admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-04-14T02:00:38.212497+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-04-14 02:03:27 +00:00
parent aa3d5ae015
commit 42d82c730a
604 changed files with 2851 additions and 671 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2012/CVE-2012-05xx/CVE-2012-0507.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2012-06-07T22:55:17.883",
"lastModified": "2022-05-13T14:52:56.053",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"evaluatorImpact": "Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html 'Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)'",
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2012/CVE-2012-50xx/CVE-2012-5076.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2012-10-16T21:55:02.073",
"lastModified": "2017-09-19T01:35:25.370",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"evaluatorImpact": "Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\r\n\r\n\"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)\"",
"cisaExploitAdd": "2022-03-28",
"cisaActionDue": "2022-04-18",

2
CVE-2013/CVE-2013-04xx/CVE-2013-0422.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2013-01-10T21:55:00.777",
"lastModified": "2014-02-21T04:56:53.360",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"evaluatorImpact": "Per: http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html\r\n\r\n'Note: JDK and JRE 6, 5.0 and 1.4.2, and Java SE Embedded JRE releases are not affected.'",
"cisaExploitAdd": "2022-05-25",
"cisaActionDue": "2022-06-15",

2
CVE-2013/CVE-2013-04xx/CVE-2013-0431.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2013-01-31T14:55:01.327",
"lastModified": "2017-09-19T01:35:40.247",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"evaluatorComment": "Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html\r\n\r\n\"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)\"",
"cisaExploitAdd": "2022-05-25",
"cisaActionDue": "2022-06-15",

2
CVE-2013/CVE-2013-24xx/CVE-2013-2423.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2013-04-17T18:55:07.087",
"lastModified": "2017-09-19T01:36:17.280",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2022-05-25",
"cisaActionDue": "2022-06-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",

2
CVE-2013/CVE-2013-24xx/CVE-2013-2465.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2013-06-18T22:55:02.807",
"lastModified": "2022-05-13T14:52:56.247",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"evaluatorComment": "Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html\r\n\r\n'Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.'",
"cisaExploitAdd": "2022-03-28",
"cisaActionDue": "2022-04-18",

2
CVE-2019/CVE-2019-251xx/CVE-2019-25160.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:06.930",
"lastModified": "2024-02-26T22:10:40.463",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2019/CVE-2019-251xx/CVE-2019-25162.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:07.043",
"lastModified": "2024-02-26T22:10:40.463",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2020/CVE-2020-367xx/CVE-2020-36775.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:07.103",
"lastModified": "2024-02-26T22:10:40.463",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2021/CVE-2021-469xx/CVE-2021-46904.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:45.260",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2021/CVE-2021-469xx/CVE-2021-46905.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:45.367",
"lastModified": "2024-04-04T14:15:08.703",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2021/CVE-2021-469xx/CVE-2021-46906.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:07.160",
"lastModified": "2024-02-26T22:10:40.463",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2021/CVE-2021-469xx/CVE-2021-46908.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:06.977",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2021/CVE-2021-469xx/CVE-2021-46909.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:07.130",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2021/CVE-2021-469xx/CVE-2021-46910.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:07.307",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2021/CVE-2021-469xx/CVE-2021-46912.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T07:15:07.613",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-446xx/CVE-2022-44633.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en YITH YITH WooCommerce Gift Cards Premium. Este problema afecta a YITH WooCommerce Gift Cards Premium: desde n/a hasta 3.23.1."
}
],
"metrics": {

4
CVE-2022/CVE-2022-476xx/CVE-2022-47604.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de falta de autorizaci\u00f3n en junkcoder, ristoniinemets AJAX Thumbnail Rebuild. Este problema afecta a AJAX Thumbnail Rebuild: desde n/a hasta 1.13."
}
],
"metrics": {

2
CVE-2022/CVE-2022-486xx/CVE-2022-48626.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:45.720",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-49xx/CVE-2022-4965.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018target_id\u2019 parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Invitation Code Content Restriction Plugin from CreativeMinds para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'target_id' en todas las versiones hasta la 1.5.4 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

4
CVE-2023/CVE-2023-276xx/CVE-2023-27607.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en WP Swings Points and Rewards para WooCommerce. Este problema afecta a Points and Rewards for WooCommerce: desde n/a hasta 1.5.0."
}
],
"metrics": {

4
CVE-2023/CVE-2023-27xx/CVE-2023-2794.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver()."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en ofono, una telefon\u00eda de c\u00f3digo abierto en Linux. Se activa un error de desbordamiento de pila dentro de la funci\u00f3n decode_deliver() durante la decodificaci\u00f3n de SMS. Se supone que se puede acceder al escenario del ataque desde un m\u00f3dem comprometido, una estaci\u00f3n base maliciosa o simplemente un SMS. Hay una verificaci\u00f3n vinculada para esta longitud de memcpy en decode_submit(), pero se olvid\u00f3 en decode_deliver()."
}
],
"metrics": {

4
CVE-2023/CVE-2023-322xx/CVE-2023-32295.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Alex Tselegidis Easy!Appointments. Este problema afecta a Easy!Appointments: desde n/a hasta 1.3.2."
}
],
"metrics": {

4
CVE-2023/CVE-2023-384xx/CVE-2023-38408.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009."
},
{
"lang": "es",
"value": "La caracter\u00edstica PKCS#11 en ssh-agent en OpenSSH anterior a 9.3p2 tiene una ruta de b\u00fasqueda insuficientemente confiable, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo si un agente se reenv\u00eda a un sistema controlado por un atacante. (El c\u00f3digo en /usr/lib no es necesariamente seguro para cargar en ssh-agent). NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2016-10009."
}
],
"metrics": {

4
CVE-2023/CVE-2023-401xx/CVE-2023-40148.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.\n"
},
{
"lang": "es",
"value": "Server-Side Request Forgery (SSRF) en PingFederate permite que las solicitudes http no autenticadas ataquen recursos de la red y consuman recursos del lado del servidor a trav\u00e9s de solicitudes HTTP POST falsificadas."
}
],
"metrics": {

4
CVE-2023/CVE-2023-416xx/CVE-2023-41677.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack"
},
{
"lang": "es",
"value": "Credenciales insuficientemente protegidas en Fortinet FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6 , 1.0.0 a 1.0.7, Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15 , 6.0.0 a 6.0.17 permite al atacante ejecutar c\u00f3digo o comandos no autorizados mediante un ataque de ingenier\u00eda social dirigido"
}
],
"metrics": {

4
CVE-2023/CVE-2023-455xx/CVE-2023-45590.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website"
},
{
"lang": "es",
"value": "Un control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Fortinet FortiClientLinux versi\u00f3n 7.2.0, 7.0.6 a 7.0.10 y 7.0.3 a 7.0.4 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados enga\u00f1ando a un usuario de FortiClientLinux para que visitar un sitio web malicioso"
}
],
"metrics": {

4
CVE-2023/CVE-2023-475xx/CVE-2023-47540.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Fortinet FortiSandbox versi\u00f3n 4.4.0 a 4.4.2 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.5 y 3.2.0 a trav\u00e9s 3.2.4 y 3.0.5 a 3.0.7 pueden permitir a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de CLI."
}
],
"metrics": {

4
CVE-2023/CVE-2023-475xx/CVE-2023-47541.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI."
},
{
"lang": "es",
"value": "Una limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"path traversal\") en Fortinet FortiSandbox versi\u00f3n 4.4.0 a 4.4.2 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.5 y 3.2.0 a 3.2. 4 y 3.1.0 a 3.1.5 y 3.0.0 a 3.0.7 y 2.5.0 a 2.5.2 y 2.4.0 a 2.4.1 y 2.3.0 a 2.3.3 y 2.2.0 a 2.2.2 y 2.1.0 a 2.1.3 y 2.0.0 a 2.0.3 permiten a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de CLI."
}
],
"metrics": {

4
CVE-2023/CVE-2023-475xx/CVE-2023-47542.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un motor de plantillas [CWE-1336] en FortiManager versiones 7.4.1 e inferiores, versiones 7.2.4 e inferiores, y 7.0.10 e inferiores permite al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de plantillas especialmente manipuladas."
}
],
"metrics": {

4
CVE-2023/CVE-2023-487xx/CVE-2023-48724.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una solicitud HTTP POST especialmente manipulada puede provocar una denegaci\u00f3n de servicio de la interfaz web del dispositivo. Un atacante puede enviar una solicitud HTTP POST no autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {

4
CVE-2023/CVE-2023-487xx/CVE-2023-48784.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A\u00a0use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local\u00a0privileged attacker with super-admin profile and CLI access\u00a0to execute arbitrary code or commands via specially crafted requests."
},
{
"lang": "es",
"value": "El uso de una vulnerabilidad de cadena de formato controlada externamente [CWE-134] en FortiOS versi\u00f3n 7.4.1 e inferior, versi\u00f3n 7.2.7 e inferior, versi\u00f3n 7.0.14 e inferior, versi\u00f3n 6.4.15 e inferior, la interfaz de l\u00ednea de comando puede permitir una interfaz de l\u00ednea de comando local. Atacante privilegiado con perfil de superadministrador y acceso CLI para ejecutar c\u00f3digo o comandos arbitrarios a trav\u00e9s de solicitudes especialmente manipuladas."
}
],
"metrics": {

4
CVE-2023/CVE-2023-490xx/CVE-2023-49074.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad TDDP del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes de red especialmente manipuladas pueden provocar el restablecimiento de la configuraci\u00f3n de f\u00e1brica. Un atacante puede enviar una secuencia de paquetes no autenticados para desencadenar esta vulnerabilidad."
}
],
"metrics": {

4
CVE-2023/CVE-2023-491xx/CVE-2023-49133.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de comando en la funcionalidad tddpd enable_test_mode del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 compilaci\u00f3n 20220926 y el punto de acceso inal\u00e1mbrico Tp-Link N300 (EAP115 V4) v5.0.4 compilaci\u00f3n 20220216. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una secuencia de paquetes no autenticados para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta a \"uclited\" en el EAP225(V3) 5.1.0 Build 20220926 del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico AC1350."
}
],
"metrics": {

4
CVE-2023/CVE-2023-491xx/CVE-2023-49134.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de comando en la funcionalidad tddpd enable_test_mode del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 compilaci\u00f3n 20220926 y el punto de acceso inal\u00e1mbrico Tp-Link N300 (EAP115 V4) v5.0.4 compilaci\u00f3n 20220216. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una secuencia de paquetes no autenticados para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta a \"uclited\" en el EAP115(V4) 5.0.4 Build 20220216 del punto de acceso Gigabit inal\u00e1mbrico N300."
}
],
"metrics": {

4
CVE-2023/CVE-2023-499xx/CVE-2023-49906.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `ssid` en el desplazamiento `0x0045ab7c` del binario `httpd_portal` enviado con v5.1.0 Build 20220926 de EAP225."
}
],
"metrics": {

4
CVE-2023/CVE-2023-499xx/CVE-2023-49907.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `band` en el desplazamiento `0x0045aad8` del binario `httpd_portal` incluido con la versi\u00f3n 5.1.0 Build 20220926 de EAP225."
}
],
"metrics": {

4
CVE-2023/CVE-2023-499xx/CVE-2023-49908.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `profile` en el desplazamiento `0x0045abc8` del binario `httpd_portal` incluido con la versi\u00f3n 5.1.0 Build 20220926 de EAP225."
}
],
"metrics": {

4
CVE-2023/CVE-2023-499xx/CVE-2023-49909.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `action` en el desplazamiento `0x0045ab38` del binario `httpd_portal` incluido con la versi\u00f3n 5.1.0 Build 20220926 de EAP225."
}
],
"metrics": {

4
CVE-2023/CVE-2023-499xx/CVE-2023-49910.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `ssid` en el desplazamiento `0x42247c` del binario `httpd` enviado con la versi\u00f3n 5.0.4 Build 20220216 del EAP115."
}
],
"metrics": {

4
CVE-2023/CVE-2023-499xx/CVE-2023-49911.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `band` en el desplazamiento `0x422420` del binario `httpd` incluido con la versi\u00f3n 5.0.4 Build 20220216 de EAP115."
}
],
"metrics": {

4
CVE-2023/CVE-2023-499xx/CVE-2023-49912.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `profile` en el desplazamiento `0x4224b0` del binario `httpd` enviado con v5.0.4 Build 20220216 de EAP115."
}
],
"metrics": {

4
CVE-2023/CVE-2023-499xx/CVE-2023-49913.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de programaci\u00f3n de radio de la interfaz web del punto de acceso Gigabit MU-MIMO inal\u00e1mbrico Tp-Link AC1350 (EAP225 V3) v5.1.0 Build 20220926. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad se refiere espec\u00edficamente al desbordamiento que se produce a trav\u00e9s del par\u00e1metro `action` en el desplazamiento `0x422448` del binario `httpd` enviado con la versi\u00f3n 5.0.4 Build 20220216 de EAP115."
}
],
"metrics": {

4
CVE-2023/CVE-2023-503xx/CVE-2023-50347.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration.\n"
},
{
"lang": "es",
"value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de interfaz SQL insegura, que potencialmente le brinda a un atacante la capacidad de ejecutar consultas SQL personalizadas. Un usuario malintencionado puede ejecutar comandos SQL arbitrarios, incluido cambiar la configuraci\u00f3n del sistema."
}
],
"metrics": {

4
CVE-2023/CVE-2023-520xx/CVE-2023-52070.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que JFreeChart v1.5.4 era vulnerable a ArrayIndexOutOfBounds mediante el m\u00e9todo 'setSeriesNeedle(int index, int type)'. NOTA: esto es cuestionado por varios terceros que creen que no hab\u00eda pruebas razonables para determinar la existencia de una vulnerabilidad. Es posible que la presentaci\u00f3n se haya basado en una herramienta que no es lo suficientemente s\u00f3lida para la identificaci\u00f3n de vulnerabilidades."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-522xx/CVE-2023-52235.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack."
},
{
"lang": "es",
"value": "El router Wi-Fi SpaceX Starlink GEN 2 anterior a 2023.53.0 y Starlink Dish anterior a 07dd2798-ff15-4722-a9ee-de28928aed34 permiten CSRF (por ejemplo, para un reinicio) a trav\u00e9s de un ataque de reenlace de DNS."
}
],
"metrics": {},

2
CVE-2023/CVE-2023-524xx/CVE-2023-52433.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T13:15:08.140",
"lastModified": "2024-04-04T14:15:09.057",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52436.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T21:15:08.060",
"lastModified": "2024-02-20T21:52:55.187",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52442.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-21T08:15:45.547",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52453.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.083",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52454.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.137",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52455.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.193",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52456.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.237",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52457.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.290",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52459.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.387",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52460.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.440",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52461.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.490",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52462.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.540",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52463.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.590",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52464.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-23T15:15:08.647",
"lastModified": "2024-02-23T16:14:43.447",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52465.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:48.537",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52467.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:48.657",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52468.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:48.710",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52469.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:48.767",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52470.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:48.820",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52471.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:48.877",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52472.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:48.930",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52473.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:48.977",
"lastModified": "2024-02-26T16:32:25.577",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2023/CVE-2023-524xx/CVE-2023-52474.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:07.237",
"lastModified": "2024-02-26T22:10:40.463",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-62xx/CVE-2023-6236.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if a cached token should be used or not. This logic needs to be updated to take into account the new \"provider-url\" option in addition to the \"realm\" option."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en JBoss EAP. Cuando una aplicaci\u00f3n OIDC que atiende a varios inquilinos intenta acceder al segundo inquilino, deber\u00eda solicitarle al usuario que inicie sesi\u00f3n nuevamente, ya que el segundo inquilino est\u00e1 protegido con una configuraci\u00f3n OIDC diferente. El problema subyacente est\u00e1 en OidcSessionTokenStore al determinar si se debe utilizar o no un token almacenado en cach\u00e9. Esta l\u00f3gica debe actualizarse para tener en cuenta la nueva opci\u00f3n \"proveedor-url\" adem\u00e1s de la opci\u00f3n \"realm\"."
}
],
"metrics": {

4
CVE-2023/CVE-2023-63xx/CVE-2023-6317.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN.\u00a0\n\nFull versions and TV models affected:\n\nwebOS 4.9.7 - 5.30.40 running on LG43UM7000PLA \nwebOS 5.5.0 - 04.50.51 running on OLED55CXPUA \nwebOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB \u00a0\nwebOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA \n"
},
{
"lang": "es",
"value": "Existe una omisi\u00f3n r\u00e1pida en el servicio secondscreen.gateway que se ejecuta en webOS versi\u00f3n 4 a 7. Un atacante puede crear una cuenta privilegiada sin pedirle al usuario el PIN de seguridad. Versiones completas y modelos de TV afectados: webOS 4.9.7 - 5.30.40 ejecut\u00e1ndose en LG43UM7000PLA webOS 5.5.0 - 04.50.51 ejecut\u00e1ndose en OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 ejecut\u00e1ndose en OLED48C1PUB webOS 7.3. 1-43 (mullet-mebin) - 33.03.85 ejecut\u00e1ndose en OLED55A23LA"
}
],
"metrics": {

4
CVE-2023/CVE-2023-63xx/CVE-2023-6318.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A command injection vulnerability exists in the processAnalyticsReport\u00a0method from the com.webos.service.cloudupload\u00a0service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.\n\nFull versions and TV models affected:\n\n * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA\u00a0\n\n * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB\u00a0\n\n * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el m\u00e9todo ProcessAnalyticsReport del servicio com.webos.service.cloudupload en webOS versi\u00f3n 5 a 7. Una serie de solicitudes especialmente manipuladas pueden llevar a la ejecuci\u00f3n de comandos como usuario ra\u00edz. Un atacante puede realizar solicitudes autenticadas para desencadenar esta vulnerabilidad. Versiones completas y modelos de TV afectados: * webOS 5.5.0 - 04.50.51 ejecut\u00e1ndose en OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 ejecut\u00e1ndose en OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 33.03.85 ejecut\u00e1ndose en OLED55A23LA"
}
],
"metrics": {

4
CVE-2023/CVE-2023-63xx/CVE-2023-6319.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A command injection vulnerability exists in the getAudioMetadata\u00a0method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.\n\n * webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA\u00a0\n\n * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA\u00a0\n\n * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB\u00a0\n\n * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el m\u00e9todo getAudioMetadata del servicio com.webos.service.attachedstoragemanager en webOS versi\u00f3n 4 a 7. Una serie de solicitudes especialmente manipuladas pueden llevar a la ejecuci\u00f3n de comandos como usuario root. Un atacante puede realizar solicitudes autenticadas para desencadenar esta vulnerabilidad. * webOS 4.9.7 - 5.30.40 ejecut\u00e1ndose en LG43UM7000PLA * webOS 5.5.0 - 04.50.51 ejecut\u00e1ndose en OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 ejecut\u00e1ndose en OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 33.03.85 ejecut\u00e1ndose en OLED55A23LA"
}
],
"metrics": {

4
CVE-2023/CVE-2023-63xx/CVE-2023-6320.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability.\n\nFull versions and TV models affected:\n * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA\u00a0\n\n * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el endpoint com.webos.service.connectionmanager/tv/setVlanStaticAddress en las versiones 5 y 6 de webOS. Una serie de solicitudes especialmente manipuladas pueden conducir a la ejecuci\u00f3n de comandos como usuario de dbus. Un atacante puede realizar solicitudes autenticadas para desencadenar esta vulnerabilidad. Versiones completas y modelos de TV afectados: * webOS 5.5.0 - 04.50.51 ejecut\u00e1ndose en OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 ejecut\u00e1ndose en OLED48C1PUB"
}
],
"metrics": {

4
CVE-2023/CVE-2023-63xx/CVE-2023-6385.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs."
},
{
"lang": "es",
"value": "El complemento WordPress Ping Optimizer hasta la versi\u00f3n 2.35.1.3.0 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF, como borrar registros."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-64xx/CVE-2023-6486.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Spectra \u2013 WordPress Gutenberg Blocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del metabox CSS personalizado en todas las versiones hasta la 2.10.3 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2023/CVE-2023-65xx/CVE-2023-6522.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3914.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de gesti\u00f3n de privilegios inadecuada en ExtremePacs Extreme XDS permite recopilar datos proporcionados por los usuarios. Este problema afecta a Extreme XDS: antes de 3914."
}
],
"metrics": {

4
CVE-2023/CVE-2023-65xx/CVE-2023-6523.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse.This issue affects Extreme XDS: before 3914.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en ExtremePacs Extreme XDS permite el abuso de autenticaci\u00f3n. Este problema afecta a Extreme XDS: antes de 3914."
}
],
"metrics": {

4
CVE-2023/CVE-2023-66xx/CVE-2023-6694.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Beaver Themer para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 1.4.9 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los campos personalizados proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2023/CVE-2023-66xx/CVE-2023-6695.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values."
},
{
"lang": "es",
"value": "El complemento Beaver Themer para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.4.9 incluida a trav\u00e9s del c\u00f3digo corto 'wpbb'. Esto hace posible que atacantes autenticados, con acceso de colaborador y superior, extraigan datos confidenciales, incluidos valores user_meta arbitrarios."
}
],
"metrics": {

4
CVE-2023/CVE-2023-67xx/CVE-2023-6777.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin."
},
{
"lang": "es",
"value": "El complemento WP Go Maps (anteriormente WP Google Maps) para WordPress es vulnerable a la divulgaci\u00f3n de claves API no autenticadas en versiones hasta la 9.0.34 incluida debido a que el complemento agrega la clave API a varios archivos de complemento. Esto hace posible que atacantes no autenticados obtengan la clave API de Google del desarrollador. Si bien esto no afecta la seguridad de los sitios que utilizan este complemento, permite a atacantes no autenticados realizar solicitudes utilizando esta clave API con el potencial de agotar las solicitudes, lo que resulta en la imposibilidad de utilizar la funcionalidad de mapas que ofrece el complemento."
}
],
"metrics": {

4
CVE-2023/CVE-2023-67xx/CVE-2023-6799.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The WP Reset \u2013 Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames."
},
{
"lang": "es",
"value": "El complemento WP Reset \u2013 Most Advanced WordPress Reset Tool de WordPress para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.99 incluida mediante el uso de nombres de instant\u00e1neas insuficientemente aleatorios. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluidas las copias de seguridad del sitio, mediante la fuerza bruta de los nombres de los archivos de las instant\u00e1neas."
}
],
"metrics": {

4
CVE-2023/CVE-2023-69xx/CVE-2023-6964.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
},
{
"lang": "es",
"value": "El complemento Gutenberg Blocks de Kadence Blocks \u2013 Page Builder Features para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 3.1.26 incluida a trav\u00e9s de la acci\u00f3n AJAX 'kadence_import_get_new_connection_data'. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y pueden usarse para consultar y modificar informaci\u00f3n de servicios internos."
}
],
"metrics": {

4
CVE-2023/CVE-2023-69xx/CVE-2023-6965.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Pods \u2013 Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role)."
},
{
"lang": "es",
"value": "El complemento Pods \u2013 Custom Content Types and Fields para WordPress es vulnerable a la falta de autorizaci\u00f3n en todas las versiones hasta la 3.0.10 incluida (con la excepci\u00f3n de 2.7.31.2, 2.8.23.2, 2.9.19.2). Esto se debe al hecho de que el complemento permite el uso de una funci\u00f3n de inclusi\u00f3n de archivos mediante un c\u00f3digo corto. Esto hace posible que atacantes autenticados, con acceso de colaborador o superior, creen pods y usuarios (con rol predeterminado)."
}
],
"metrics": {

4
CVE-2023/CVE-2023-69xx/CVE-2023-6967.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Pods \u2013 Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento Pods \u2013 Custom Content Types and Fields para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de un c\u00f3digo corto en todas las versiones hasta la 3.0.10 incluida (con la excepci\u00f3n de 2.7.31.2, 2.8.23.2, 2.9.19.2) debido a una insuficiencia escape en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador o superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

4
CVE-2023/CVE-2023-69xx/CVE-2023-6993.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Custom post types, Custom Fields & more para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado del complemento y meta de publicaciones personalizadas en todas las versiones hasta la 5.0.4 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los metavalores de publicaci\u00f3n proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2023/CVE-2023-69xx/CVE-2023-6999.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Pods \u2013 Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server."
},
{
"lang": "es",
"value": "El complemento Pods \u2013 Custom Content Types and Fields para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo mediante c\u00f3digo corto en todas las versiones hasta la 3.0.10 incluida (con la excepci\u00f3n de 2.7.31.2, 2.8.23.2, 2.9.19.2). Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador o superior, ejecuten c\u00f3digo en el servidor."
}
],
"metrics": {

4
CVE-2023/CVE-2023-70xx/CVE-2023-7046.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The WP Encryption \u2013 One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys"
},
{
"lang": "es",
"value": "El complemento WP Encryption \u2013 One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 7.0 incluida a trav\u00e9s de archivos de clave privada expuestos. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluidas las claves privadas del certificado TLS."
}
],
"metrics": {

4
CVE-2023/CVE-2023-71xx/CVE-2023-7164.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database."
},
{
"lang": "es",
"value": "El complemento BackWPup de WordPress anterior a 4.0.4 no impide que los visitantes filtren informaci\u00f3n clave sobre las copias de seguridad en curso, lo que permite a atacantes no autenticados descargar copias de seguridad de la base de datos de un sitio."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-01xx/CVE-2024-0159.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system."
},
{
"lang": "es",
"value": "Dell Alienware Command Center, versiones 5.5.52.0 y anteriores, contienen una vulnerabilidad de control de acceso inadecuado que provoca una denegaci\u00f3n de servicio en el sistema local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-03xx/CVE-2024-0376.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "Los complementos Premium Addons for Elementor para WordPress son vulnerables a Cross-Site Scripting Almacenado a trav\u00e9s del widget Wrapper Link del complemento en todas las versiones hasta la 4.10.16 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en las URL proporcionadas por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2024/CVE-2024-05xx/CVE-2024-0588.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.12.10 incluida. Esto se debe a que falta la validaci\u00f3n nonce en la funci\u00f3n pmpro_lifter_save_streamline_option(). Esto hace posible que atacantes no autenticados habiliten la configuraci\u00f3n optimizada con Lifter LMS a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

4
CVE-2024/CVE-2024-05xx/CVE-2024-0598.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento Gutenberg Blocks de Kadence Blocks \u2013 Page Builder Features para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de mensajes del formulario de contacto en todas las versiones hasta la 3.2.17 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de editor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto afecta principalmente a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {

4
CVE-2024/CVE-2024-06xx/CVE-2024-0626.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid."
},
{
"lang": "es",
"value": "El complemento WooCommerce Clover Payment Gateway para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n callback_handler en todas las versiones hasta la 1.3.1 incluida. Esto hace posible que atacantes no autenticados marquen los pedidos como pagados."
}
],
"metrics": {

4
CVE-2024/CVE-2024-06xx/CVE-2024-0662.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento FancyBox for WordPress para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en las versiones 3.0.2 a 3.3.3 debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {

4
CVE-2024/CVE-2024-08xx/CVE-2024-0826.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Qi Addons For Elementor para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los widgets del complemento en todas las versiones hasta la 1.6.7 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2024/CVE-2024-08xx/CVE-2024-0872.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails."
},
{
"lang": "es",
"value": "El complemento Watu Quiz para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 3.4.1 incluida a trav\u00e9s del c\u00f3digo corto watu-userinfo. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan metadatos confidenciales de los usuarios que pueden incluir tokens de sesi\u00f3n y correos electr\u00f3nicos de los usuarios."
}
],
"metrics": {

4
CVE-2024/CVE-2024-08xx/CVE-2024-0873.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Watu Quiz para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'watu-basic-chart' del complemento en todas las versiones hasta la 3.4.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2024/CVE-2024-08xx/CVE-2024-0899.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The s2Member \u2013 Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages."
},
{
"lang": "es",
"value": "El complemento s2Member \u2013 Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 230815 incluida a trav\u00e9s de la API. Esto hace posible que atacantes no autenticados vean el contenido de esas publicaciones y p\u00e1ginas."
}
],
"metrics": {

4
CVE-2024/CVE-2024-09xx/CVE-2024-0952.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting para WordPress es vulnerable a la inyecci\u00f3n SQL basada en tiempo a trav\u00e9s del par\u00e1metro id en todas las versiones hasta la 1.12.9 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados, con privilegios de administrador o administrador de contabilidad o superiores, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More