blog de Modern Campus - Omni CMS 2023.1 permite a un atacante remoto inyectar scripts arbitrarios o HTML a trav\u00e9s de m\u00faltiples par\u00e1metros."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de Directory Traversal en Modern Campus: Omni CMS 2023.1 permite que un atacante remoto no autenticado enumere informaci\u00f3n del sistema de archivos a trav\u00e9s del par\u00e1metro dir en listado.php o rss.php."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en BBS e-Theme BBS e-Popup. Este problema afecta a BBS e-Popup: desde n/a hasta 2.4.5."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through 2.1.0.2."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Bryan Lee Kingkong Board. Este problema afecta a Kingkong Board: desde n/a hasta 2.1.0.2. "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through 2.9."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Maxime Schoeni Sublanguage. Este problema afecta a Sublanguage: desde n/a hasta 2.9."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 2.3.0."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Deepak y WP Dummy Content Generator. Este problema afecta a WP Dummy Content Generator: desde n/a hasta 2.3.0."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en TIA Administrator (Todas las versiones < V3 SP2). El componente afectado crea archivos de descarga temporales en un directorio con permisos inseguros. Esto podr\u00eda permitir que cualquier atacante autenticado en Windows interrumpa el proceso de actualizaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "IBM Engineering Lifecycle Optimization Publishing 7.0.2 y 7.03 podr\u00eda permitir a un atacante remoto cargar archivos arbitrarios, provocados por la validaci\u00f3n inadecuada de las extensiones de archivo. Al enviar una solicitud especialmente manipulada, un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para cargar un archivo malicioso, lo que podr\u00eda permitirle ejecutar c\u00f3digo arbitrario en el sistema vulnerable. ID de IBM X-Force: 268751."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "HCL Connections Docs es vulnerable a un ataque de Cross-Site Scripting donde un atacante puede aprovechar este problema para ejecutar c\u00f3digo arbitrario. Esto puede provocar la divulgaci\u00f3n de credenciales y posiblemente lanzar ataques adicionales."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Las consolas con pantalla t\u00e1ctil P62, P80 y P82 de Precor podr\u00edan permitir que un atacante remoto (dentro de la red local) eluda las restricciones de seguridad y acceda al men\u00fa de servicio, porque hay un c\u00f3digo de servicio codificado."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La consola con pantalla t\u00e1ctil P82 de Precor contiene una clave SSH privada que corresponde a una clave p\u00fablica predeterminada. Un atacante remoto podr\u00eda aprovechar esto para obtener privilegios de root."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Las consolas con pantalla t\u00e1ctil Precor P62, P80 y P82 podr\u00edan permitir que un atacante remoto obtenga informaci\u00f3n confidencial porque la contrase\u00f1a de root est\u00e1 almacenada en /etc/passwd. Un atacante podr\u00eda aprovechar esto para extraer archivos y obtener informaci\u00f3n confidencial."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La consola con pantalla t\u00e1ctil P62, P80 y P82 de Precor contiene una clave p\u00fablica SSH predeterminada en el archivo authorized_keys. Un atacante remoto podr\u00eda utilizar esta clave para obtener privilegios de root."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-06-05T19:15:11.373",
|
||||
"lastModified": "2024-06-06T14:17:35.017",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-06-05T19:15:11.617",
|
||||
"lastModified": "2024-06-06T14:17:35.017",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "secure@citrix.com",
|
||||
"published": "2023-10-10T14:15:10.977",
|
||||
"lastModified": "2024-02-29T01:41:58.480",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-10-18",
|
||||
"cisaActionDue": "2023-11-08",
|
||||
"cisaRequiredAction": "Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of affected products, if configured to allow the import of PKCS12 containers, could end up in an infinite loop when processing incomplete certificate chains.\r\n\r\nThis could allow an authenticated remote attacker to create a denial of service condition by importing specially crafted PKCS12 containers."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (todas las versiones < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (todas las versiones < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (todas las versiones < V2.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (todas las versiones < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (todas las versiones < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (todas las versiones < V2.3), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (Todas las versiones < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (Todas las versiones < V2.4.8). El servidor web de los productos afectados, si est\u00e1 configurado para permitir la importaci\u00f3n de contenedores PKCS12, podr\u00eda terminar en un bucle infinito al procesar cadenas de certificados incompletas. Esto podr\u00eda permitir que un atacante remoto autenticado cree una condici\u00f3n de denegaci\u00f3n de servicio importando contenedores PKCS12 especialmente manipulados."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-06-05T19:15:11.700",
|
||||
"lastModified": "2024-06-06T14:17:35.017",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-06-05T19:15:11.900",
|
||||
"lastModified": "2024-06-06T14:17:35.017",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en WPEverest Everest Forms. Este problema afecta a Everest Forms: desde n/a hasta 2.0.3."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Woo WooCommerce Product Vendors. Este problema afecta a los proveedores de productos WooCommerce: desde n/a hasta 2.2.1."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Woo WooCommerce Warranty Requests. Este problema afecta a WooCommerce Warranty Requests: desde n/a hasta 2.2.7."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Woo WooCommerce Warranty Requests. Este problema afecta a WooCommerce Warranty Requests: desde n/a hasta 2.2.7."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Woo WooCommerce Ship to Multiple Addresses. Este problema afecta a WooCommerce Ship to Multiple Addresses: desde n/a hasta 3.8.9."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en ExpressTech Quiz And Survey Master. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.1.16."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de falta de autorizaci\u00f3n en el complemento Business Directory Team Business Directory. Este problema afecta al complemento Business Directory: desde n/a hasta 6.3.9."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through 0.3.0.7."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en WriterSystem WooCommerce Easy Duplicate Product. Este problema afecta al producto WooCommerce Easy Duplicate: desde n/a hasta 0.3.0.7."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Pluggabl LLC Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.3."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Pluggabl LLC Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.2."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2023-11-29T12:15:07.077",
|
||||
"lastModified": "2024-01-31T17:15:23.017",
|
||||
"vulnStatus": "Modified",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"cisaExploitAdd": "2023-11-30",
|
||||
"cisaActionDue": "2023-12-21",
|
||||
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Simple Sitemap \u2013 Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento Simple Sitemap \u2013 Create a Responsive HTML Sitemap para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.5.13 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en el enlace 'admin_notices' que se encuentra en class-settings.php. Esto hace posible que atacantes no autenticados restablezcan las opciones del complemento a un estado predeterminado mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La implementaci\u00f3n inadecuada en Google Updatetor anterior a la versi\u00f3n 1.3.36.351 en Google Chrome permiti\u00f3 a un atacante local realizar una escalada de privilegios a trav\u00e9s de un archivo malicioso. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El software NVIDIA vGPU para Linux contiene una vulnerabilidad en Virtual GPU Manager, donde el sistema operativo invitado podr\u00eda ejecutar operaciones privilegiadas. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de datos, la escalada de privilegios y la denegaci\u00f3n de servicio."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El software NVIDIA vGPU para Windows y Linux contiene una vulnerabilidad por la que usuarios sin privilegios podr\u00edan ejecutar operaciones privilegiadas en el host. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar manipulaci\u00f3n de datos, escalada de privilegios y denegaci\u00f3n de servicio."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El software NVIDIA vGPU para Linux contiene una vulnerabilidad en la que el software puede eliminar la referencia a un puntero NULL. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio y un comportamiento indefinido en el complemento vGPU."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la que se podr\u00eda revelar informaci\u00f3n de un cliente anterior u otro proceso. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la divulgaci\u00f3n de informaci\u00f3n o la manipulaci\u00f3n de datos."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El controlador de GPU NVIDIA para Windows y Linux contiene una vulnerabilidad en la que un usuario puede provocar una escritura fuera de los l\u00edmites. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El controlador de pantalla GPU NVIDIA para Windows y Linux contiene una vulnerabilidad en la que un usuario puede provocar una desreferencia de un puntero que no es de confianza ejecutando una API del controlador. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El controlador NVIDIA GPU para Windows y Linux contiene una vulnerabilidad en la que una verificaci\u00f3n incorrecta o un manejo inadecuado de las condiciones de excepci\u00f3n podr\u00edan provocar una denegaci\u00f3n de servicio."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El software NVIDIA GPU para Linux contiene una vulnerabilidad que puede exponer informaci\u00f3n confidencial a un actor que no est\u00e1 autorizado expl\u00edcitamente para tener acceso a esa informaci\u00f3n. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El software NVIDIA vGPU para Linux contiene una vulnerabilidad en Virtual GPU Manager, donde una VM invitada que no es de confianza puede provocar un control inadecuado de la frecuencia de interacci\u00f3n en el host. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "NVIDIA Triton Inference Server para Linux y Windows contiene una vulnerabilidad en la que un usuario puede inyectar registros falsificados y comandos ejecutables inyectando datos arbitrarios como una nueva entrada de registro. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El software NVIDIA vGPU para Linux contiene una vulnerabilidad en Virtual GPU Manager, donde el sistema operativo invitado podr\u00eda provocar un desbordamiento del b\u00fafer en el host. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de datos, la escalada de privilegios y la denegaci\u00f3n de servicio."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. A successful exploit of this vulnerability may lead to information disclosure."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "NVIDIA Triton Inference Server para Linux contiene una vulnerabilidad en la que un usuario puede provocar un problema de inicializaci\u00f3n incorrecta del recurso por red. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a la divulgaci\u00f3n de informaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de desbordamiento de b\u00fafer basado en pila de an\u00e1lisis de v\u00eddeo GStreamer AV1. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de GStreamer. Se requiere la interacci\u00f3n con esta librer\u00eda para aprovechar esta vulnerabilidad, pero los vectores de ataque pueden variar seg\u00fan la implementaci\u00f3n. La falla espec\u00edfica existe en el an\u00e1lisis de los datos de la lista de mosaicos dentro de archivos de video codificados con AV1. El problema se debe a la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos en un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22873."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento Schema App Structured Data para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.2.0 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n MarkUpdate. Esto hace posible que atacantes no autenticados actualicen y eliminen metadatos de publicaciones a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-06-13T09:15:09.170",
|
||||
"lastModified": "2024-06-13T18:35:19.777",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n make_staff() en todas las versiones hasta la 1.0.21 incluida. Esto hace posible que atacantes no autenticados otorguen permisos de personal a los usuarios."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento events-calendar-pro de WordPress anterior a 6.4.0.1, el complemento Events Calendar WordPress anterior a 6.4.0.1 no impide que los usuarios con al menos el rol de colaborador filtren detalles sobre eventos a los que no deber\u00edan tener acceso. (por ejemplo, eventos protegidos con contrase\u00f1a, borradores, etc.)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-06-13T09:15:09.470",
|
||||
"lastModified": "2024-06-13T18:35:19.777",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High)"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La implementaci\u00f3n inadecuada en Google Updatetor anterior a 1.3.36.351 en Google Chrome permiti\u00f3 a un atacante local eludir el control de acceso discrecional a trav\u00e9s de un archivo malicioso. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "ykramarz@cisco.com",
|
||||
"published": "2024-06-05T17:15:12.107",
|
||||
"lastModified": "2024-06-06T14:17:35.017",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Icegram. Este problema afecta a Icegram: desde n/a hasta 3.1.21."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento Best WordPress Gallery Plugin \u2013 FooGallery de WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de URL personalizadas de la galer\u00eda de \u00e1lbumes en todas las versiones hasta la 2.4.15 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en usuarios y clientes de importaci\u00f3n y exportaci\u00f3n de Codection. Este problema afecta a los usuarios y clientes de importaci\u00f3n y exportaci\u00f3n: desde n/a hasta 1.24.6."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El servicio de lanzamiento de aplicaciones paralelas (PALS) de HPE Cray est\u00e1 sujeto a una omisi\u00f3n de autenticaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento LuckyWP Table of Contents de WordPress hasta la versi\u00f3n 2.1.4 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en WPManageNinja LLC Ninja Tables. Este problema afecta a Ninja Tables: desde n/a hasta 5.0.5."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en el equipo de soporte de Awesome Awesome Support. Este problema afecta a Awesome Support: desde n/a hasta 6.1.6."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@golang.org",
|
||||
"published": "2024-06-05T16:15:10.470",
|
||||
"lastModified": "2024-06-10T18:15:26.897",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "security@golang.org",
|
||||
"published": "2024-06-05T16:15:10.560",
|
||||
"lastModified": "2024-06-10T18:15:26.953",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "If exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Si es explotado, un atacante podr\u00eda atravesar el sistema de archivos para acceder a archivos o directorios que de otro modo ser\u00edan inaccesibles."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Permitir a los atacantes interceptar o falsificar los intercambios de datos entre el cliente y el servidor."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El complemento LatePoint Plugin para WordPress es vulnerable al acceso no autorizado a los datos y a su modificaci\u00f3n debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'start_or_use_session_for_customer' en todas las versiones hasta la 4.9.9 incluida. Esto hace posible que atacantes no autenticados vean los gabinetes de otros clientes, incluida la capacidad de ver PII, como direcciones de correo electr\u00f3nico, y cambiar su contrase\u00f1a de usuario de LatePoint, que puede estar asociada o no con una cuenta de WordPress."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en XLPlugins NextMove Lite. Este problema afecta a NextMove Lite: desde n/a hasta 2.17.0."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.\u00a0\n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Uso de la vulnerabilidad de cach\u00e9 del navegador web que contiene informaci\u00f3n confidencial en Apache Airflow. Airflow no devolvi\u00f3 el encabezado \"Cache-Control\" para contenido din\u00e1mico, lo que en el caso de algunos navegadores podr\u00eda resultar en el almacenamiento de datos confidenciales en la cach\u00e9 local del navegador. Este problema afecta a Apache Airflow: antes de 2.9.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.9.2, que soluciona el problema."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX. Este problema afecta la consulta del cat\u00e1logo de productos para WooCommerce de MultiVendorX: desde n/a hasta 5.0.5."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@adobe.com",
|
||||
"published": "2024-06-13T08:15:50.307",
|
||||
"lastModified": "2024-06-13T18:36:09.010",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@adobe.com",
|
||||
"published": "2024-06-13T08:15:56.017",
|
||||
"lastModified": "2024-06-13T18:35:19.777",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@adobe.com",
|
||||
"published": "2024-06-13T08:15:56.483",
|
||||
"lastModified": "2024-06-13T18:35:19.777",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@adobe.com",
|
||||
"published": "2024-06-13T08:15:56.710",
|
||||
"lastModified": "2024-06-13T18:35:19.777",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@adobe.com",
|
||||
"published": "2024-06-13T08:15:56.943",
|
||||
"lastModified": "2024-06-13T18:35:19.777",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@adobe.com",
|
||||
"published": "2024-06-13T08:15:59.240",
|
||||
"lastModified": "2024-06-13T18:35:19.777",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@adobe.com",
|
||||
"published": "2024-06-13T08:15:59.917",
|
||||
"lastModified": "2024-06-13T18:35:19.777",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
"sourceIdentifier": "psirt@adobe.com",
|
||||
"published": "2024-06-13T08:16:00.140",
|
||||
"lastModified": "2024-06-13T18:35:19.777",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones < V2312.0004), Parasolid V35.1 (Todas las versiones < V35.1.254), Parasolid V36.0 (Todas las versiones < V36.0.207), Parasolid V36.1 (Todas las versiones < V36.1.147), Teamcenter Visualization V14.2 (todas las versiones), Teamcenter Visualization V14.3 (todas las versiones < V14.3.0.9), Teamcenter Visualization V2312 (todas las versiones < V2312.0004). Las aplicaciones afectadas contienen una lectura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de una estructura asignada mientras analizan archivos X_T especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones < V2312.0004), Parasolid V35.1 (Todas las versiones < V35.1.254), Parasolid V36.0 (Todas las versiones < V36.0.207), Parasolid V36.1 (Todas las versiones < V36.1.147), Teamcenter Visualization V14.2 (todas las versiones), Teamcenter Visualization V14.3 (todas las versiones < V14.3.0.9), Teamcenter Visualization V2312 (todas las versiones < V2312.0004). La aplicaci\u00f3n afectada contiene una vulnerabilidad de agotamiento de pila mientras analiza un archivo X_T especialmente manipulado. Esto podr\u00eda permitir que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones < V2312.0004), Parasolid V35.1 (Todas las versiones < V35.1.254), Parasolid V36.0 (Todas las versiones < V36.0.207), Parasolid V36.1 (Todas las versiones < V36.1.147), Teamcenter Visualization V14.2 (todas las versiones), Teamcenter Visualization V14.3 (todas las versiones < V14.3.0.9), Teamcenter Visualization V2312 (todas las versiones < V2312.0004). Las aplicaciones afectadas contienen una vulnerabilidad de desreferencia de puntero nulo al analizar archivos X_T especialmente manipulados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n y provocar una condici\u00f3n de denegaci\u00f3n de servicio."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un problema en FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 y anteriores permite a un atacante local escalar privilegios a trav\u00e9s de la llamada DeviceIoControl asociada con los componentes MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPaggedPool o MmMapLockedPages."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user