admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-11T14:01:08.847525+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-11 14:03:59 +00:00
parent b21a901b9b
commit 2873a6ef44
173 changed files with 2210 additions and 449 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-118xx/CVE-2020-11843.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-11843",
"sourceIdentifier": "security@opentext.com",
"published": "2024-06-11T08:15:48.213",
"lastModified": "2024-06-11T08:15:48.213",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
},
{
"lang": "es",
"value": "Esto permite la exposici\u00f3n de la informaci\u00f3n a usuarios no autorizados. Este problema afecta a NetIQ Access Manager con la versi\u00f3n 4.5 o anterior"
}
],
"metrics": {

8
CVE-2022/CVE-2022-370xx/CVE-2022-37019.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-37019",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-06-10T23:15:49.413",
"lastModified": "2024-06-10T23:15:49.413",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities."
},
{
"lang": "es",
"value": "Se han identificado posibles vulnerabilidades en el BIOS del sistema para ciertos productos de PC HP que pueden permitir la escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo. HP est\u00e1 lanzando actualizaciones de firmware para mitigar las posibles vulnerabilidades."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-370xx/CVE-2022-37020.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-37020",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-06-10T23:15:49.503",
"lastModified": "2024-06-10T23:15:49.503",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities."
},
{
"lang": "es",
"value": "Se han identificado posibles vulnerabilidades en el BIOS del sistema para ciertos productos de PC HP, que podr\u00edan permitir la escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo. HP est\u00e1 lanzando actualizaciones de firmware para mitigar las posibles vulnerabilidades."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-257xx/CVE-2023-25799.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-25799",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T10:15:10.070",
"lastModified": "2024-06-11T10:15:10.070",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Themeum Tutor LMS. Este problema afecta a Tutor LMS: desde n/a hasta 2.1.8."
}
],
"metrics": {

8
CVE-2023/CVE-2023-287xx/CVE-2023-28775.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28775",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T10:15:11.050",
"lastModified": "2024-06-11T10:15:11.050",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Yoast Yoast SEO Premium. Este problema afecta a Yoast SEO Premium: desde n/a hasta 20.4."
}
],
"metrics": {

8
CVE-2023/CVE-2023-339xx/CVE-2023-33922.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-33922",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T10:15:11.370",
"lastModified": "2024-06-11T10:15:11.370",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Elementor Elementor Website Builder. Este problema afecta a Elementor Website Builder: desde n/a hasta 3.13.2."
}
],
"metrics": {

12
CVE-2023/CVE-2023-383xx/CVE-2023-38380.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-38380",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:11.477",
"lastModified": "2024-03-12T11:15:46.323",
"lastModified": "2024-06-11T12:15:10.630",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions < V3.0.37), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.\r\n\r\nAn attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product."
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions < V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.\r\n\r\nAn attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product."
},
{
"lang": "es",
@ -376,6 +376,14 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693975.html",
"source": "productcert@siemens.com"

8
CVE-2023/CVE-2023-385xx/CVE-2023-38524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38524",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:15.627",
"lastModified": "2024-02-01T02:23:20.833",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:10.860",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf",
"source": "productcert@siemens.com",

8
CVE-2023/CVE-2023-385xx/CVE-2023-38525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38525",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:15.723",
"lastModified": "2024-02-16T14:15:06.320",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:11.073",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf",
"source": "productcert@siemens.com",

8
CVE-2023/CVE-2023-385xx/CVE-2023-38526.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38526",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:15.817",
"lastModified": "2024-02-16T14:15:33.800",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:11.213",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf",
"source": "productcert@siemens.com",

10
CVE-2023/CVE-2023-385xx/CVE-2023-38527.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-38527",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:15.923",
"lastModified": "2024-01-21T02:59:48.543",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
@ -128,6 +128,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf",
"source": "productcert@siemens.com",

8
CVE-2023/CVE-2023-385xx/CVE-2023-38528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38528",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:16.023",
"lastModified": "2024-01-21T03:00:42.907",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:11.500",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf",
"source": "productcert@siemens.com",

10
CVE-2023/CVE-2023-385xx/CVE-2023-38529.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-38529",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:16.127",
"lastModified": "2024-01-21T03:01:28.550",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:11.633",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf",
"source": "productcert@siemens.com",

8
CVE-2023/CVE-2023-385xx/CVE-2023-38530.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38530",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:16.220",
"lastModified": "2024-01-21T03:02:12.170",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:11.777",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf",
"source": "productcert@siemens.com",

10
CVE-2023/CVE-2023-385xx/CVE-2023-38531.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-38531",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:16.317",
"lastModified": "2023-12-27T19:09:56.817",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:11.907",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf",
"source": "productcert@siemens.com",

22
CVE-2023/CVE-2023-385xx/CVE-2023-38532.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38532",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:16.403",
"lastModified": "2023-12-22T15:16:50.043",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:12.053",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
"impactScore": 1.4
}
]
},
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf",
"source": "productcert@siemens.com",

55
CVE-2023/CVE-2023-385xx/CVE-2023-38533.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38533",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-06-11T12:15:12.297",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-379"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-319319.html",
"source": "productcert@siemens.com"
}
]
}

2
CVE-2023/CVE-2023-443xx/CVE-2023-44321.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44321",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.973",
"lastModified": "2024-03-12T11:15:46.980",
"lastModified": "2024-06-11T12:15:12.800",
"vulnStatus": "Modified",
"descriptions": [
{

14
CVE-2023/CVE-2023-481xx/CVE-2023-48193.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-48193",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T21:15:08.373",
"lastModified": "2023-12-04T17:41:43.977",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T12:15:13.230",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function."
"value": "Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files."
},
{
"lang": "es",
@ -75,6 +75,10 @@
"Product"
]
},
{
"url": "https://blog.fit2cloud.com/?p=8cf83cd9-c23b-4625-9350-38926fb7f88e",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md",
"source": "cve@mitre.org",
@ -89,6 +93,10 @@
"tags": [
"Product"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/issues/13394",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-483xx/CVE-2023-48363.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-48363",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:45.763",
"lastModified": "2024-02-13T14:01:07.747",
"lastModified": "2024-06-11T12:15:13.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server."
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-483xx/CVE-2023-48364.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-48364",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:45.980",
"lastModified": "2024-02-13T14:01:07.747",
"lastModified": "2024-06-11T12:15:13.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server."
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server."
},
{
"lang": "es",

63
CVE-2023/CVE-2023-507xx/CVE-2023-50763.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-50763",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-06-11T12:15:13.763",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of affected products, if configured to allow the import of PKCS12 containers, could end up in an infinite loop when processing incomplete certificate chains.\r\n\r\nThis could allow an authenticated remote attacker to create a denial of service condition by importing specially crafted PKCS12 containers."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html",
"source": "productcert@siemens.com"
}
]
}

8
CVE-2023/CVE-2023-521xx/CVE-2023-52179.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52179",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T11:15:48.857",
"lastModified": "2024-06-11T11:15:48.857",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en WebCodingPlace Product Expiry for WooCommerce. Este problema afecta a Product Expiry for WooCommerce: desde n/a hasta 2.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-521xx/CVE-2023-52186.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52186",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T10:15:11.617",
"lastModified": "2024-06-11T10:15:11.617",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Woo WooCommerce Product Vendors. Este problema afecta a WooCommerce Product Vendors: desde n/a hasta 2.2.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-522xx/CVE-2023-52217.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52217",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T10:15:11.853",
"lastModified": "2024-06-11T10:15:11.853",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en weDevs WooCommerce Conversion Tracking. Este problema afecta a WooCommerce Conversion Tracking: desde n/a hasta 2.0.11."
}
],
"metrics": {

8
CVE-2023/CVE-2023-67xx/CVE-2023-6745.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6745",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-11T03:15:09.087",
"lastModified": "2024-06-11T03:15:09.087",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Custom Field Template para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'cpt' del complemento en todas las versiones hasta la 2.6.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en la meta de publicaci\u00f3n proporcionada por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2023/CVE-2023-67xx/CVE-2023-6748.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6748",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-11T03:15:09.310",
"lastModified": "2024-06-11T03:15:09.310",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata."
},
{
"lang": "es",
"value": "El complemento Custom Field Template para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.6.1 incluida a trav\u00e9s del c\u00f3digo corto 'cft'. Esto hace posible que atacantes autenticados con acceso de colaborador y superior extraigan datos confidenciales, incluidos metadatos de publicaciones arbitrarias."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7264.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7264",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-11T04:15:11.987",
"lastModified": "2024-06-11T04:15:11.987",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code."
},
{
"lang": "es",
"value": "El complemento Build App Online para WordPress es vulnerable a la apropiaci\u00f3n de cuentas debido a un mecanismo d\u00e9bil de restablecimiento de contrase\u00f1a en todas las versiones hasta la 1.0.21 incluida. Esto hace posible que atacantes no autenticados restablezcan la contrase\u00f1a de usuarios arbitrarios adivinando un c\u00f3digo de restablecimiento num\u00e9rico de 4 d\u00edgitos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0627.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0627",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-11T03:15:09.520",
"lastModified": "2024-06-11T03:15:09.520",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Custom Field Template para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la columna de nombre de campo personalizado del complemento en todas las versiones hasta la 2.6.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los campos personalizados proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0653.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0653",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-11T03:15:09.723",
"lastModified": "2024-06-11T03:15:09.723",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento Custom Field Template para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 2.6.1 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {

8
CVE-2024/CVE-2024-222xx/CVE-2024-22244.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22244",
"sourceIdentifier": "security@vmware.com",
"published": "2024-06-10T23:15:49.590",
"lastModified": "2024-06-10T23:15:49.590",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Open Redirect in Harbor\u00a0 <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site."
},
{
"lang": "es",
"value": "Open Redirect en Harbor &lt;=v2.8.4, &lt;=v2.9.2 y &lt;=v2.10.0 puede redirigir a un usuario a un sitio malicioso."
}
],
"metrics": {

8
CVE-2024/CVE-2024-222xx/CVE-2024-22261.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22261",
"sourceIdentifier": "security@vmware.com",
"published": "2024-06-11T00:15:13.790",
"lastModified": "2024-06-11T00:15:13.790",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL-Injection in Harbor allows priviledge users to leak the task IDs"
},
{
"lang": "es",
"value": "La inyecci\u00f3n SQL en Harbour permite a los usuarios con privilegios filtrar los ID de las tareas"
}
],
"metrics": {

8
CVE-2024/CVE-2024-232xx/CVE-2024-23251.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23251",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:49.430",
"lastModified": "2024-06-11T08:15:48.553",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de autenticaci\u00f3n con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 y iPadOS 17.5, iOS 16.7.8 y iPadOS 16.7.8. Un atacante con acceso f\u00edsico puede filtrar las credenciales de la cuenta de correo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23282.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23282",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:49.503",
"lastModified": "2024-06-11T08:15:48.650",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 y iPadOS 17.5, iOS 16.7.8 y iPadOS 16.7.8. Un correo electr\u00f3nico creado con fines malintencionados puede iniciar llamadas FaceTime sin la autorizaci\u00f3n del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-247xx/CVE-2024-24704.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24704",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T10:15:12.087",
"lastModified": "2024-06-11T10:15:12.087",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en AddonMaster Load More Anything. Este problema afecta a Load More Anything: desde n/a hasta 3.3.3."
}
],
"metrics": {

32
CVE-2024/CVE-2024-24xx/CVE-2024-2461.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-2461",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T13:15:49.750",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "If exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible"
}
],
"metrics": {},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

32
CVE-2024/CVE-2024-24xx/CVE-2024-2462.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-2462",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T13:15:49.910",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Allow attackers to intercept or falsify data exchanges between the client \nand the server"
}
],
"metrics": {},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-297"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

8
CVE-2024/CVE-2024-24xx/CVE-2024-2473.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2473",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-11T03:15:10.183",
"lastModified": "2024-06-11T03:15:10.183",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin."
},
{
"lang": "es",
"value": "El complemento WPS Hide Login para WordPress es vulnerable a la divulgaci\u00f3n de la p\u00e1gina de inicio de sesi\u00f3n en todas las versiones hasta la 1.9.15.2 incluida. Esto se debe a una omisi\u00f3n que se crea cuando se proporciona el par\u00e1metro 'action=postpass'. Esto hace posible que los atacantes descubran f\u00e1cilmente cualquier p\u00e1gina de inicio de sesi\u00f3n que pueda haber sido ocultada por el complemento."
}
],
"metrics": {

8
CVE-2024/CVE-2024-262xx/CVE-2024-26275.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-26275",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-04-09T09:15:24.260",
"lastModified": "2024-04-09T12:48:04.090",
"lastModified": "2024-06-11T12:15:14.017",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
@ -50,6 +50,10 @@
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html",
"source": "productcert@siemens.com"
}
]
}

8
CVE-2024/CVE-2024-262xx/CVE-2024-26276.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-26276",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-04-09T09:15:24.457",
"lastModified": "2024-04-09T12:48:04.090",
"lastModified": "2024-06-11T12:15:14.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
}
],
"metrics": {
@ -50,6 +50,10 @@
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html",
"source": "productcert@siemens.com"
}
]
}

8
CVE-2024/CVE-2024-262xx/CVE-2024-26277.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-26277",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-04-09T09:15:24.670",
"lastModified": "2024-04-09T12:48:04.090",
"lastModified": "2024-06-11T12:15:14.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
}
],
"metrics": {
@ -50,6 +50,10 @@
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html",
"source": "productcert@siemens.com"
}
]
}

8
CVE-2024/CVE-2024-277xx/CVE-2024-27799.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27799",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:49.607",
"lastModified": "2024-06-11T08:15:48.860",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 con comprobaciones de derechos adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8. Una aplicaci\u00f3n sin privilegios puede registrar pulsaciones de teclas en otras aplicaciones, incluidas aquellas que utilizan el modo de entrada segura."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27800.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27800",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:49.683",
"lastModified": "2024-06-11T08:15:48.930",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Procesar un mensaje elaborado con fines malintencionados puede provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27801.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27801",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:49.770",
"lastModified": "2024-06-11T08:15:49.007",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicaci\u00f3n pueda elevar los privilegios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27802.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27802",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:49.860",
"lastModified": "2024-06-11T08:15:49.077",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 una lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27805.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27805",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:49.943",
"lastModified": "2024-06-11T08:15:49.147",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema con la validaci\u00f3n mejorada de las variables de entorno. Este problema se solucion\u00f3 en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27806.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27806",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.020",
"lastModified": "2024-06-11T08:15:49.217",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "Este problema se abord\u00f3 con una mejor sanitizaci\u00f3n del medio ambiente. Este problema se solucion\u00f3 en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27807.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27807",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.093",
"lastModified": "2024-06-11T08:15:49.287",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.5 y iPadOS 17.5, iOS 16.7.8 y iPadOS 16.7.8. Es posible que una aplicaci\u00f3n pueda eludir el registro del Informe de privacidad de la aplicaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27808.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27808",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.160",
"lastModified": "2024-06-10T21:15:50.160",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27811.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27811",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.230",
"lastModified": "2024-06-11T08:15:49.427",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicaci\u00f3n pueda elevar los privilegios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27812.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27812",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.300",
"lastModified": "2024-06-10T21:15:50.300",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con mejoras en el protocolo de manejo de archivos. Este problema se solucion\u00f3 en visionOS 1.2. El procesamiento de contenido web puede dar lugar a una denegaci\u00f3n de servicio."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27814.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27814",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.373",
"lastModified": "2024-06-11T08:15:49.493",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen."
},
{
"lang": "es",
"value": "Esta cuesti\u00f3n se abord\u00f3 mediante una mejora de gesti\u00f3n de estado. Este problema se solucion\u00f3 en watchOS 10.5. Una persona con acceso f\u00edsico a un dispositivo puede ver la informaci\u00f3n de contacto desde la pantalla de bloqueo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27815.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27815",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.440",
"lastModified": "2024-06-11T08:15:49.553",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de escritura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27817.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27817",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.547",
"lastModified": "2024-06-11T08:15:49.630",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27819.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27819",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.623",
"lastModified": "2024-06-11T08:15:49.770",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se solucion\u00f3 en iOS 17.5 y iPadOS 17.5. Un atacante con acceso f\u00edsico puede acceder a los contactos desde la pantalla de bloqueo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27820.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27820",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.693",
"lastModified": "2024-06-10T21:15:50.693",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en tvOS 17.5, iOS 16.7.8 y iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27828.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27828",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.773",
"lastModified": "2024-06-11T08:15:49.950",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 y iPadOS 17.5. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27830.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27830",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.843",
"lastModified": "2024-06-10T21:15:50.843",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user."
},
{
"lang": "es",
"value": "Esta cuesti\u00f3n se abord\u00f3 mediante una mejora de gesti\u00f3n de estado. Este problema se solucion\u00f3 en tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una p\u00e1gina web creada con fines malintencionados puede tomar huellas digitales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27831.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27831",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:50.927",
"lastModified": "2024-06-11T08:15:50.017",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de escritura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. El procesamiento de un archivo puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27832.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27832",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.007",
"lastModified": "2024-06-11T08:15:50.127",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicaci\u00f3n pueda elevar los privilegios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27833.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27833",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.090",
"lastModified": "2024-06-10T21:15:51.090",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un desbordamiento de enteros con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en tvOS 17.5, iOS 16.7.8 y iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27836.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27836",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.167",
"lastModified": "2024-06-11T08:15:50.193",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 y iPadOS 17.5. El procesamiento de una imagen creada con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27838.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27838",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.240",
"lastModified": "2024-06-10T21:15:51.240",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user."
},
{
"lang": "es",
"value": "El problema se abord\u00f3 agregando l\u00f3gica adicional. Este problema se solucion\u00f3 en tvOS 17.5, iOS 16.7.8 y iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una p\u00e1gina web creada con fines malintencionados puede tomar huellas digitales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27840.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27840",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.313",
"lastModified": "2024-06-11T08:15:50.260",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5. Un atacante que ya haya logrado la ejecuci\u00f3n del c\u00f3digo del kernel puede ser capaz de eludir las protecciones de la memoria del kernel."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-278xx/CVE-2024-27844.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27844",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.390",
"lastModified": "2024-06-11T10:15:12.313",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-278xx/CVE-2024-27845.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27845",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.467",
"lastModified": "2024-06-11T08:15:50.457",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucion\u00f3 en iOS 17.5 y iPadOS 17.5. Es posible que una aplicaci\u00f3n pueda acceder a los archivos adjuntos de Notas."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27848.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27848",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.530",
"lastModified": "2024-06-11T08:15:50.593",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. A malicious app may be able to gain root privileges."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 mejorando la verificaci\u00f3n de permisos. Este problema se solucion\u00f3 en macOS Sonoma 14.5, iOS 17.5 y iPadOS 17.5. Es posible que una aplicaci\u00f3n maliciosa pueda obtener privilegios de root."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27850.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27850",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.607",
"lastModified": "2024-06-10T21:15:51.607",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 con mejoras en el algoritmo de inyecci\u00f3n de ruido. Este problema se solucion\u00f3 en visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 y iPadOS 17.5. Una p\u00e1gina web creada con fines malintencionados puede tomar huellas digitales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27851.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27851",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.680",
"lastModified": "2024-06-10T21:15:51.680",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27855.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27855",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.753",
"lastModified": "2024-06-11T08:15:50.653",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 y iPadOS 17.5, iOS 16.7.8 y iPadOS 16.7.8. Un acceso directo puede utilizar datos confidenciales con determinadas acciones sin avisar al usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27857.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27857",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.833",
"lastModified": "2024-06-11T08:15:50.720",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de acceso fuera de los l\u00edmites mejorando la verificaci\u00f3n de los l\u00edmites. Este problema se solucion\u00f3 en visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 y iPadOS 17.5. Un atacante remoto puede provocar la finalizaci\u00f3n inesperada de una aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27885.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27885",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-06-10T21:15:51.903",
"lastModified": "2024-06-11T08:15:50.787",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. An app may be able to modify protected parts of the file system."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 con una validaci\u00f3n mejorada de los enlaces simb\u00f3licos. Este problema se solucion\u00f3 en macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. Es posible que una aplicaci\u00f3n pueda modificar partes protegidas del sistema de archivos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-281xx/CVE-2024-28164.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28164",
"sourceIdentifier": "cna@sap.com",
"published": "2024-06-11T03:15:09.953",
"lastModified": "2024-06-11T10:15:12.450",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS Java (CAF - Guided Procedures)\nallows an unauthenticated user to access non-sensitive information about the\nserver which would otherwise be restricted causing low impact on\nconfidentiality of the application."
},
{
"lang": "es",
"value": "SAP NetWeaver AS Java (CAF - Procedimientos guiados) permite que un usuario no autenticado acceda a informaci\u00f3n no confidencial sobre el servidor que de otro modo estar\u00eda restringida y causar\u00eda un bajo impacto en la confidencialidad de la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-298xx/CVE-2024-29855.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-29855",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-06-11T04:15:12.953",
"lastModified": "2024-06-11T04:15:12.953",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator"
},
{
"lang": "es",
"value": "El secreto JWT codificado permite omitir la autenticaci\u00f3n en Veeam Recovery Orchestrator"
}
],
"metrics": {

2
CVE-2024/CVE-2024-302xx/CVE-2024-30206.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30206",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:16:45.767",
"lastModified": "2024-05-14T19:18:31.490",
"lastModified": "2024-06-11T12:15:14.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-302xx/CVE-2024-30207.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30207",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:16:47.020",
"lastModified": "2024-05-14T19:18:31.490",
"lastModified": "2024-06-11T12:15:14.520",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-302xx/CVE-2024-30208.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30208",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:16:48.243",
"lastModified": "2024-05-14T19:18:31.490",
"lastModified": "2024-06-11T12:15:14.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-302xx/CVE-2024-30209.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30209",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:16:49.580",
"lastModified": "2024-05-14T19:18:31.490",
"lastModified": "2024-06-11T12:15:14.740",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

6
CVE-2024/CVE-2024-302xx/CVE-2024-30212.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30212",
"sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"published": "2024-05-28T16:15:15.673",
"lastModified": "2024-05-28T17:11:47.007",
"lastModified": "2024-06-11T12:15:14.847",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -28,6 +28,10 @@
}
],
"references": [
{
"url": "https://github.com/Fehr-GmbH/blackleak",
"source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5"
},
{
"url": "https://github.com/Microchip-MPLAB-Harmony/core/blob/master/release_notes.md",
"source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5"

8
CVE-2024/CVE-2024-313xx/CVE-2024-31397.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31397",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-11T06:15:10.057",
"lastModified": "2024-06-11T06:15:10.057",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition."
},
{
"lang": "es",
"value": "Existe un problema de manejo inadecuado de valores adicionales en Cybozu Garoon 5.0.0 a 5.15.2. Si se explota esta vulnerabilidad, un usuario que pueda iniciar sesi\u00f3n en el producto con privilegios administrativos puede provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-313xx/CVE-2024-31398.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31398",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-11T06:15:10.347",
"lastModified": "2024-06-11T06:15:10.347",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users."
},
{
"lang": "es",
"value": "Existe un problema de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en Cybozu Garoon 5.0.0 a 5.15.2. Si se explota esta vulnerabilidad, un usuario que pueda iniciar sesi\u00f3n en el producto puede obtener informaci\u00f3n sobre la lista de usuarios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-313xx/CVE-2024-31399.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31399",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-11T06:15:10.490",
"lastModified": "2024-06-11T06:15:10.490",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition."
},
{
"lang": "es",
"value": "Existe un consumo excesivo de recursos de la plataforma dentro de un problema de bucle en Cybozu Garoon 5.0.0 a 5.15.2. Si se aprovecha esta vulnerabilidad, el procesamiento de un correo manipulado puede provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-314xx/CVE-2024-31400.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31400",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-11T05:15:53.130",
"lastModified": "2024-06-11T05:15:53.130",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail."
},
{
"lang": "es",
"value": "Existe un problema de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en Cybozu Garoon 5.0.0 a 5.15.0. Si se aprovecha esta vulnerabilidad, es posible que se dejen datos no deseados en el correo reenviado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-314xx/CVE-2024-31401.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31401",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-11T05:15:53.320",
"lastModified": "2024-06-11T05:15:53.320",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting en Cybozu Garoon 5.0.0 a 5.15.2 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario en el navegador web del usuario que inicia sesi\u00f3n en el producto."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-314xx/CVE-2024-31402.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31402",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-11T06:15:10.650",
"lastModified": "2024-06-11T06:15:10.650",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n incorrecta en Cybozu Garoon 5.0.0 a 5.15.2 permite a un atacante autenticado remoto eliminar los datos de tareas pendientes compartidas."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-314xx/CVE-2024-31403.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31403",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-11T05:15:53.397",
"lastModified": "2024-06-11T05:15:53.397",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n incorrecta en Cybozu Garoon 5.0.0 a 6.0.0 permite a un atacante autenticado remoto alterar y/u obtener los datos de Memo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-314xx/CVE-2024-31404.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-31404",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-11T05:15:53.463",
"lastModified": "2024-06-11T05:15:53.463",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler."
},
{
"lang": "es",
"value": "Existe un problema de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en Cybozu Garoon 5.5.0 a 6.0.0, lo que puede permitir que un usuario que pueda iniciar sesi\u00f3n en el producto vea los datos del Programador."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-314xx/CVE-2024-31484.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-31484",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:16:50.260",
"lastModified": "2024-05-14T19:18:31.490",
"lastModified": "2024-06-11T12:15:14.993",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30). The affected device firmwares contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition."
"value": "A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface IEC60870-5-104 (All versions < V10.46), ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 (All versions < V03.27), PCCX26 Ax 1703 PE, Contr, Communication Element (All versions < V06.05). The affected devices contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition."
},
{
"lang": "es",
@ -51,6 +51,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620338.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html",
"source": "productcert@siemens.com"

2
CVE-2024/CVE-2024-314xx/CVE-2024-31485.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31485",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:16:51.033",
"lastModified": "2024-05-14T19:18:31.490",
"lastModified": "2024-06-11T12:15:15.123",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-314xx/CVE-2024-31486.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31486",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:16:51.723",
"lastModified": "2024-05-14T19:18:31.490",
"lastModified": "2024-06-11T12:15:15.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

8
CVE-2024/CVE-2024-328xx/CVE-2024-32849.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-32849",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-06-10T22:15:09.453",
"lastModified": "2024-06-10T22:15:09.453",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own."
},
{
"lang": "es",
"value": "Trend Micro Security 17.x (Consumidor) es afectado por una vulnerabilidad de escalada de privilegios que podr\u00eda permitir a un atacante local eliminar involuntariamente archivos privilegiados de Trend Micro, incluido el suyo propio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-330xx/CVE-2024-33001.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-33001",
"sourceIdentifier": "cna@sap.com",
"published": "2024-06-11T03:15:10.393",
"lastModified": "2024-06-11T03:15:10.393",
"vulnStatus": "Received",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver and ABAP platform allows an\nattacker to impede performance for legitimate users by crashing or flooding the\nservice.\n\n\n\nAn\nimpact of this Denial of Service vulnerability might be long response delays\nand service interruptions, thus degrading the service quality experienced by\nlegitimate users causing high impact on availability of the application."
},
{
"lang": "es",
"value": "La plataforma SAP NetWeaver y ABAP permite a un atacante impedir el rendimiento de usuarios leg\u00edtimos bloqueando o inundando el servicio. Un impacto de esta vulnerabilidad de denegaci\u00f3n de servicio podr\u00eda ser largas demoras en la respuesta e interrupciones del servicio, degradando as\u00ed la calidad del servicio experimentada por los usuarios leg\u00edtimos y causando un alto impacto en la disponibilidad de la aplicaci\u00f3n."
}
],
"metrics": {

2
CVE-2024/CVE-2024-334xx/CVE-2024-33494.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33494",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:17.983",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-06-11T12:15:15.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-334xx/CVE-2024-33495.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33495",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:18.490",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-06-11T12:15:15.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-334xx/CVE-2024-33496.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33496",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:18.930",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-06-11T12:15:15.540",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-334xx/CVE-2024-33497.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33497",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:19.373",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-06-11T12:15:15.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-334xx/CVE-2024-33498.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33498",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:19.793",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-06-11T12:15:15.750",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-334xx/CVE-2024-33499.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33499",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:20.240",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-06-11T12:15:15.850",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

55
CVE-2024/CVE-2024-335xx/CVE-2024-33500.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-33500",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-06-11T12:15:15.957",
"lastModified": "2024-06-11T13:54:12.057",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-540640.html",
"source": "productcert@siemens.com"
}
]
}

2
CVE-2024/CVE-2024-335xx/CVE-2024-33583.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33583",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:21.257",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-06-11T12:15:16.220",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More