admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-13T15:00:24.887578+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-13 15:00:28 +00:00
parent c21d05b140
commit 47d1a6cdf3
97 changed files with 2122 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2020/CVE-2020-79xx/CVE-2020-7924.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-7924",
"sourceIdentifier": "cna@mongodb.com",
"published": "2021-04-12T17:15:13.350",
"lastModified": "2021-04-21T19:01:31.353",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-13T14:15:44.710",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0."
"value": "Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.\n\n"
},
{
"lang": "es",

6
CVE-2021/CVE-2021-203xx/CVE-2021-20327.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-20327",
"sourceIdentifier": "cna@mongodb.com",
"published": "2021-02-25T17:15:28.160",
"lastModified": "2021-03-04T20:38:47.807",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-13T14:15:44.980",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption."
"value": "A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption. This issue affect MongoDB Node.js Driver mongodb-client-encryption module version 1.2.0\n\n\n"
},
{
"lang": "es",

6
CVE-2021/CVE-2021-203xx/CVE-2021-20328.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-20328",
"sourceIdentifier": "cna@mongodb.com",
"published": "2021-02-25T17:15:28.303",
"lastModified": "2021-06-11T13:33:06.313",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-13T14:15:45.110",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption."
"value": "Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption.\n\n"
},
{
"lang": "es",

8
CVE-2022/CVE-2022-486xx/CVE-2022-48623.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-48623",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T05:15:08.530",
"lastModified": "2024-02-13T05:15:08.530",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service."
},
{
"lang": "es",
"value": "El paquete Cpanel::JSON::XS anterior a 4.33 para Perl realiza accesos fuera de los l\u00edmites de una manera que permite a los atacantes obtener informaci\u00f3n confidencial o provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},

409
CVE-2023/CVE-2023-228xx/CVE-2023-22817.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-22817",
"sourceIdentifier": "psirt@wdc.com",
"published": "2024-02-05T22:15:54.820",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T14:27:09.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed\u00a0by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.\u00a0\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de server-side request forgery (SSRF) que podr\u00eda permitir que un servidor no autorizado en la red local modifique su URL utilizando otra direcci\u00f3n DNS para apuntar al adaptador de loopback. Esto podr\u00eda permitir que la URL aproveche otras vulnerabilidades en el servidor local. Esto se solucion\u00f3 corrigiendo las direcciones DNS que hacen referencia al loopback. Este problema afecta a los dispositivos My Cloud OS 5 anteriores a 5.27.161, My Cloud Home, My Cloud Home Duo y SanDisk ibi anteriores a 9.5.1-104."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -46,10 +80,379 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "65956C3F-A729-4A75-AA37-74B5E89A079D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "CD7A6F3E-6031-4123-AEB3-498A37164AFC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "3B7F303F-BEA6-4546-B7F3-85937F055C70"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "D626D580-E58A-4B6C-82C7-B9E4EFDD45E6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "CA969327-0057-483A-BDEA-48044C2AAFDA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "5C32A7FB-2EAC-431F-A2AF-033BC56B7548"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "4289EA01-0B97-4628-8658-56C35D328476"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "14973F26-4E47-4531-96ED-1F4DE2B90782"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_glacier_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "AC4318FA-0121-4730-9199-3E6E18872B9C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_glacier:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4725EF2C-5954-45DA-95D1-0A2F8F3E7714"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "AC132C6A-CA10-431F-AEDE-64979DA8D960"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5.1-104",
"matchCriteriaId": "D90D9B21-6C1A-4FC3-B292-B72BB521E1B6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5.1-104",
"matchCriteriaId": "233200A4-0DDF-4FEE-967B-DDB638D0DBB0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5.1-104",
"matchCriteriaId": "4523B737-F58A-4A73-AE74-EAF313AEBDFC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update",
"source": "psirt@wdc.com"
"source": "psirt@wdc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

381
CVE-2023/CVE-2023-228xx/CVE-2023-22819.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-22819",
"sourceIdentifier": "psirt@wdc.com",
"published": "2024-02-05T22:15:55.023",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T14:50:45.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de vulnerabilidad de consumo de recursos no controlado que podr\u00eda surgir al enviar solicitudes manipuladas a un servicio para consumir una gran cantidad de memoria, lo que eventualmente resultar\u00eda en que el servicio se detuviera y reiniciara en los dispositivos Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi y Western Digital My Cloud OS 5. Este problema requiere que el atacante ya tenga privilegios de root para explotar esta vulnerabilidad. Este problema afecta a My Cloud Home y My Cloud Home Duo: antes de la versi\u00f3n 9.5.1-104; ibi: antes de la versi\u00f3n 9.5.1-104; My Cloud OS 5: antes de la versi\u00f3n 5.27.161."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -46,10 +80,351 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "CD7A6F3E-6031-4123-AEB3-498A37164AFC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "3B7F303F-BEA6-4546-B7F3-85937F055C70"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "D626D580-E58A-4B6C-82C7-B9E4EFDD45E6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "CA969327-0057-483A-BDEA-48044C2AAFDA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "5C32A7FB-2EAC-431F-A2AF-033BC56B7548"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "4289EA01-0B97-4628-8658-56C35D328476"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "14973F26-4E47-4531-96ED-1F4DE2B90782"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_glacier_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "AC4318FA-0121-4730-9199-3E6E18872B9C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_glacier:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4725EF2C-5954-45DA-95D1-0A2F8F3E7714"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.27.161",
"matchCriteriaId": "AC132C6A-CA10-431F-AEDE-64979DA8D960"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5.1-104",
"matchCriteriaId": "D90D9B21-6C1A-4FC3-B292-B72BB521E1B6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5.1-104",
"matchCriteriaId": "233200A4-0DDF-4FEE-967B-DDB638D0DBB0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5.1-104",
"matchCriteriaId": "4523B737-F58A-4A73-AE74-EAF313AEBDFC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update",
"source": "psirt@wdc.com"
"source": "psirt@wdc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-280xx/CVE-2023-28018.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28018",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-12T23:15:08.100",
"lastModified": "2024-02-12T23:15:08.100",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users.\n"
},
{
"lang": "es",
"value": "HCL Connections es vulnerable a una denegaci\u00f3n de servicio, provocada por una validaci\u00f3n inadecuada de determinadas solicitudes. Mediante una solicitud especialmente manipulada, un atacante podr\u00eda aprovechar esta vulnerabilidad para provocar una denegaci\u00f3n de servicio a los usuarios afectados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-423xx/CVE-2023-42374.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42374",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:07.913",
"lastModified": "2024-02-13T01:15:07.913",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component."
},
{
"lang": "es",
"value": "Un problema en mystenlabs Sui Blockchain anterior a v.1.6.3 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio a trav\u00e9s de un script comprimido manipulado para el componente del nodo Sui."
}
],
"metrics": {},

43
CVE-2023/CVE-2023-44xx/CVE-2023-4408.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-4408",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-02-13T14:15:45.253",
"lastModified": "2024-02-13T14:15:45.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2023-4408",
"source": "security-officer@isc.org"
}
]
}

8
CVE-2023/CVE-2023-472xx/CVE-2023-47218.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47218",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-13T03:15:07.700",
"lastModified": "2024-02-13T03:15:07.700",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {

8
CVE-2023/CVE-2023-483xx/CVE-2023-48363.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48363",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:45.763",
"lastModified": "2024-02-13T09:15:45.763",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nOpenPCS 7 V9.1 (todas las versiones), \nSIMATIC BATCH V9.1 (todas las versiones), \nSIMATIC PCS 7 V9.1 (todas las versiones), \nSIMATIC Route Control V9.1 (todas las versiones), \nSIMATIC WinCC Runtime Professional V18 (todas las versiones), \nSIMATIC WinCC Runtime Professional V19 (todas las versiones), \nSIMATIC WinCC V7.4 (todas las versiones), \nSIMATIC WinCC V7.5 (todas las versiones &lt; V7.5 SP2 Update 15), \nSIMATIC WinCC V8.0 (Todas las versiones "
}
],
"metrics": {

8
CVE-2023/CVE-2023-483xx/CVE-2023-48364.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48364",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:45.980",
"lastModified": "2024-02-13T09:15:45.980",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nOpenPCS 7 V9.1 (todas las versiones), \nSIMATIC BATCH V9.1 (todas las versiones), \nSIMATIC PCS 7 V9.1 (todas las versiones), \nSIMATIC Route Control V9.1 (todas las versiones), \nSIMATIC WinCC Runtime Professional V18 (todas las versiones), \nSIMATIC WinCC Runtime Professional V19 (todas las versiones), \nSIMATIC WinCC V7.4 (todas las versiones), \nSIMATIC WinCC V7.5 (todas las versiones &lt; V7.5 SP2 Update 15), \nSIMATIC WinCC V8.0 (Todas las versiones "
}
],
"metrics": {

8
CVE-2023/CVE-2023-491xx/CVE-2023-49125.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49125",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:46.173",
"lastModified": "2024-02-13T09:15:46.173",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Parasolid V35.0 (Todas las versiones &lt; V35.0.263), Parasolid V35.1 (Todas las versiones &lt; V35.1.252), Parasolid V36.0 (Todas las versiones &lt; V36.0.198). Las aplicaciones afectadas contienen una lectura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de una estructura asignada mientras analizan archivos especialmente manipulados que contienen formato XT. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {

8
CVE-2023/CVE-2023-493xx/CVE-2023-49339.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49339",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:08.287",
"lastModified": "2024-02-13T01:15:08.287",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint."
},
{
"lang": "es",
"value": "Ellucian Banner 9.17 permite la referencia directa a objetos inseguros (IDOR) a trav\u00e9s de un bannerId modificado al endpoint /StudentSelfService/ssb/studentCard/retrieveData."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-502xx/CVE-2023-50236.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50236",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:46.633",
"lastModified": "2024-02-13T09:15:46.633",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Polarion ALM (All versions). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\\SYSTEM."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Polarion ALM (todas las versiones). El producto afectado es vulnerable debido a permisos d\u00e9biles de archivos y carpetas en la ruta de instalaci\u00f3n. Un atacante con acceso local podr\u00eda aprovechar esta vulnerabilidad para escalar privilegios a NT AUTHORITY\\SYSTEM."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50358.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50358",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2024-02-13T03:15:07.963",
"lastModified": "2024-02-13T03:15:07.963",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQTS 4.5.4.2627 build 20231225 and later\nQTS 4.3.6.2665 build 20240131 and later\nQTS 4.3.4.2675 build 20240131 and later\nQTS 4.3.3.2644 build 20240131 and later\nQTS 4.2.6 build 20240131 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QTS 4.5.4.2627 compilaci\u00f3n 20231225 y posteriores QTS 4.3.6.2665 compilaci\u00f3n 20240131 y posteriores QTS 4.3.4.2675 compilaci\u00f3n 20240131 y posteriores QTS 4.3.3.2644 construir 20240131 y posterior QTS 4.2.6 compilaci\u00f3n 20240131 y posterior QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posterior QuTS hero h4.5.4.2626 compilaci\u00f3n 20231225 y posterior QuTScloud c5.1.5.2651 y posterior"
}
],
"metrics": {

8
CVE-2023/CVE-2023-514xx/CVE-2023-51440.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51440",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:46.830",
"lastModified": "2024-02-13T09:15:46.830",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nSIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (todas las versiones), \nSIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (todas las versiones), \nSIPLUS NET CP 343-1 (6AG1343- 1EX30-7XE0) (todas las versiones), \nSIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (todas las versiones). \nLos productos afectados validan incorrectamente los n\u00fameros de secuencia TCP. Esto podr\u00eda permitir que un atacante remoto no autenticado cree una condici\u00f3n de denegaci\u00f3n de servicio inyectando paquetes TCP RST falsificados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-520xx/CVE-2023-52059.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52059",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:08.353",
"lastModified": "2024-02-13T01:15:08.353",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en Gestsup v3.2.46 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo de texto Descripci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-520xx/CVE-2023-52060.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52060",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:08.413",
"lastModified": "2024-02-13T01:15:08.413",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request."
},
{
"lang": "es",
"value": "Cross-Site Request Forgery (CSRF) en Gestsup v3.2.46 permite a los atacantes editar arbitrariamente la informaci\u00f3n del perfil del usuario a trav\u00e9s de una solicitud manipulada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52430.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52430",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T23:15:08.353",
"lastModified": "2024-02-12T23:15:08.353",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring."
},
{
"lang": "es",
"value": "El complemento caddy-security 1.1.20 para Caddy permite XSS reflejadi a trav\u00e9s de una solicitud GET a una URL que contiene un payload XSS y comienza con una subcadena /admin o /settings/mfa/delete/."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52431.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52431",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T05:15:08.797",
"lastModified": "2024-02-13T05:15:08.797",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled)."
},
{
"lang": "es",
"value": "El paquete Plack::Middleware::XSRFBlock anterior a 0.0.19 para Perl permite a los atacantes eludir un mecanismo de protecci\u00f3n CSRF mediante un valor de formulario vac\u00edo y una cookie vac\u00eda (si las cookies firmadas est\u00e1n deshabilitadas)."
}
],
"metrics": {},

43
CVE-2023/CVE-2023-55xx/CVE-2023-5517.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-5517",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-02-13T14:15:45.510",
"lastModified": "2024-02-13T14:15:45.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n - `nxdomain-redirect <domain>;` is configured, and\n - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2023-5517",
"source": "security-officer@isc.org"
}
]
}

43
CVE-2023/CVE-2023-56xx/CVE-2023-5679.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-5679",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-02-13T14:15:45.677",
"lastModified": "2024-02-13T14:15:45.677",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2023-5679",
"source": "security-officer@isc.org"
}
]
}

43
CVE-2023/CVE-2023-56xx/CVE-2023-5680.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-5680",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-02-13T14:15:45.850",
"lastModified": "2024-02-13T14:15:45.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. \nThis issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2023-5680",
"source": "security-officer@isc.org"
}
]
}

8
CVE-2023/CVE-2023-60xx/CVE-2023-6072.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6072",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2024-02-13T10:15:08.227",
"lastModified": "2024-02-13T10:15:08.227",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting en Trellix Central Management (CM) anterior a 9.1.3.97129 permite a un atacante remoto autenticado crear solicitudes internas del panel de CM, lo que provoca que se inyecte contenido arbitrario en la respuesta al acceder al panel de CM."
}
],
"metrics": {

43
CVE-2023/CVE-2023-65xx/CVE-2023-6516.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-6516",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-02-13T14:15:46.030",
"lastModified": "2024-02-13T14:15:46.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2023-6516",
"source": "security-officer@isc.org"
}
]
}

4
CVE-2023/CVE-2023-68xx/CVE-2023-6815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6815",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2024-02-13T07:15:46.843",
"lastModified": "2024-02-13T07:15:46.843",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

68
CVE-2024/CVE-2024-05xx/CVE-2024-0585.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0585",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:02.433",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T14:04:59.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits &amp; WooCommerce Builders para WordPress es vulnerables a Cross-Site Scripting Almacenado a trav\u00e9s del complemento Filterable Gallery widget en todas las versiones hasta la 5.9.4 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y la salida se escapa en la URL de la imagen. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.9.4",
"matchCriteriaId": "5BA49D46-1E7B-49AD-9A7A-E59816D0D794"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Filterable_Gallery.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-05xx/CVE-2024-0586.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0586",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:02.607",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T14:05:10.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits &amp; WooCommerce Builders para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del elemento de inicio de sesi\u00f3n/registro en todas las versiones hasta la 5.9.4 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y la salida se escapa en la URL de inicio de sesi\u00f3n personalizada. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.9.4",
"matchCriteriaId": "5BA49D46-1E7B-49AD-9A7A-E59816D0D794"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Login_Register.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-05xx/CVE-2024-0597.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0597",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:02.777",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T14:05:27.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento SEO Plugin de Squirrly SEO para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 12.3.15 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "12.3.15",
"matchCriteriaId": "A440A7DC-AEED-48C3-B21E-4EDA77BFCF03"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3023398/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-06xx/CVE-2024-0660.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0660",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:03.520",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T14:05:53.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 6.7.2 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n update_settings. Esto hace posible que atacantes no autenticados cambien la configuraci\u00f3n del formulario y agreguen JavaScript malicioso a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strategy11:formidable_forms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.7.2",
"matchCriteriaId": "6E4EB854-E153-46CB-9B72-86D89C65C62B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3026901/formidable/tags/6.8/classes/controllers/FrmFormsController.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

15
CVE-2024/CVE-2024-07xx/CVE-2024-0707.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-0707",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-13T14:15:46.257",
"lastModified": "2024-02-13T14:15:46.257",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: **REJECT** Not a valid vulnerability."
}
],
"metrics": {},
"references": []
}

8
CVE-2024/CVE-2024-11xx/CVE-2024-1157.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1157",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-13T10:15:08.433",
"lastModified": "2024-02-13T10:15:08.433",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Bold Page Builder para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la URL del bot\u00f3n del complemento en todas las versiones hasta la 4.8.0 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-11xx/CVE-2024-1159.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1159",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-13T10:15:08.603",
"lastModified": "2024-02-13T10:15:08.603",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Bold Page Builder para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 4.8.0 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-11xx/CVE-2024-1160.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1160",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-13T10:15:08.783",
"lastModified": "2024-02-13T10:15:08.783",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Bold Page Builder para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del enlace de icono del complemento en todas las versiones hasta la 4.8.0 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

68
CVE-2024/CVE-2024-11xx/CVE-2024-1177.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1177",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:07.813",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T14:06:04.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Club Manager \u2013 WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs"
},
{
"lang": "es",
"value": "El complemento WP Club Manager \u2013 WordPress Sports Club Plugin para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n settings_save() en todas las versiones hasta la 2.2.10 incluida. Esto hace posible que atacantes no autenticados actualicen la estructura de enlaces permanentes de los clubes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpclubmanager:wp_club_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.11",
"matchCriteriaId": "EA1BC149-21E9-4E12-BFCF-204FCBDF0F24"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030843%40wp-club-manager&new=3030843%40wp-club-manager&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-12xx/CVE-2024-1208.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1208",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-05T22:16:07.977",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T14:06:24.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions."
},
{
"lang": "es",
"value": "El complemento LearnDash LMS para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 4.10.2 incluida a trav\u00e9s de API. Esto hace posible que atacantes no autenticados obtengan acceso a las preguntas del cuestionario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:learndash:learndash:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.10.3",
"matchCriteriaId": "F60A9AD2-5715-460B-BDA8-D04EBB7CDF1E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.learndash.com/release-notes/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae735117-e68b-448e-ad41-258d1be3aebc?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-12xx/CVE-2024-1250.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1250",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-12T21:15:08.313",
"lastModified": "2024-02-12T21:15:08.313",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde la 16.8 hasta la 16.8.2. Cuando a un usuario se le asigna una funci\u00f3n personalizada con permiso de Manage_group_access_tokens, es posible que pueda crear tokens de acceso de grupo con privilegios de propietario, lo que puede conducir a una escalada de privilegios."
}
],
"metrics": {

62
CVE-2024/CVE-2024-13xx/CVE-2024-1309.json Normal file
View File

@ -0,0 +1,62 @@
{
"id": "CVE-2024-1309",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2024-02-13T14:15:46.463",
"lastModified": "2024-02-13T14:15:46.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.\n\n"
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
},
{
"url": "https://www.honeywell.com/us/en/product-security",
"source": "psirt@honeywell.com"
}
]
}

2
CVE-2024/CVE-2024-14xx/CVE-2024-1432.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1432",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-11T03:15:08.930",
"lastModified": "2024-02-13T08:16:35.337",
"lastModified": "2024-02-13T14:15:46.667",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

8
CVE-2024/CVE-2024-14xx/CVE-2024-1454.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1454",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-12T23:15:08.410",
"lastModified": "2024-02-12T23:15:08.410",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment."
},
{
"lang": "es",
"value": "La vulnerabilidad de use-after-free se encontr\u00f3 en el controlador AuthentIC en los paquetes OpenSC y ocurre en el proceso de inscripci\u00f3n de tarjetas usando pkcs15-init cuando un usuario o administrador registra o modifica tarjetas. Un atacante debe tener acceso f\u00edsico al sistema inform\u00e1tico y requiere un dispositivo USB o una tarjeta inteligente manipulada para presentar al sistema respuestas especialmente manipuladas a las APDU, que se consideran de alta complejidad y baja gravedad. Esta manipulaci\u00f3n puede permitir operaciones de administraci\u00f3n de tarjetas comprometidas durante la inscripci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-14xx/CVE-2024-1459.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1459",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-12T21:15:08.533",
"lastModified": "2024-02-12T21:15:08.533",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de path traversal en Undertow. Este problema puede permitir que un atacante remoto agregue una secuencia especialmente manipulada a una solicitud HTTP para una aplicaci\u00f3n implementada en JBoss EAP, lo que puede permitir el acceso a archivos y directorios privilegiados o restringidos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-214xx/CVE-2024-21491.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21491",
"sourceIdentifier": "report@snyk.io",
"published": "2024-02-13T05:15:08.873",
"lastModified": "2024-02-13T05:15:08.873",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.\r\r**Note:**\r\rThe attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues."
},
{
"lang": "es",
"value": "Las versiones del paquete svix anteriores a la 1.17.0 son vulnerables a la omisi\u00f3n de autenticaci\u00f3n debido a un problema en la funci\u00f3n de verificaci\u00f3n donde las firmas de diferentes longitudes se comparan incorrectamente. Un atacante puede eludir la verificaci\u00f3n de firma proporcionando una firma m\u00e1s corta que coincida con el comienzo de la firma real. **Nota:** El atacante necesitar\u00eda saber que la v\u00edctima usa la librer\u00eda Rust para la verificaci\u00f3n, no hay una manera f\u00e1cil de verificarlo autom\u00e1ticamente; y utiliza webhooks de un servicio que utiliza Svix, y luego encuentra una manera de crear una carga \u00fatil maliciosa que en realidad incluir\u00e1 todos los identificadores correctos necesarios para enga\u00f1ar a los receptores y causar problemas reales."
}
],
"metrics": {

8
CVE-2024/CVE-2024-220xx/CVE-2024-22024.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22024",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-02-13T04:15:07.943",
"lastModified": "2024-02-13T04:15:07.943",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:11.297",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication."
},
{
"lang": "es",
"value": "Una entidad externa XML o vulnerabilidad XXE en el componente SAML de Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) y puertas de enlace ZTA que permite a un atacante acceder a ciertos recursos restringidos sin autenticaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-220xx/CVE-2024-22042.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22042",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:47.157",
"lastModified": "2024-02-13T09:15:47.157",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Unicam FX (todas las versiones). El agente de instalaci\u00f3n de Windows utilizado en el producto afectado contiene un uso incorrecto de API privilegiadas que activan el host de la consola de Windows (conhost.exe) como un proceso secundario con privilegios de SYSTEMA. Un atacante podr\u00eda aprovechar esto para realizar un ataque de escalada de privilegios local."
}
],
"metrics": {

8
CVE-2024/CVE-2024-220xx/CVE-2024-22043.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22043",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:47.360",
"lastModified": "2024-02-13T09:15:47.360",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Parasolid V35.0 (todas las versiones &lt; V35.0.251), Parasolid V35.1 (todas las versiones &lt; V35.1.170). Las aplicaciones afectadas contienen una vulnerabilidad de desreferencia de puntero nulo al analizar archivos XT especialmente manipulados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n y provocar una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-221xx/CVE-2024-22126.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22126",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T02:15:08.107",
"lastModified": "2024-02-13T02:15:08.107",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes\u00a0the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.\n\n"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n User Admin de SAP NetWeaver AS para Java, versi\u00f3n 7.50, no valida lo suficiente y codifica incorrectamente los par\u00e1metros de la URL entrante antes de incluirlos en la URL de redireccionamiento. Esto da como resultado una vulnerabilidad de Cross-Site Scripting (XSS), lo que genera un alto impacto en la confidencialidad y un impacto leve en la integridad y la disponibilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-221xx/CVE-2024-22128.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22128",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T02:15:08.323",
"lastModified": "2024-02-13T02:15:08.323",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.\n\n"
},
{
"lang": "es",
"value": "SAP NWBC para HTML: versiones SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS). Un atacante no autenticado puede inyectar javascript malicioso para causar un impacto limitado en la confidencialidad y la integridad de los datos de la aplicaci\u00f3n despu\u00e9s de una explotaci\u00f3n exitosa."
}
],
"metrics": {

8
CVE-2024/CVE-2024-221xx/CVE-2024-22129.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22129",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T04:15:08.133",
"lastModified": "2024-02-13T04:15:08.133",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application.\n\n"
},
{
"lang": "es",
"value": "SAP Companion: versi\u00f3n &lt;3.1.38, tiene una URL con un par\u00e1metro que podr\u00eda ser vulnerable a un ataque XSS. El atacante podr\u00eda enviar un enlace malicioso a un usuario que posiblemente le permitir\u00eda recuperar informaci\u00f3n confidencial y causar un impacto menor en la integridad de la aplicaci\u00f3n web."
}
],
"metrics": {

8
CVE-2024/CVE-2024-221xx/CVE-2024-22130.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22130",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T03:15:08.163",
"lastModified": "2024-02-13T03:15:08.163",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Print preview option in\u00a0SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation.\n\n"
},
{
"lang": "es",
"value": "Opci\u00f3n de vista previa de impresi\u00f3n en la interfaz de usuario de SAP CRM WebClient: versiones S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEB CUIF 748, WEBCUIF 800, WEBCUIF 801, no codifican suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting. Un atacante con pocos privilegios puede causar un impacto limitado en la confidencialidad y la integridad de los datos de la aplicaci\u00f3n despu\u00e9s de una explotaci\u00f3n exitosa."
}
],
"metrics": {

8
CVE-2024/CVE-2024-221xx/CVE-2024-22131.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22131",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T03:15:08.363",
"lastModified": "2024-02-13T03:15:08.363",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to\u00a0invoke\u00a0an application function to perform actions which they would not normally be permitted to perform. \u00a0Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable.\n\n"
},
{
"lang": "es",
"value": "En SAP ABA (Application Basis), versiones 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, un atacante autenticado como usuario con autorizaci\u00f3n de ejecuci\u00f3n remota puede utilizar una interfaz vulnerable. Esto permite al atacante utilizar la interfaz para invocar una funci\u00f3n de la aplicaci\u00f3n para realizar acciones que normalmente no se le permitir\u00eda realizar. Dependiendo de la funci\u00f3n ejecutada, el ataque puede leer o modificar cualquier dato de usuario/empresa y puede hacer que todo el sistema no est\u00e9 disponible."
}
],
"metrics": {

8
CVE-2024/CVE-2024-221xx/CVE-2024-22132.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22132",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T03:15:08.570",
"lastModified": "2024-02-13T03:15:08.570",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system.\n\n"
},
{
"lang": "es",
"value": "SAP IDES ECC-systems contienen c\u00f3digo que permite la ejecuci\u00f3n de c\u00f3digo de programa arbitrario elegido por el usuario. Por lo tanto, un atacante puede controlar el comportamiento del sistema ejecutando c\u00f3digo malicioso que potencialmente puede aumentar los privilegios con un bajo impacto en la confidencialidad, la integridad y la disponibilidad del sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-224xx/CVE-2024-22445.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22445",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-13T08:16:35.723",
"lastModified": "2024-02-13T08:16:35.723",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n"
},
{
"lang": "es",
"value": "Dell PowerProtect Data Manager, versi\u00f3n 19.15 y versiones anteriores, contienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto con privilegios elevados podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema operativo subyacente de la aplicaci\u00f3n, con los privilegios de la aplicaci\u00f3n vulnerable. La explotaci\u00f3n puede llevar a que un atacante se apodere del sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-224xx/CVE-2024-22454.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22454",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-13T08:16:35.993",
"lastModified": "2024-02-13T08:16:35.993",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change\n\n"
},
{
"lang": "es",
"value": "Dell PowerProtect Data Manager, versi\u00f3n 19.15 y versiones anteriores, contienen un mecanismo de recuperaci\u00f3n de contrase\u00f1as d\u00e9bil para contrase\u00f1as olvidadas. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda un acceso no autorizado a la aplicaci\u00f3n con privilegios de la cuenta comprometida. El atacante podr\u00eda recuperar el token de restablecimiento de contrase\u00f1a sin autorizaci\u00f3n y luego realizar el cambio de contrase\u00f1a."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23759.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23759",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.087",
"lastModified": "2024-02-12T22:15:08.087",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via \"search\" parameter of the Parcelshopfinder/AddAddressBookEntry\" function."
},
{
"lang": "es",
"value": "La deserializaci\u00f3n de datos no confiables en Gambio hasta la versi\u00f3n 4.9.2.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro \"search\" de la funci\u00f3n Parcelshopfinder/AddAddressBookEntry\"."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23760.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23760",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.193",
"lastModified": "2024-02-12T22:15:08.193",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot."
},
{
"lang": "es",
"value": "El almacenamiento de texto plano de informaci\u00f3n confidencial en Gambio 4.9.2.0 permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de error-handler.log.json y Legacy-error-handler.log.txt en la ra\u00edz web."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23761.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23761",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.247",
"lastModified": "2024-02-12T22:15:08.247",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template."
},
{
"lang": "es",
"value": "La inyecci\u00f3n de plantilla del lado del servidor en Gambio 4.9.2.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una plantilla de correo electr\u00f3nico inteligente manipulada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23762.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23762",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.307",
"lastModified": "2024-02-12T22:15:08.307",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos sin restricciones en la funci\u00f3n Content Manager en Gambio 4.9.2.0 permite a atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo PHP manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23763.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23763",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.367",
"lastModified": "2024-02-12T22:15:08.367",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n SQL en Gambio hasta la versi\u00f3n 4.9.2.0 permite a los atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s de una solicitud GET manipulada utilizando el par\u00e1metro modificadores[atributo][]."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23795.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23795",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:47.550",
"lastModified": "2024-02-13T09:15:47.550",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones &lt; V2201.0012), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0006). La aplicaci\u00f3n afectada contiene una escritura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de un b\u00fafer asignado mientras analiza un archivo WRL especialmente manipulado. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23796.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23796",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:47.737",
"lastModified": "2024-02-13T09:15:47.737",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones &lt; V2201.0012), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0006). La aplicaci\u00f3n afectada es vulnerable al desbordamiento de b\u00fafer de almacenamiento din\u00e1mico mientras analiza archivos WRL especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23797.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23797",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:47.983",
"lastModified": "2024-02-13T09:15:47.983",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones &lt; V2201.0012), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0006). Las aplicaciones afectadas contienen una vulnerabilidad de desbordamiento de pila al analizar archivos WRL especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23798.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23798",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:48.170",
"lastModified": "2024-02-13T09:15:48.170",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones &lt; V2201.0012), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0006). Las aplicaciones afectadas contienen una vulnerabilidad de desbordamiento de pila al analizar archivos WRL especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23799.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23799",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:48.380",
"lastModified": "2024-02-13T09:15:48.380",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0007). Las aplicaciones afectadas contienen una vulnerabilidad de desreferencia de puntero nulo al analizar archivos SPP especialmente manipulados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n y provocar una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23800.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23800",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:48.573",
"lastModified": "2024-02-13T09:15:48.573",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0007). Las aplicaciones afectadas contienen una vulnerabilidad de desreferencia de puntero nulo al analizar archivos SPP especialmente manipulados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n y provocar una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23801.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23801",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:48.807",
"lastModified": "2024-02-13T09:15:48.807",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0007). Las aplicaciones afectadas contienen una vulnerabilidad de desreferencia de puntero nulo al analizar archivos SPP especialmente manipulados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n y provocar una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23802.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23802",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:49.000",
"lastModified": "2024-02-13T09:15:49.000",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones &lt; V2201.0012), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0006). Las aplicaciones afectadas contienen una lectura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de una estructura asignada mientras analizan archivos SPP especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23803.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23803",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:49.183",
"lastModified": "2024-02-13T09:15:49.183",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0007). La aplicaci\u00f3n afectada contiene una escritura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de un b\u00fafer asignado mientras analiza un archivo SPP especialmente manipulado. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23804.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23804",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:49.373",
"lastModified": "2024-02-13T09:15:49.373",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones &lt; V2201.0012), Tecnomatix Plant Simulation V2302 (Todas las versiones &lt; V2302.0006). Las aplicaciones afectadas contienen una vulnerabilidad de desbordamiento en la regi\u00f3n stack de la memoria al analizar archivos PSOBJ especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23810.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23810",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:49.573",
"lastModified": "2024-02-13T09:15:49.573",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones &lt; V2.0 SP1). La aplicaci\u00f3n afectada es vulnerable a la inyecci\u00f3n SQL. Esto podr\u00eda permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias en la base de datos del servidor."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23811.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23811",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:49.760",
"lastModified": "2024-02-13T09:15:49.760",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones &lt; V2.0 SP1). La aplicaci\u00f3n afectada permite a los usuarios cargar archivos arbitrarios a trav\u00e9s de TFTP. Esto podr\u00eda permitir a un atacante cargar im\u00e1genes de firmware maliciosas u otros archivos, lo que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23812.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23812",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:49.953",
"lastModified": "2024-02-13T09:15:49.953",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones &lt; V2.0 SP1). La aplicaci\u00f3n afectada neutraliza incorrectamente elementos especiales al crear un informe, lo que podr\u00eda dar lugar a la inyecci\u00f3n de comandos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23813.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23813",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:50.140",
"lastModified": "2024-02-13T09:15:50.140",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Polarion ALM (todas las versiones). Los endpoints de la API REST del conector de puertas del producto afectado carecen de la autenticaci\u00f3n adecuada. Un atacante no autenticado podr\u00eda acceder a los endpoints y potencialmente ejecutar c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23816.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23816",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:50.343",
"lastModified": "2024-02-13T09:15:50.343",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en: \nLocation Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (Todas las versiones &lt; V4.3), \nLocation Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (Todas las versiones &lt; V4.3), \nLocation Intelligence Perpetual Non -Prod (9DE5110-8CA10-1AX0) (todas las versiones &lt; V4.3), \nLocation Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (todas las versiones &lt; V4.3), \nLocation Intelligence SUS Large (9DE5110-8CA13-1BX0) ( Todas las versiones &lt; V4.3), \nLocation Intelligence SUS Medium (9DE5110-8CA12-1BX0) (Todas las versiones &lt; V4.3), \nLocation Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (Todas las versiones &lt; V4.3), \nLocation Intelligence SUS Small (9DE5110-8CA11-1BX0) (Todas las versiones &lt; V4.3). \nLos productos afectados utilizan un valor secreto codificado para el c\u00e1lculo de un c\u00f3digo de autenticaci\u00f3n de mensaje hash con clave. Esto podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso administrativo completo a la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23833.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23833",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-12T21:15:08.760",
"lastModified": "2024-02-12T21:15:08.760",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "OpenRefine es una poderosa herramienta gratuita y de c\u00f3digo abierto para trabajar con datos desordenados y mejorarlos. Existe una vulnerabilidad de ataque jdbc en OpenRefine (versi\u00f3n &lt;= 3.7.7) donde un atacante puede construir una consulta JDBC que puede leer archivos en el sistema de archivos del host. Debido a la librer\u00eda de controladores MySQL m\u00e1s nueva en la \u00faltima versi\u00f3n de OpenRefine (8.0.30), no hay ning\u00fan punto de utilizaci\u00f3n de deserializaci\u00f3n asociado, por lo que no se puede lograr la ejecuci\u00f3n del c\u00f3digo original, pero los atacantes pueden usar esta vulnerabilidad para leer archivos confidenciales en el servidor de destino. Este problema se solucion\u00f3 en la versi\u00f3n 3.7.8. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-243xx/CVE-2024-24337.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24337",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.430",
"lastModified": "2024-02-12T22:15:08.430",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CSV en los endpoints '/members/moremember.pl' y '/admin/aqbudgets.pl' en Koha Library Management System versi\u00f3n 23.05.05 y anteriores permite a los atacantes inyectar comandos DDE en exportaciones csv a trav\u00e9s de los componentes 'Budget' y 'Patrons Member'."
}
],
"metrics": {},

60
CVE-2024/CVE-2024-245xx/CVE-2024-24595.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24595",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-05T22:16:08.480",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T14:08:55.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Allegro AI\u2019s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.\n"
},
{
"lang": "es",
"value": "La versi\u00f3n de c\u00f3digo abierto de ClearML de Allegro AI almacena contrase\u00f1as en texto plano dentro de la instancia de MongoDB, lo que da como resultado que un servidor comprometido filtre todos los correos electr\u00f3nicos y contrase\u00f1as de los usuarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clear:clearml:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8EB0BF-75B9-4B0E-9129-0508A2742B27"
}
]
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-247xx/CVE-2024-24739.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24739",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T03:15:08.780",
"lastModified": "2024-02-13T03:15:08.780",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.\n\n"
},
{
"lang": "es",
"value": "SAP Bank Account Management (BAM) permite que un usuario autenticado con acceso restringido utilice funciones que pueden resultar en una escalada de privilegios con bajo impacto en la confidencialidad, integridad y disponibilidad de la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-247xx/CVE-2024-24740.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24740",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T03:15:08.987",
"lastModified": "2024-02-13T03:15:08.987",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions,\u00a0allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.\n\n"
},
{
"lang": "es",
"value": "SAP NetWeaver Application Server (ABAP): versiones KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, bajo ciertas condiciones, permite a un atacante acceder a informaci\u00f3n que de otro modo podr\u00eda estar restringida con baja impacto en la confidencialidad de la solicitud."
}
],
"metrics": {

8
CVE-2024/CVE-2024-247xx/CVE-2024-24741.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24741",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T04:15:08.340",
"lastModified": "2024-02-13T04:15:08.340",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.\n\n"
},
{
"lang": "es",
"value": "SAP Master Data Governance for Material Data: versiones 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, no realiza la verificaci\u00f3n de autorizaci\u00f3n necesaria para un usuario autenticado, lo que resulta en una escalada de privilegios. Esto podr\u00eda permitir a un atacante leer informaci\u00f3n confidencial, pero no afectar\u00eda la integridad ni la disponibilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-247xx/CVE-2024-24742.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24742",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T03:15:09.187",
"lastModified": "2024-02-13T03:15:09.187",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI\u00a0- version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability.\n\n"
},
{
"lang": "es",
"value": "UI de SAP CRM WebClient: versi\u00f3n S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, no codifica suficientemente las entradas controladas por el usuario , lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). Un atacante con pocos privilegios puede causar un impacto limitado en la integridad de los datos de la aplicaci\u00f3n despu\u00e9s de una explotaci\u00f3n exitosa. No hay ning\u00fan impacto en la confidencialidad y la disponibilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-247xx/CVE-2024-24743.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24743",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T03:15:09.393",
"lastModified": "2024-02-13T03:15:09.393",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.\n\n"
},
{
"lang": "es",
"value": "SAP NetWeaver AS Java (CAF - Procedimientos guiados): versi\u00f3n 7.50, permite a un atacante no autenticado enviar una solicitud maliciosa con un archivo XML manipulado a trav\u00e9s de la red, que cuando se analiza le permitir\u00e1 acceder a archivos y datos confidenciales, pero no modificarlos. Existen l\u00edmites de expansi\u00f3n establecidos para que la disponibilidad no se vea afectada."
}
],
"metrics": {

55
CVE-2024/CVE-2024-247xx/CVE-2024-24781.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24781",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-02-13T14:15:46.780",
"lastModified": "2024-02-13T14:15:46.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port.\u00a0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-013",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2024/CVE-2024-247xx/CVE-2024-24782.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24782",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-02-13T14:15:47.053",
"lastModified": "2024-02-13T14:15:47.053",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-013",
"source": "info@cert.vde.com"
}
]
}

8
CVE-2024/CVE-2024-248xx/CVE-2024-24826.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24826",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-12T23:15:08.643",
"lastModified": "2024-02-12T23:15:08.643",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Exiv2 es una utilidad de l\u00ednea de comandos y una librer\u00eda de C++ para leer, escribir, eliminar y modificar los metadatos de archivos de imagen. Se encontr\u00f3 una lectura fuera de los l\u00edmites en la versi\u00f3n v0.28.1 de Exiv2. La funci\u00f3n vulnerable, `QuickTimeVideo::NikonTagsDecoder`, era nueva en v0.28.0, por lo que las versiones de Exiv2 anteriores a v0.28 _no_ se ven afectadas. La lectura fuera de los l\u00edmites se activa cuando se utiliza Exiv2 para leer los metadatos de un archivo de v\u00eddeo creado. En la mayor\u00eda de los casos, esta lectura fuera de los l\u00edmites provocar\u00e1 un bloqueo. Este error se solucion\u00f3 en la versi\u00f3n v0.28.2. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-249xx/CVE-2024-24920.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24920",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:50.547",
"lastModified": "2024-02-13T09:15:50.547",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Simcenter Femap (Todas las versiones &lt; V2401.0000). La aplicaci\u00f3n afectada contiene una escritura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de un b\u00fafer asignado mientras analiza un archivo Catia MODEL especialmente manipulado. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-21710)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-249xx/CVE-2024-24921.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24921",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:50.737",
"lastModified": "2024-02-13T09:15:50.737",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Simcenter Femap (Todas las versiones &lt; V2401.0000). La aplicaci\u00f3n afectada es vulnerable a la corrupci\u00f3n de la memoria al analizar archivos Catia MODEL especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-21712)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-249xx/CVE-2024-24922.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24922",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:50.937",
"lastModified": "2024-02-13T09:15:50.937",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Simcenter Femap (Todas las versiones &lt; V2401.0000). La aplicaci\u00f3n afectada contiene una escritura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de un b\u00fafer asignado mientras analiza un archivo Catia MODEL especialmente manipulado. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-21715)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-249xx/CVE-2024-24923.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24923",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:51.130",
"lastModified": "2024-02-13T09:15:51.130",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Simcenter Femap (Todas las versiones &lt; V2401.0000), Simcenter Femap (Todas las versiones &lt; V2306.0001). Las aplicaciones afectadas contienen una lectura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de una estructura asignada mientras analizan archivos Catia MODEL especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-22055)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-249xx/CVE-2024-24924.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24924",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:51.353",
"lastModified": "2024-02-13T09:15:51.353",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Simcenter Femap (Todas las versiones &lt; V2306.0000). La aplicaci\u00f3n afectada contiene una escritura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de un b\u00fafer asignado mientras analiza un archivo Catia MODEL especialmente manipulado. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-22059)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-249xx/CVE-2024-24925.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24925",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:51.577",
"lastModified": "2024-02-13T09:15:51.577",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Simcenter Femap (Todas las versiones &lt; V2306.0000). La aplicaci\u00f3n afectada es vulnerable al acceso al puntero no inicializado mientras analiza archivos Catia MODEL especialmente manipulados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-22060)"
}
],
"metrics": {

8
CVE-2024/CVE-2024-251xx/CVE-2024-25112.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25112",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-12T23:15:08.853",
"lastModified": "2024-02-12T23:15:08.853",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Exiv2 es una utilidad de l\u00ednea de comandos y una librer\u00eda de C++ para leer, escribir, eliminar y modificar los metadatos de archivos de imagen. Se encontr\u00f3 una denegaci\u00f3n de servicio en la versi\u00f3n v0.28.1 de Exiv2: una recursividad ilimitada puede provocar que Exiv2 falle al agotar la pila. La funci\u00f3n vulnerable, `QuickTimeVideo::multipleEntriesDecoder`, era nueva en v0.28.0, por lo que las versiones de Exiv2 anteriores a v0.28 _no_ se ven afectadas. La denegaci\u00f3n de servicio se activa cuando se utiliza Exiv2 para leer los metadatos de un archivo de v\u00eddeo creado. Este error se solucion\u00f3 en la versi\u00f3n v0.28.2. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-254xx/CVE-2024-25407.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25407",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:08.470",
"lastModified": "2024-02-13T01:15:08.470",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SteVe v3.6.0 utiliza ID de transacci\u00f3n predecibles al recibir una solicitud StartTransaction. Esta vulnerabilidad puede permitir a los atacantes provocar una denegaci\u00f3n de servicio (DoS) utilizando los ID de transacci\u00f3n previstos para finalizar otras transacciones."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-256xx/CVE-2024-25642.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25642",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T03:15:09.613",
"lastModified": "2024-02-13T03:15:09.613",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:40.577",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.\n\n"
},
{
"lang": "es",
"value": "Debido a una validaci\u00f3n incorrecta del certificado en SAP Cloud Connector - versi\u00f3n 2.0, el atacante puede hacerse pasar por los servidores genuinos para interactuar con SCC rompiendo la autenticaci\u00f3n mutua. Por lo tanto, el atacante puede interceptar la solicitud para ver/modificar informaci\u00f3n confidencial. No hay ning\u00fan impacto en la disponibilidad del sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-256xx/CVE-2024-25643.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25643",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T04:15:08.590",
"lastModified": "2024-02-13T04:15:08.590",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n SAP Fiori (Mi solicitud de horas extras), versi\u00f3n 605, no realiza las comprobaciones de autorizaci\u00f3n necesarias para un usuario autenticado, lo que puede dar lugar a una escalada de privilegios. Es posible manipular las URL de solicitudes de datos para acceder a informaci\u00f3n a la que el usuario no deber\u00eda tener acceso. No hay ning\u00fan impacto en la integridad y la disponibilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-259xx/CVE-2024-25914.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25914",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-13T05:15:09.320",
"lastModified": "2024-02-13T05:15:09.320",
"vulnStatus": "Received",
"lastModified": "2024-02-13T14:01:07.747",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Photoboxone SMTP Mail. Este problema afecta a SMTP Mail: desde n/a hasta 1.3.20."
}
],
"metrics": {

88
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-13T11:00:25.350837+00:00
2024-02-13T15:00:24.887578+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-13T10:15:08.783000+00:00
2024-02-13T14:50:45.737000+00:00
```
### Last Data Feed Release
@ -29,63 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238275
238284
```
### CVEs added in the last Commit
Recently added CVEs: `32`
Recently added CVEs: `9`
* [CVE-2024-22043](CVE-2024/CVE-2024-220xx/CVE-2024-22043.json) (`2024-02-13T09:15:47.360`)
* [CVE-2024-23795](CVE-2024/CVE-2024-237xx/CVE-2024-23795.json) (`2024-02-13T09:15:47.550`)
* [CVE-2024-23796](CVE-2024/CVE-2024-237xx/CVE-2024-23796.json) (`2024-02-13T09:15:47.737`)
* [CVE-2024-23797](CVE-2024/CVE-2024-237xx/CVE-2024-23797.json) (`2024-02-13T09:15:47.983`)
* [CVE-2024-23798](CVE-2024/CVE-2024-237xx/CVE-2024-23798.json) (`2024-02-13T09:15:48.170`)
* [CVE-2024-23799](CVE-2024/CVE-2024-237xx/CVE-2024-23799.json) (`2024-02-13T09:15:48.380`)
* [CVE-2024-23800](CVE-2024/CVE-2024-238xx/CVE-2024-23800.json) (`2024-02-13T09:15:48.573`)
* [CVE-2024-23801](CVE-2024/CVE-2024-238xx/CVE-2024-23801.json) (`2024-02-13T09:15:48.807`)
* [CVE-2024-23802](CVE-2024/CVE-2024-238xx/CVE-2024-23802.json) (`2024-02-13T09:15:49.000`)
* [CVE-2024-23803](CVE-2024/CVE-2024-238xx/CVE-2024-23803.json) (`2024-02-13T09:15:49.183`)
* [CVE-2024-23804](CVE-2024/CVE-2024-238xx/CVE-2024-23804.json) (`2024-02-13T09:15:49.373`)
* [CVE-2024-23810](CVE-2024/CVE-2024-238xx/CVE-2024-23810.json) (`2024-02-13T09:15:49.573`)
* [CVE-2024-23811](CVE-2024/CVE-2024-238xx/CVE-2024-23811.json) (`2024-02-13T09:15:49.760`)
* [CVE-2024-23812](CVE-2024/CVE-2024-238xx/CVE-2024-23812.json) (`2024-02-13T09:15:49.953`)
* [CVE-2024-23813](CVE-2024/CVE-2024-238xx/CVE-2024-23813.json) (`2024-02-13T09:15:50.140`)
* [CVE-2024-23816](CVE-2024/CVE-2024-238xx/CVE-2024-23816.json) (`2024-02-13T09:15:50.343`)
* [CVE-2024-24920](CVE-2024/CVE-2024-249xx/CVE-2024-24920.json) (`2024-02-13T09:15:50.547`)
* [CVE-2024-24921](CVE-2024/CVE-2024-249xx/CVE-2024-24921.json) (`2024-02-13T09:15:50.737`)
* [CVE-2024-24922](CVE-2024/CVE-2024-249xx/CVE-2024-24922.json) (`2024-02-13T09:15:50.937`)
* [CVE-2024-24923](CVE-2024/CVE-2024-249xx/CVE-2024-24923.json) (`2024-02-13T09:15:51.130`)
* [CVE-2024-24924](CVE-2024/CVE-2024-249xx/CVE-2024-24924.json) (`2024-02-13T09:15:51.353`)
* [CVE-2024-24925](CVE-2024/CVE-2024-249xx/CVE-2024-24925.json) (`2024-02-13T09:15:51.577`)
* [CVE-2024-1157](CVE-2024/CVE-2024-11xx/CVE-2024-1157.json) (`2024-02-13T10:15:08.433`)
* [CVE-2024-1159](CVE-2024/CVE-2024-11xx/CVE-2024-1159.json) (`2024-02-13T10:15:08.603`)
* [CVE-2024-1160](CVE-2024/CVE-2024-11xx/CVE-2024-1160.json) (`2024-02-13T10:15:08.783`)
* [CVE-2023-4408](CVE-2023/CVE-2023-44xx/CVE-2023-4408.json) (`2024-02-13T14:15:45.253`)
* [CVE-2023-5517](CVE-2023/CVE-2023-55xx/CVE-2023-5517.json) (`2024-02-13T14:15:45.510`)
* [CVE-2023-5679](CVE-2023/CVE-2023-56xx/CVE-2023-5679.json) (`2024-02-13T14:15:45.677`)
* [CVE-2023-5680](CVE-2023/CVE-2023-56xx/CVE-2023-5680.json) (`2024-02-13T14:15:45.850`)
* [CVE-2023-6516](CVE-2023/CVE-2023-65xx/CVE-2023-6516.json) (`2024-02-13T14:15:46.030`)
* [CVE-2024-0707](CVE-2024/CVE-2024-07xx/CVE-2024-0707.json) (`2024-02-13T14:15:46.257`)
* [CVE-2024-1309](CVE-2024/CVE-2024-13xx/CVE-2024-1309.json) (`2024-02-13T14:15:46.463`)
* [CVE-2024-24781](CVE-2024/CVE-2024-247xx/CVE-2024-24781.json) (`2024-02-13T14:15:46.780`)
* [CVE-2024-24782](CVE-2024/CVE-2024-247xx/CVE-2024-24782.json) (`2024-02-13T14:15:47.053`)
### CVEs modified in the last Commit
Recently modified CVEs: `19`
Recently modified CVEs: `87`
* [CVE-2019-13939](CVE-2019/CVE-2019-139xx/CVE-2019-13939.json) (`2024-02-13T09:15:42.770`)
* [CVE-2021-25663](CVE-2021/CVE-2021-256xx/CVE-2021-25663.json) (`2024-02-13T09:15:43.143`)
* [CVE-2021-25664](CVE-2021/CVE-2021-256xx/CVE-2021-25664.json) (`2024-02-13T09:15:43.397`)
* [CVE-2023-28831](CVE-2023/CVE-2023-288xx/CVE-2023-28831.json) (`2024-02-13T09:15:43.637`)
* [CVE-2023-44317](CVE-2023/CVE-2023-443xx/CVE-2023-44317.json) (`2024-02-13T09:15:43.880`)
* [CVE-2023-44319](CVE-2023/CVE-2023-443xx/CVE-2023-44319.json) (`2024-02-13T09:15:44.103`)
* [CVE-2023-44320](CVE-2023/CVE-2023-443xx/CVE-2023-44320.json) (`2024-02-13T09:15:44.340`)
* [CVE-2023-44321](CVE-2023/CVE-2023-443xx/CVE-2023-44321.json) (`2024-02-13T09:15:44.537`)
* [CVE-2023-44322](CVE-2023/CVE-2023-443xx/CVE-2023-44322.json) (`2024-02-13T09:15:44.733`)
* [CVE-2023-44373](CVE-2023/CVE-2023-443xx/CVE-2023-44373.json) (`2024-02-13T09:15:44.957`)
* [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2024-02-13T09:15:45.187`)
* [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2024-02-13T09:15:45.337`)
* [CVE-2023-46283](CVE-2023/CVE-2023-462xx/CVE-2023-46283.json) (`2024-02-13T09:15:45.443`)
* [CVE-2023-46284](CVE-2023/CVE-2023-462xx/CVE-2023-46284.json) (`2024-02-13T09:15:45.553`)
* [CVE-2023-46285](CVE-2023/CVE-2023-462xx/CVE-2023-46285.json) (`2024-02-13T09:15:45.660`)
* [CVE-2023-49691](CVE-2023/CVE-2023-496xx/CVE-2023-49691.json) (`2024-02-13T09:15:46.373`)
* [CVE-2023-49692](CVE-2023/CVE-2023-496xx/CVE-2023-49692.json) (`2024-02-13T09:15:46.507`)
* [CVE-2023-0076](CVE-2023/CVE-2023-00xx/CVE-2023-0076.json) (`2024-02-13T10:15:08.120`)
* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-02-13T09:15:47.017`)
* [CVE-2024-24740](CVE-2024/CVE-2024-247xx/CVE-2024-24740.json) (`2024-02-13T14:01:40.577`)
* [CVE-2024-24742](CVE-2024/CVE-2024-247xx/CVE-2024-24742.json) (`2024-02-13T14:01:40.577`)
* [CVE-2024-24743](CVE-2024/CVE-2024-247xx/CVE-2024-24743.json) (`2024-02-13T14:01:40.577`)
* [CVE-2024-25642](CVE-2024/CVE-2024-256xx/CVE-2024-25642.json) (`2024-02-13T14:01:40.577`)
* [CVE-2024-22129](CVE-2024/CVE-2024-221xx/CVE-2024-22129.json) (`2024-02-13T14:01:40.577`)
* [CVE-2024-24741](CVE-2024/CVE-2024-247xx/CVE-2024-24741.json) (`2024-02-13T14:01:40.577`)
* [CVE-2024-1250](CVE-2024/CVE-2024-12xx/CVE-2024-1250.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-1459](CVE-2024/CVE-2024-14xx/CVE-2024-1459.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-23833](CVE-2024/CVE-2024-238xx/CVE-2024-23833.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-23759](CVE-2024/CVE-2024-237xx/CVE-2024-23759.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-23760](CVE-2024/CVE-2024-237xx/CVE-2024-23760.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-23761](CVE-2024/CVE-2024-237xx/CVE-2024-23761.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-23762](CVE-2024/CVE-2024-237xx/CVE-2024-23762.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-23763](CVE-2024/CVE-2024-237xx/CVE-2024-23763.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-24337](CVE-2024/CVE-2024-243xx/CVE-2024-24337.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-1454](CVE-2024/CVE-2024-14xx/CVE-2024-1454.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-24826](CVE-2024/CVE-2024-248xx/CVE-2024-24826.json) (`2024-02-13T14:01:49.147`)
* [CVE-2024-0585](CVE-2024/CVE-2024-05xx/CVE-2024-0585.json) (`2024-02-13T14:04:59.323`)
* [CVE-2024-0586](CVE-2024/CVE-2024-05xx/CVE-2024-0586.json) (`2024-02-13T14:05:10.647`)
* [CVE-2024-0597](CVE-2024/CVE-2024-05xx/CVE-2024-0597.json) (`2024-02-13T14:05:27.427`)
* [CVE-2024-0660](CVE-2024/CVE-2024-06xx/CVE-2024-0660.json) (`2024-02-13T14:05:53.893`)
* [CVE-2024-1177](CVE-2024/CVE-2024-11xx/CVE-2024-1177.json) (`2024-02-13T14:06:04.817`)
* [CVE-2024-1208](CVE-2024/CVE-2024-12xx/CVE-2024-1208.json) (`2024-02-13T14:06:24.090`)
* [CVE-2024-24595](CVE-2024/CVE-2024-245xx/CVE-2024-24595.json) (`2024-02-13T14:08:55.650`)
* [CVE-2024-1432](CVE-2024/CVE-2024-14xx/CVE-2024-1432.json) (`2024-02-13T14:15:46.667`)
## Download and Usage