admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-16T15:00:18.903049+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-16 15:00:22 +00:00
parent 3e989ea50d
commit 4a65fbaea9
53 changed files with 13224 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2020/CVE-2020-72xx/CVE-2020-7269.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-7269",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2021-04-15T08:15:12.823",
"lastModified": "2023-11-07T03:25:48.710",
"vulnStatus": "Modified",
"lastModified": "2023-11-16T14:24:35.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 1.4
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -116,7 +126,11 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10336",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

24
CVE-2020/CVE-2020-72xx/CVE-2020-7270.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-7270",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2021-04-15T08:15:14.290",
"lastModified": "2023-11-07T03:25:48.990",
"vulnStatus": "Modified",
"lastModified": "2023-11-16T14:12:39.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 1.4
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -116,7 +126,11 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10336",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

24
CVE-2020/CVE-2020-73xx/CVE-2020-7308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-7308",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2021-04-15T08:15:14.370",
"lastModified": "2023-11-07T03:25:57.860",
"vulnStatus": "Modified",
"lastModified": "2023-11-16T14:22:12.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 2.5
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -201,7 +211,11 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10354",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

24
CVE-2020/CVE-2020-73xx/CVE-2020-7328.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-7328",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2020-11-11T09:15:11.547",
"lastModified": "2023-11-07T03:26:02.523",
"vulnStatus": "Modified",
"lastModified": "2023-11-16T14:12:09.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -116,7 +126,11 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10334",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

24
CVE-2020/CVE-2020-73xx/CVE-2020-7329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-7329",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2020-11-11T10:15:11.257",
"lastModified": "2023-11-07T03:26:02.780",
"vulnStatus": "Modified",
"lastModified": "2023-11-16T14:23:13.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,17 @@
},
"weaknesses": [
{
"source": "01626437-bf8f-4d1c-912a-893b5eb04808",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
@ -116,7 +126,11 @@
"references": [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10334",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

8
CVE-2021/CVE-2021-354xx/CVE-2021-35437.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-35437",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T05:15:24.303",
"lastModified": "2023-11-16T05:15:24.303",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en LMXCMS v.1.4 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de TagsAction.class."
}
],
"metrics": {},

74
CVE-2021/CVE-2021-436xx/CVE-2021-43609.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-43609",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-09T00:15:07.663",
"lastModified": "2023-11-09T13:46:10.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T14:09:21.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Spiceworks Help Desk Server antes de la versi\u00f3n 1.3.3. Una vulnerabilidad de inyecci\u00f3n Blind Boolean SQL dentro de la funci\u00f3n order_by_for_ticket en app/models/reporting/database_query.rb permite a un atacante autenticado ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro sort. Esto se puede aprovechar para filtrar archivos locales del sistema host, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo (RCE) mediante la deserializaci\u00f3n de datos maliciosos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spiceworks:help_desk_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.3",
"matchCriteriaId": "B6C802AC-451D-4258-9462-4A30954FA3C8"
}
]
}
]
}
],
"references": [
{
"url": "https://community.spiceworks.com/blogs/help-desk-server-release-notes/3610-1-3-2-1-3-3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/d5sec/CVE-2021-43609-POC",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.linkedin.com/pulse/cve-2021-43609-write-up-division5-security-4lgwe",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-260xx/CVE-2023-26031.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-26031",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-16T09:15:06.920",
"lastModified": "2023-11-16T09:15:06.920",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.\n\nHadoop 3.3.0 updated the \" YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html \" to add a feature for executing user-submitted applications in isolated linux containers.\n\nThe native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.\n\nThe patch \" YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable\" modified the library loading path for loading .so files from \"$ORIGIN/\" to \"\"$ORIGIN/:../lib/native/\". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.\nIf the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.\n\nThe fix for the vulnerability is to revert the change, which is done in YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , \"Revert YARN-10495\". This patch is in hadoop-3.3.5.\n\nTo determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path \"./lib/native/\" then it is at risk\n\n$ readelf -d container-executor|grep 'RUNPATH\\|RPATH' \n0x000000000000001d (RUNPATH) \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Library runpath: [$ORIGIN/:../lib/native/]\n\nIf it does not, then it is safe:\n\n$ readelf -d container-executor|grep 'RUNPATH\\|RPATH' \n0x000000000000001d (RUNPATH) \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Library runpath: [$ORIGIN/]\n\nFor an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set\n\n$ ls -laF /opt/hadoop/bin/container-executor\n---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\n\nA safe installation lacks the suid bit; ideally is also not owned by root.\n\n$ ls -laF /opt/hadoop/bin/container-executor\n-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor\n\nThis configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.\n\n"
},
{
"lang": "es",
"value": "La resoluci\u00f3n relativa de la librer\u00eda en el binario contenedor-ejecutor de Linux en Apache Hadoop 3.3.1-3.3.4 en Linux permite al usuario local obtener privilegios de root. Si el cl\u00faster YARN acepta trabajo de usuarios remotos (autenticados), esto PUEDE permitir que los usuarios remotos obtengan privilegios de root. Hadoop 3.3.0 actualiz\u00f3 \" YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html \" para agregar una funci\u00f3n para ejecutar aplicaciones enviadas por el usuario de forma aislada contenedores de Linux. El binario nativo HADOOP_HOME/bin/container-executor se utiliza para lanzar estos contenedores; debe ser propiedad de root y tener el bit suid configurado para que los procesos YARN ejecuten los contenedores como los usuarios espec\u00edficos que env\u00edan los trabajos. El parche \"YARN-10495 https://issues.apache.org/jira/browse/YARN-10495. make the rpath of container-executor configurable\" modific\u00f3 la ruta de carga de la librer\u00eda para cargar archivos .so de \"$ORIGIN/\" a \"\"$ORIGIN/:../lib/native/\". Esta es la ruta a trav\u00e9s de la cual se encuentra libcrypto.so. Por lo tanto, es posible que un usuario con privilegios reducidos instale una librer\u00eda libcrypto maliciosa en una ruta a la que tienen acceso de escritura, invocan el comando contenedor-ejecutor y ejecutan su librer\u00eda modificada como root. Si el cl\u00faster YARN acepta trabajo de usuarios remotos (autenticados) y el trabajo enviado por estos usuarios se ejecuta en el host f\u00edsico, en lugar de un contenedor, entonces el CVE permite a los usuarios remotos obtener privilegios de root. La soluci\u00f3n para la vulnerabilidad es revertir el cambio, lo cual se realiza en YARN-11441 https://issues.apache.org/jira/browse/YARN-11441, \"Revertir YARN-10495\". Este parche est\u00e1 en hadoop-3.3.5. Para determinar si una versi\u00f3n de container-executor es vulnerable, utilice el comando readelf. Si el valor RUNPATH o RPATH contiene la ruta relativa \"./lib/native/\", entonces est\u00e1 en riesgo $ readelf -d container-executor|grep 'RUNPATH\\|RPATH' 0x0000000000000001d (RUNPATH) Ruta de ejecuci\u00f3n de la librer\u00eda: [$ORIGIN/: ../lib/native/] Si no es as\u00ed, entonces es seguro: $ readelf -d container-executor|grep 'RUNPATH\\|RPATH' 0x000000000000001d (RUNPATH) Ruta de ejecuci\u00f3n de la librer\u00eda: [$ORIGIN/] Para un sitio en riesgo versi\u00f3n de container-executor para habilitar la escalada de privilegios, el propietario debe ser root y el bit suid debe estar configurado $ ls -laF /opt/hadoop/bin/container-executor ---Sr-s---. 1 root hadoop 802968 9 de mayo 20:21 /opt/hadoop/bin/container-executor Una instalaci\u00f3n segura carece del bit suid; Lo ideal es que tampoco sea propiedad de root. $ ls -laF /opt/hadoop/bin/container-executor -rwxr-xr-x. 1 hilo hadoop 802968 9 de mayo 20:21 /opt/hadoop/bin/container-executor Esta configuraci\u00f3n no admite Contenedores Seguros Yarn, pero todos los dem\u00e1s servicios de hadoop, incluida la ejecuci\u00f3n de trabajos YARN fuera de contenedores seguros, contin\u00faan funcionando."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-324xx/CVE-2023-32469.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32469",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-16T09:15:07.077",
"lastModified": "2023-11-16T09:15:07.077",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.\n\n"
},
{
"lang": "es",
"value": "El BIOS Dell Precision Tower contiene una vulnerabilidad de validaci\u00f3n de entrada incorrecta. Un usuario malicioso autenticado localmente con privilegios de administrador podr\u00eda explotar esta vulnerabilidad para realizar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

8
CVE-2023/CVE-2023-392xx/CVE-2023-39246.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39246",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-16T09:15:07.283",
"lastModified": "2023-11-16T09:15:07.283",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation\n\n"
},
{
"lang": "es",
"value": "Dell Encryption, Dell Endpoint Security Suite Enterprise y Dell Security Management Server versiones anteriores a 11.8.1 contienen una vulnerabilidad de operaci\u00f3n insegura en Windows Junction durante la instalaci\u00f3n. Un usuario malintencionado local podr\u00eda explotar esta vulnerabilidad para crear una carpeta arbitraria dentro de un directorio restringido, lo que provocar\u00eda una escalada de privilegios."
}
],
"metrics": {

8
CVE-2023/CVE-2023-392xx/CVE-2023-39259.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39259",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-16T09:15:07.473",
"lastModified": "2023-11-16T09:15:07.473",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.\n\n"
},
{
"lang": "es",
"value": "Dell OS Recovery Tool en versiones 2.2.4013, 2.3.7012.0 y 2.3.7515.0, contienen una vulnerabilidad de control de acceso inadecuado. Un usuario local autenticado que no sea administrador podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la elevaci\u00f3n de privilegios en el sistema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-432xx/CVE-2023-43275.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43275",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T05:15:29.880",
"lastModified": "2023-11-16T05:15:29.880",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form."
},
{
"lang": "es",
"value": "Vulnerabilidad deCross-Site Request Forgery (CSRF) en DedeCMS v5.7 en la interfaz de administraci\u00f3n de backend 110 a trav\u00e9s de /catalog_add.php, permite a los atacantes crear p\u00e1ginas web manipuladas debido a la falta de verificaci\u00f3n del valor del token del formulario enviado."
}
],
"metrics": {},

3144
CVE-2023/CVE-2023-435xx/CVE-2023-43567.json
View File

File diff suppressed because it is too large Load Diff

3144
CVE-2023/CVE-2023-435xx/CVE-2023-43568.json
View File

File diff suppressed because it is too large Load Diff

3144
CVE-2023/CVE-2023-435xx/CVE-2023-43569.json
View File

File diff suppressed because it is too large Load Diff

3144
CVE-2023/CVE-2023-435xx/CVE-2023-43570.json
View File

File diff suppressed because it is too large Load Diff

8
CVE-2023/CVE-2023-437xx/CVE-2023-43752.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43752",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-16T07:15:07.203",
"lastModified": "2023-11-16T07:15:07.203",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en WRC-X3000GS2-W v1.05 y anteriores, WRC-X3000GS2-B v1.05 y anteriores, y WRC-X3000GS2A-B v1.05 y anteriores permite que un usuario autenticado adyacente a la red ejecute un sistema operativo arbitrario comando enviando una solicitud especialmente manipulada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-437xx/CVE-2023-43757.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43757",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-16T07:15:08.600",
"lastModified": "2023-11-16T07:15:08.600",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section."
},
{
"lang": "es",
"value": "Vulnerabilidad de fuerza de cifrado inadecuada en m\u00faltiples routers proporcionados por ELECOM CO.,LTD. y LOGITEC CORPORATION permite que un atacante no autenticado adyacente a la red adivine la clave de cifrado utilizada para la comunicaci\u00f3n LAN inal\u00e1mbrica e intercepte la comunicaci\u00f3n. En cuanto a los productos/versiones afectados, consulte la informaci\u00f3n proporcionada por el proveedor en la secci\u00f3n [Referencias]."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-442xx/CVE-2023-44282.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44282",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-16T10:15:07.743",
"lastModified": "2023-11-16T10:15:07.743",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Repository Manager en versiones 3.4.3 y anteriores, contiene una vulnerabilidad de control de acceso inadecuado en su m\u00f3dulo de instalaci\u00f3n. Un atacante local con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a obtener privilegios aumentados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-442xx/CVE-2023-44292.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44292",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-16T10:15:08.337",
"lastModified": "2023-11-16T10:15:08.337",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Repository Manager en versiones 3.4.3 y anteriores, contiene una vulnerabilidad de control de acceso inadecuado en su m\u00f3dulo de instalaci\u00f3n. Un atacante local con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a obtener privilegios aumentados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-442xx/CVE-2023-44296.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44296",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-16T08:15:31.300",
"lastModified": "2023-11-16T08:15:31.300",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.\n\n"
},
{
"lang": "es",
"value": "Dell ELab-Navigator, versi\u00f3n 3.1.9, contiene una vulnerabilidad de credencial codificada. Un atacante local podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda un acceso no autorizado a datos confidenciales. La explotaci\u00f3n exitosa puede resultar en el compromiso de la informaci\u00f3n confidencial del usuario."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44336.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44336",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:08.890",
"lastModified": "2023-11-16T10:15:08.890",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44337.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44337",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:09.600",
"lastModified": "2023-11-16T10:15:09.600",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda provocar una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44338.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44338",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:10.187",
"lastModified": "2023-11-16T10:15:10.187",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda provocar una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44339.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44339",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:10.717",
"lastModified": "2023-11-16T10:15:10.717",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44340.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44340",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:11.347",
"lastModified": "2023-11-16T10:15:11.347",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44348.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44348",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:12.063",
"lastModified": "2023-11-16T10:15:12.063",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44356.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44356",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:12.640",
"lastModified": "2023-11-16T10:15:12.640",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44357.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44357",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:13.173",
"lastModified": "2023-11-16T10:15:13.173",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44358.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44358",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:13.740",
"lastModified": "2023-11-16T10:15:13.740",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44359.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44359",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:14.283",
"lastModified": "2023-11-16T10:15:14.283",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44360.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44360",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:14.910",
"lastModified": "2023-11-16T10:15:14.910",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44361.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44361",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:15.510",
"lastModified": "2023-11-16T10:15:15.510",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44365.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44365",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:16.127",
"lastModified": "2023-11-16T10:15:16.127",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de Acceso al Puntero No Inicializado que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44366.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44366",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:16.720",
"lastModified": "2023-11-16T10:15:16.720",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44367.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44367",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:17.400",
"lastModified": "2023-11-16T10:15:17.400",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44371.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44371",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:17.983",
"lastModified": "2023-11-16T10:15:17.983",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44372.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44372",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:18.533",
"lastModified": "2023-11-16T10:15:18.533",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 23.006.20360 (y anteriores) y 20.005.30524 (y anteriores) de Adobe Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

72
CVE-2023/CVE-2023-467xx/CVE-2023-46772.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-46772",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-11-08T10:15:10.293",
"lastModified": "2023-11-08T14:00:53.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T14:46:51.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data."
},
{
"lang": "es",
"value": "Vulnerabilidad de que los par\u00e1metros est\u00e9n fuera del rango de valores en el m\u00f3dulo de servicio QMI. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar errores al leer los datos del archivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/11/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Not Applicable"
]
}
]
}

8
CVE-2023/CVE-2023-470xx/CVE-2023-47003.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47003",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T05:15:29.927",
"lastModified": "2023-11-16T05:15:29.927",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted."
},
{
"lang": "es",
"value": "Un problema en RedisGraph v.2.12.10 permite a un atacante ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio a trav\u00e9s de una cadena manipulada en DataBlock_ItemIsDeleted."
}
],
"metrics": {},

62
CVE-2023/CVE-2023-471xx/CVE-2023-47107.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47107",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-08T16:15:10.833",
"lastModified": "2023-11-08T17:25:02.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T14:27:03.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. This only affects local user accounts and requires the password reset option to be enabled. This issue has been patched in version 2.3.0."
},
{
"lang": "es",
"value": "PILOS es una interfaz de c\u00f3digo abierto para servidores BigBlueButton con un balanceador de carga integrado. El componente de restablecimiento de contrase\u00f1a implementado en PILOS utiliza el nombre de host proporcionado en el encabezado del host de solicitud al crear una URL de restablecimiento de contrase\u00f1a. Es posible manipular la URL enviada a los usuarios de PILOS para que apunte al servidor del atacante, revelando as\u00ed el token de restablecimiento de contrase\u00f1a si se sigue el enlace. Esto solo afecta a las cuentas de usuarios locales y requiere que est\u00e9 habilitada la opci\u00f3n de restablecimiento de contrase\u00f1a. Este problema se solucion\u00f3 en la versi\u00f3n 2.3.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +84,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thm:pilos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.3.0",
"matchCriteriaId": "5E1B6E9C-3828-4FE5-96BC-A2FAA17DF189"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/THM-Health/PILOS/security/advisories/GHSA-mc6f-fj9h-5735",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-472xx/CVE-2023-47213.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47213",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-16T08:15:32.840",
"lastModified": "2023-11-16T08:15:32.840",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround."
},
{
"lang": "es",
"value": "Los DVR de First Corporation utilizan una contrase\u00f1a codificada, lo que puede permitir que un atacante remoto no autenticado reescriba u obtenga la informaci\u00f3n de configuraci\u00f3n del dispositivo afectado. Tenga en cuenta que las actualizaciones se proporcionan solo para los modelos m\u00e1s recientes de CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB y MD-808AB. En cuanto a los dem\u00e1s productos, aplique workaround."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-472xx/CVE-2023-47263.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47263",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T03:15:07.290",
"lastModified": "2023-11-16T03:15:07.290",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio (DoS) en el motor antivirus al escanear un archivo PE32 difuso. Esto afecta a: \nWithSecure Client Security 15, \nWithSecure Server Security 15, \nWithSecure Email and Server Security 15, \nWithSecure Elements Endpoint Protection 17 y posteriores, \nWithSecure Client Security for Mac 15, \nWithSecure Elements Endpoint Protection for Mac 17 y posteriores, \nWithSecure Linux Security 64 12.0, \nWithSecure Linux Protection 12.0, \nWithSecure Atlant (formerly F-Secure Atlant) 15 y posteriores."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-472xx/CVE-2023-47264.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47264",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T03:15:07.347",
"lastModified": "2023-11-16T03:15:07.347",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure tienen una sobrelectura del b\u00fafer por lo que el procesamiento de ciertos tipos de archivos fuzz puede provocar una denegaci\u00f3n de servicio (DoS). Esto afecta a: \nWithSecure Client Security 15, \nWithSecure Server Security 15, \nWithSecure Email and Server Security 15, \nWithSecure Elements Endpoint Protection 17 y posteriores, \nWithSecure Client Security for Mac 15, \nWithSecure Elements Endpoint Protection for Mac 17 y posteriores, \nWithSecure Linux Security 64 12.0, \nWithSecure Linux Protection 12.0, \nWithSecure Atlant (formerly F-Secure Atlant) 15 y posteriores."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-473xx/CVE-2023-47335.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47335",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T06:15:31.923",
"lastModified": "2023-11-16T06:15:31.923",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones."
},
{
"lang": "es",
"value": "Permisos inseguros en la funci\u00f3n setNFZEnable del dron Autel Robotics EVO Nano v1.6.5 permite a los atacantes traspasar la geocerca y volar a zonas de exclusi\u00f3n a\u00e9rea."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-474xx/CVE-2023-47470.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47470",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T03:15:07.400",
"lastModified": "2023-11-16T03:15:07.400",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c"
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en Ffmpeg anterior al commit de github 4565747056a11356210ed8edcecb920105e40b60 permite a un atacante remoto lograr una escritura fuera de matriz, ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n ref_pic_list_struct en libavcodec/evc_ps.c"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-474xx/CVE-2023-47471.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47471",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T04:15:06.857",
"lastModified": "2023-11-16T04:15:06.857",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en strukturag libde265 v1.10.12 permite que un atacante local provoque una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n slice_segment_header en el componente slice.cc."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-476xx/CVE-2023-47674.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47674",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-16T08:15:33.147",
"lastModified": "2023-11-16T08:15:33.147",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround."
},
{
"lang": "es",
"value": "La falta de autenticaci\u00f3n para una vulnerabilidad de funci\u00f3n cr\u00edtica en los DVR de First Corporation permite que un atacante remoto no autenticado reescriba u obtenga la informaci\u00f3n de configuraci\u00f3n del dispositivo afectado. Tenga en cuenta que las actualizaciones se proporcionan solo para los modelos m\u00e1s recientes de CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB y MD-808AB. En cuanto a los dem\u00e1s productos, aplique workaround."
}
],
"metrics": {},

55
CVE-2023/CVE-2023-47xx/CVE-2023-4771.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4771",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-16T14:15:28.913",
"lastModified": "2023-11-16T14:15:28.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor",
"source": "cve-coordination@incibe.es"
}
]
}

60
CVE-2023/CVE-2023-60xx/CVE-2023-6012.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6012",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-08T11:15:09.923",
"lastModified": "2023-11-08T14:00:53.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-16T14:31:29.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Lanaccess ONSAFE MonitorHM que afecta a la versi\u00f3n 3.7.0. Esta vulnerabilidad podr\u00eda llevar a un atacante remoto a explotar el elemento de la casilla de verificaci\u00f3n y realizar la ejecuci\u00f3n remota de c\u00f3digo, comprometiendo toda la infraestructura."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lanaccess:onsafe_monitorhm:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A62BF79B-A4D3-4E79-AC84-CD7E62DA5781"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-input-data-validation-lanaccess-onsafe-monitorhm-web-console",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-61xx/CVE-2023-6119.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6119",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2023-11-16T10:15:19.217",
"lastModified": "2023-11-16T10:15:19.217",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it creates during execution, allowing an attacker to take over file handles used by GetSusp. As this runs with high privileges, the attacker gains elevated permissions. The file handles are opened as read-only. \n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Gesti\u00f3n de Privilegios Inadecuada en Trellix GetSusp anterior a la versi\u00f3n 5.0.0.27 permite a un atacante local con pocos privilegios obtener acceso a archivos que normalmente requieren un nivel de privilegio m\u00e1s alto. Esto se debe a que GetSusp no protege correctamente un directorio que crea durante la ejecuci\u00f3n, lo que permite a un atacante hacerse cargo de los identificadores de archivos utilizados por GetSusp. Como esto se ejecuta con altos privilegios, el atacante obtiene permisos elevados. Los identificadores de archivos se abren como de solo lectura."
}
],
"metrics": {

8
CVE-2023/CVE-2023-61xx/CVE-2023-6174.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6174",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-11-16T12:15:07.240",
"lastModified": "2023-11-16T12:15:07.240",
"vulnStatus": "Received",
"lastModified": "2023-11-16T13:51:11.743",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file"
},
{
"lang": "es",
"value": "La falla del disector SSH en Wireshark 4.0.0 a 4.0.10 permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"
}
],
"metrics": {

35
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-16T13:00:17.786838+00:00
2023-11-16T15:00:18.903049+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-16T12:15:07.240000+00:00
2023-11-16T14:46:51.917000+00:00
```
### Last Data Feed Release
@ -29,20 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
230919
230920
```
### CVEs added in the last Commit
Recently added CVEs: `1`
* [CVE-2023-6174](CVE-2023/CVE-2023-61xx/CVE-2023-6174.json) (`2023-11-16T12:15:07.240`)
* [CVE-2023-4771](CVE-2023/CVE-2023-47xx/CVE-2023-4771.json) (`2023-11-16T14:15:28.913`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `51`
* [CVE-2023-6174](CVE-2023/CVE-2023-61xx/CVE-2023-6174.json) (`2023-11-16T13:51:11.743`)
* [CVE-2023-47263](CVE-2023/CVE-2023-472xx/CVE-2023-47263.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47264](CVE-2023/CVE-2023-472xx/CVE-2023-47264.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47470](CVE-2023/CVE-2023-474xx/CVE-2023-47470.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47471](CVE-2023/CVE-2023-474xx/CVE-2023-47471.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-43275](CVE-2023/CVE-2023-432xx/CVE-2023-43275.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47003](CVE-2023/CVE-2023-470xx/CVE-2023-47003.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47335](CVE-2023/CVE-2023-473xx/CVE-2023-47335.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-43752](CVE-2023/CVE-2023-437xx/CVE-2023-43752.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-43757](CVE-2023/CVE-2023-437xx/CVE-2023-43757.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-44296](CVE-2023/CVE-2023-442xx/CVE-2023-44296.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47213](CVE-2023/CVE-2023-472xx/CVE-2023-47213.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-47674](CVE-2023/CVE-2023-476xx/CVE-2023-47674.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-26031](CVE-2023/CVE-2023-260xx/CVE-2023-26031.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-32469](CVE-2023/CVE-2023-324xx/CVE-2023-32469.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-39246](CVE-2023/CVE-2023-392xx/CVE-2023-39246.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-39259](CVE-2023/CVE-2023-392xx/CVE-2023-39259.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-44282](CVE-2023/CVE-2023-442xx/CVE-2023-44282.json) (`2023-11-16T13:51:19.370`)
* [CVE-2023-43569](CVE-2023/CVE-2023-435xx/CVE-2023-43569.json) (`2023-11-16T14:17:19.957`)
* [CVE-2023-43570](CVE-2023/CVE-2023-435xx/CVE-2023-43570.json) (`2023-11-16T14:20:36.770`)
* [CVE-2023-43568](CVE-2023/CVE-2023-435xx/CVE-2023-43568.json) (`2023-11-16T14:24:24.567`)
* [CVE-2023-43567](CVE-2023/CVE-2023-435xx/CVE-2023-43567.json) (`2023-11-16T14:27:01.117`)
* [CVE-2023-47107](CVE-2023/CVE-2023-471xx/CVE-2023-47107.json) (`2023-11-16T14:27:03.320`)
* [CVE-2023-6012](CVE-2023/CVE-2023-60xx/CVE-2023-6012.json) (`2023-11-16T14:31:29.520`)
* [CVE-2023-46772](CVE-2023/CVE-2023-467xx/CVE-2023-46772.json) (`2023-11-16T14:46:51.917`)
## Download and Usage