admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-18T02:00:17.097301+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-18 02:03:12 +00:00
parent 10aaa318df
commit 4f3ebd6b45
652 changed files with 3041 additions and 917 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2021/CVE-2021-263xx/CVE-2021-26344.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution."
},
{
"lang": "es",
"value": "Una escritura de memoria fuera de los l\u00edmites al procesar el bloque de configuraci\u00f3n AMD PSP1 (APCB) podr\u00eda permitir que un atacante con acceso a la capacidad de modificar la imagen del BIOS y la capacidad de firmar la imagen resultante modifique potencialmente el bloque APCB, lo que resultar\u00eda en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

4
CVE-2021/CVE-2021-263xx/CVE-2021-26367.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
},
{
"lang": "es",
"value": "Un atacante malicioso en x86 puede configurar mal las regiones de memoria confiable (TMR), lo que puede permitirle establecer un rango de direcciones arbitrario para la TMR, lo que podr\u00eda provocar una p\u00e9rdida de integridad y disponibilidad."
}
],
"metrics": {

4
CVE-2021/CVE-2021-263xx/CVE-2021-26387.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected areas,\u00a0potentially leading to a loss of platform integrity."
},
{
"lang": "es",
"value": "Los controles de acceso insuficientes en el kernel ASP pueden permitir que un atacante privilegiado con acceso a las claves de firma de AMD y al men\u00fa BIOS o al shell UEFI asigne regiones DRAM en \u00e1reas protegidas, lo que podr\u00eda provocar una p\u00e9rdida de integridad de la plataforma."
}
],
"metrics": {

4
CVE-2021/CVE-2021-467xx/CVE-2021-46746.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
},
{
"lang": "es",
"value": "La falta de mecanismos de explotaci\u00f3n de protecci\u00f3n de pila en ASP Secure OS Trusted Execution Environment (TEE) puede permitir que un atacante privilegiado con acceso a las claves de firma de AMD c006Frrupt la direcci\u00f3n de retorno, provocando una saturaci\u00f3n del b\u00fafer basado en la pila, lo que podr\u00eda conducir a una denegaci\u00f3n de servicio."
}
],
"metrics": {

4
CVE-2021/CVE-2021-467xx/CVE-2021-46772.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Insufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada insuficiente en ABL puede permitir que un atacante privilegiado con acceso al men\u00fa del BIOS o al shell UEFI altere los encabezados de la estructura en la ROM SPI, lo que provoca una lectura y escritura de memoria fuera de los l\u00edmites, lo que podr\u00eda provocar da\u00f1os en la memoria o denegaci\u00f3n de servicio."
}
],
"metrics": {

2
CVE-2021/CVE-2021-475xx/CVE-2021-47584.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:52.947",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2021/CVE-2021-475xx/CVE-2021-47585.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:53.057",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2021/CVE-2021-475xx/CVE-2021-47596.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:54.197",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2021/CVE-2021-475xx/CVE-2021-47597.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:54.290",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2021/CVE-2021-476xx/CVE-2021-47622.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:02.400",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2021/CVE-2021-476xx/CVE-2021-47624.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:02.553",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-229xx/CVE-2022-22969.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@vmware.com",
"published": "2022-04-21T19:15:08.903",
"lastModified": "2023-08-08T14:22:24.967",
"vulnStatus": "Analyzed",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2022/CVE-2022-238xx/CVE-2022-23815.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution."
},
{
"lang": "es",
"value": "Una verificaci\u00f3n de los l\u00edmites inadecuada en el firmware APCB puede permitir que un atacante realice una escritura fuera de los l\u00edmites, corrompiendo la entrada APCB y potencialmente llevando a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

2
CVE-2022/CVE-2022-254xx/CVE-2022-25477.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T19:15:11.757",
"lastModified": "2024-07-03T12:53:24.977",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-254xx/CVE-2022-25478.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T19:15:11.870",
"lastModified": "2024-07-03T12:53:24.977",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-254xx/CVE-2022-25479.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T19:15:11.957",
"lastModified": "2024-07-03T12:53:24.977",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-254xx/CVE-2022-25480.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T19:15:12.037",
"lastModified": "2024-07-03T12:53:24.977",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2022/CVE-2022-274xx/CVE-2022-27486.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root`\u00a0via `execute` CLI commands."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Fortinet FortiDDoS versi\u00f3n 5.5.0 a 5.5.1, 5.4.2 a 5.4.0, 5.3.0 a 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 y 4.5.0 y FortiDDoS-F versi\u00f3n 6.3.0 a 6.3.1, 6.2.0 a 6.2.2, 6.1.0 a 6.1.4 permite una autenticaci\u00f3n atacante ejecutar c\u00f3digo de shell como \"root\" mediante comandos CLI \"ejecutar\"."
}
],
"metrics": {

4
CVE-2022/CVE-2022-33xx/CVE-2022-3399.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento Cookie Notice & Compliance for GDPR / CCPA para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'cookie_notice_options[refuse_code_head]' en versiones hasta la 2.4.17.1 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con privilegios administrativos y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a la p\u00e1gina /wp-admin/admin.php?page=cookie-notice inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {

6
CVE-2022/CVE-2022-383xx/CVE-2022-38382.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-13T02:15:04.730",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another user to obtain sensitive information. IBM X-Force ID: 233672."
},
{
"lang": "es",
"value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.23.0 no invalidan la sesi\u00f3n despu\u00e9s del cierre de sesi\u00f3n, lo que podr\u00eda permitir que otro usuario obtenga informaci\u00f3n confidencial. ID de IBM X-Force: 233672."
}
],
"metrics": {

4
CVE-2022/CVE-2022-458xx/CVE-2022-45862.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials."
},
{
"lang": "es",
"value": "Una vulnerabilidad de caducidad de sesi\u00f3n insuficiente [CWE-613] en FortiOS 7.2.5 y versiones anteriores, 7.0 todas las versiones, 6.4 todas las versiones; FortiProxy 7.2 todas las versiones, 7.0 todas las versiones; FortiPAM 1.3 todas las versiones, 1.2 todas las versiones, 1.1 todas las versiones, 1.0 todas las versiones; FortiSwitchManager 7.2.1 y versiones anteriores, 7.0 todas las versiones de GUI pueden permitir a los atacantes reutilizar sesiones web despu\u00e9s de cerrar sesi\u00f3n en la GUI, en caso de que logren adquirir las credenciales requeridas."
}
],
"metrics": {

2
CVE-2022/CVE-2022-487xx/CVE-2022-48732.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:11.607",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48733.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:11.700",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48734.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:11.797",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48735.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:11.890",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48740.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:12.330",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48741.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:12.430",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48742.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:12.517",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48743.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:12.610",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48773.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:02.640",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48774.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:02.717",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48775.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:02.793",
"lastModified": "2024-08-03T16:15:48.183",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48777.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:02.940",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48778.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.010",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48779.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.077",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48780.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.143",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48781.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.217",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48782.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.290",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-487xx/CVE-2022-48783.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.350",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2022/CVE-2022-488xx/CVE-2022-48800.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:04.563",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-205xx/CVE-2023-20509.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de direcci\u00f3n DRAM insuficiente en PMFW puede permitir que un atacante privilegiado realice una lectura DMA desde una direcci\u00f3n DRAM no v\u00e1lida a SRAM, lo que podr\u00eda provocar una p\u00e9rdida de integridad de los datos."
}
],
"metrics": {

4
CVE-2023/CVE-2023-205xx/CVE-2023-20510.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de direcci\u00f3n DRAM insuficiente en PMFW puede permitir que un atacante privilegiado lea desde una direcci\u00f3n DRAM no v\u00e1lida a SRAM, lo que podr\u00eda provocar corrupci\u00f3n de datos o denegaci\u00f3n de servicio."
}
],
"metrics": {

4
CVE-2023/CVE-2023-205xx/CVE-2023-20512.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage."
},
{
"lang": "es",
"value": "Una clave AES codificada en PMFW puede dar lugar a que un atacante privilegiado obtenga acceso a la clave, lo que podr\u00eda provocar una fuga de informaci\u00f3n de depuraci\u00f3n interna."
}
],
"metrics": {

4
CVE-2023/CVE-2023-205xx/CVE-2023-20513.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service."
},
{
"lang": "es",
"value": "Una verificaci\u00f3n de los l\u00edmites insuficiente en PMFW (firmware de administraci\u00f3n de energ\u00eda) puede permitir que un atacante utilice una VF (funci\u00f3n de virtualizaci\u00f3n) maliciosa para enviar un mensaje con formato incorrecto, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {

4
CVE-2023/CVE-2023-205xx/CVE-2023-20518.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality."
},
{
"lang": "es",
"value": "Una limpieza incompleta en la ASP puede exponer la clave de cifrado maestra (MEK) a un atacante privilegiado con acceso al men\u00fa del BIOS o al shell UEFI y una vulnerabilidad de filtraci\u00f3n de memoria, lo que podr\u00eda provocar una p\u00e9rdida de confidencialidad."
}
],
"metrics": {

4
CVE-2023/CVE-2023-205xx/CVE-2023-20578.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
},
{
"lang": "es",
"value": "Un TOCTOU (Time-Of-Check-Time-Of-Use) en SMM puede permitir que un atacante con privilegios ring0 y acceso al men\u00fa BIOS o al shell UEFI modifique el b\u00fafer de comunicaciones, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

4
CVE-2023/CVE-2023-205xx/CVE-2023-20584.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "IOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised Hypervisor to\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity."
},
{
"lang": "es",
"value": "IOMMU maneja incorrectamente ciertos rangos de direcciones especiales con entradas de tabla de dispositivos (DTE) no v\u00e1lidas, lo que puede permitir que un atacante con privilegios y un hipervisor comprometido induzca fallas de DTE para eludir las comprobaciones de RMP en SEV-SNP, lo que podr\u00eda provocar una p\u00e9rdida de integridad del hu\u00e9sped."
}
],
"metrics": {

4
CVE-2023/CVE-2023-205xx/CVE-2023-20591.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability."
},
{
"lang": "es",
"value": "Una reinicializaci\u00f3n incorrecta de IOMMU durante el evento DRTM puede permitir que persista una configuraci\u00f3n de plataforma que no es de confianza, lo que permite a un atacante leer o modificar la memoria del hipervisor, lo que podr\u00eda provocar una p\u00e9rdida de confidencialidad, integridad y disponibilidad."
}
],
"metrics": {

2
CVE-2023/CVE-2023-240xx/CVE-2023-24062.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.317",
"lastModified": "2024-08-08T18:55:19.180",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-240xx/CVE-2023-24063.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.410",
"lastModified": "2024-08-08T18:55:19.180",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-240xx/CVE-2023-24064.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.467",
"lastModified": "2024-08-09T16:35:00.767",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-262xx/CVE-2023-26211.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\"cross-site scripting\") en Fortinet FortiSOAR 7.3.0 a 7.3.2 permite a un atacante remoto autenticado inyectar scripts web o HTML arbitrarios a trav\u00e9s del m\u00f3dulo de Comunicaciones."
}
],
"metrics": {

2
CVE-2023/CVE-2023-288xx/CVE-2023-28865.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.533",
"lastModified": "2024-08-08T20:35:00.890",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-313xx/CVE-2023-31304.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF) \u00a0 \u00a0 to modify the PCIe\u00ae lane count and speed, potentially leading to a loss of availability."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en SMU puede permitir que un atacante con privilegios y una funci\u00f3n f\u00edsica (PF) comprometida modifique el recuento y la velocidad de los carriles PCIe\u00ae, lo que podr\u00eda provocar una p\u00e9rdida de disponibilidad."
}
],
"metrics": {

4
CVE-2023/CVE-2023-313xx/CVE-2023-31305.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure."
},
{
"lang": "es",
"value": "La generaci\u00f3n de un vector de inicializaci\u00f3n (IV) d\u00e9bil y predecible en PMFW (firmware de administraci\u00f3n de energ\u00eda) puede permitir que un atacante con privilegios reutilice los valores de IV para aplicar ingenier\u00eda inversa a los datos de depuraci\u00f3n, lo que podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {

4
CVE-2023/CVE-2023-313xx/CVE-2023-31307.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service."
},
{
"lang": "es",
"value": "La validaci\u00f3n inadecuada del \u00edndice de matriz en el firmware de administraci\u00f3n de energ\u00eda (PMFW) puede permitir que un atacante privilegiado provoque una lectura de memoria fuera de los l\u00edmites dentro de PMFW, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {

4
CVE-2023/CVE-2023-313xx/CVE-2023-31310.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the \"set temperature input selection\" command, potentially resulting in a loss of integrity and/or availability."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en el firmware de administraci\u00f3n de energ\u00eda (PMFW) puede permitir que un atacante con privilegios env\u00ede una entrada con formato incorrecto para el comando \"establecer selecci\u00f3n de entrada de temperatura\", lo que podr\u00eda provocar una p\u00e9rdida de integridad y/o disponibilidad."
}
],
"metrics": {

4
CVE-2023/CVE-2023-313xx/CVE-2023-31339.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in ARM\u00ae Trusted Firmware used in AMD\u2019s Zynq\u2122 UltraScale+\u2122) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en el firmware de confianza ARM\u00ae utilizado en Zynq\u2122 UltraScale+\u2122) MPSoC/RFSoC de AMD puede permitir que un atacante privilegiado realice lecturas fuera de los l\u00edmites, lo que podr\u00eda provocar una fuga de datos y una denegaci\u00f3n de servicio."
}
],
"metrics": {

4
CVE-2023/CVE-2023-313xx/CVE-2023-31341.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD ?Prof may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service."
},
{
"lang": "es",
"value": "Una validaci\u00f3n insuficiente del b\u00fafer de entrada de control de entrada y salida (IOCTL) en AMD ?Prof puede\npermitir que un atacante autenticado provoque una escritura fuera de los l\u00edmites, lo que podr\u00eda\ncausar un bloqueo del sistema operativo Windows\u00ae y, como resultado, una denegaci\u00f3n de servicio."
}
],
"metrics": {

4
CVE-2023/CVE-2023-313xx/CVE-2023-31349.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Incorrect default permissions in the AMD ?Prof installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
},
{
"lang": "es",
"value": "Los permisos predeterminados incorrectos en el directorio de instalaci\u00f3n de AMD ?Prof podr\u00edan permitir que un atacante logre una escalada de privilegios, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

4
CVE-2023/CVE-2023-313xx/CVE-2023-31356.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Incomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity."
},
{
"lang": "es",
"value": "Una limpieza incompleta de la memoria del sistema en el firmware SEV podr\u00eda permitir que un atacante privilegiado corrompa la memoria privada del hu\u00e9sped, lo que podr\u00eda provocar una p\u00e9rdida de integridad de los datos."
}
],
"metrics": {

2
CVE-2023/CVE-2023-332xx/CVE-2023-33206.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.597",
"lastModified": "2024-08-10T16:35:00.407",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-344xx/CVE-2023-34424.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": " Una validaci\u00f3n de entrada incorrecta en el firmware de algunos Intel(R) CSME puede permitir que un usuario privilegiado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-351xx/CVE-2023-35123.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access."
},
{
"lang": "es",
"value": " Una excepci\u00f3n no detectada en el firmware OpenBMC para algunas plataformas de servidor Intel(R) anteriores a las versiones egs-1.14-0, bhs-0.27 puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"metrics": {

6
CVE-2023/CVE-2023-380xx/CVE-2023-38018.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-12T13:38:10.877",
"lastModified": "2024-08-12T13:41:36.517",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574."
},
{
"lang": "es",
"value": "IBM Aspera Shares 1.10.0 PL2 no invalida la sesi\u00f3n despu\u00e9s de un cambio de contrase\u00f1a que podr\u00eda permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 260574."
}
],
"metrics": {

4
CVE-2023/CVE-2023-386xx/CVE-2023-38655.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access."
},
{
"lang": "es",
"value": " Las restricciones incorrectas del b\u00fafer en el firmware para algunos Intel(R) AMT e Intel(R) Standard Manageability pueden permitir que un usuario privilegiado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"metrics": {

4
CVE-2023/CVE-2023-400xx/CVE-2023-40067.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
},
{
"lang": "es",
"value": "El valor de retorno no verificado en el firmware para algunos Intel(R) CSME puede permitir que un usuario no autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso f\u00edsico."
}
],
"metrics": {

2
CVE-2023/CVE-2023-419xx/CVE-2023-41919.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cert@ncsc.nl",
"published": "2024-07-02T08:15:03.680",
"lastModified": "2024-07-02T12:09:16.907",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-426xx/CVE-2023-42667.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": " El aislamiento inadecuado en el mecanismo de cach\u00e9 de flujo de Intel(R) Core(TM) Ultra Processor puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-434xx/CVE-2023-43489.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": " Un control de acceso incorrecto para algunos software Intel(R) CIP anteriores a la versi\u00f3n 2.4.10717 puede permitir que un usuario autenticado potencialmente habilite la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-437xx/CVE-2023-43747.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": " Los permisos predeterminados incorrectos para algunos instaladores de software Intel(R) Connectivity Performance Suite anteriores a la versi\u00f3n 2.0 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-483xx/CVE-2023-48361.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": " Una inicializaci\u00f3n incorrecta del firmware para algunos Intel(R) CSME puede permitir que un usuario privilegiado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-491xx/CVE-2023-49141.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El aislamiento inadecuado en algunos mecanismos de cach\u00e9 de flujo de procesadores Intel(R) puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2023/CVE-2023-491xx/CVE-2023-49144.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": " La lectura fuera de los l\u00edmites en el firmware OpenBMC para algunas plataformas de servidor Intel(R) anteriores a las versiones egs-1.15-0, bhs-0.27 puede permitir que un usuario privilegiado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"metrics": {

6
CVE-2023/CVE-2023-503xx/CVE-2023-50314.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-14T18:15:09.697",
"lastModified": "2024-08-15T13:01:10.150",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713."
},
{
"lang": "es",
"value": " IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.8 podr\u00eda permitir que un atacante con acceso a la red realice ataques de suplantaci\u00f3n de identidad. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando un certificado emitido por una autoridad confiable para obtener informaci\u00f3n confidencial. ID de IBM X-Force: 274713."
}
],
"metrics": {

6
CVE-2023/CVE-2023-503xx/CVE-2023-50315.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-14T17:15:14.400",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714."
},
{
"lang": "es",
"value": " IBM WebSphere Application Server 8.5 y 9.0 podr\u00eda permitir que un atacante con acceso a la red realice ataques de suplantaci\u00f3n de identidad. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando un certificado emitido por una autoridad confiable para obtener informaci\u00f3n confidencial. ID de IBM X-Force: 274714."
}
],
"metrics": {

4
CVE-2023/CVE-2023-508xx/CVE-2023-50810.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp."
},
{
"lang": "es",
"value": "En ciertos productos Sonos anteriores a Sonos S1 versi\u00f3n 11.12 y S2 versi\u00f3n 15.9, existe una vulnerabilidad en el componente U-Boot del firmware que permite la ejecuci\u00f3n persistente de c\u00f3digo arbitrario con privilegios del kernel de Linux. Si no se maneja correctamente el valor de retorno del comando setenv, se puede utilizar para anular los par\u00e1metros de la l\u00ednea de comandos del kernel y, en \u00faltima instancia, omitir la implementaci\u00f3n de arranque seguro. Esto afecta a PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL y Amp."
}
],
"metrics": {},

2
CVE-2023/CVE-2023-528xx/CVE-2023-52885.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-14T08:15:01.823",
"lastModified": "2024-07-15T13:00:34.853",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2023/CVE-2023-528xx/CVE-2023-52886.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T10:15:02.493",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-70xx/CVE-2023-7049.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata."
},
{
"lang": "es",
"value": " El complemento Custom Field For WP Job Manager para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 1.2 incluida a trav\u00e9s del c\u00f3digo abreviado 'cm_fieldshow' debido a la falta de validaci\u00f3n en la clave controlada por el usuario 'job_id'. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, expongan metadatos de publicaciones potencialmente confidenciales."
}
],
"metrics": {

4
CVE-2023/CVE-2023-70xx/CVE-2023-7066.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess."
},
{
"lang": "es",
"value": "Las aplicaciones afectadas contienen una lectura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de una estructura asignada mientras analizan archivos PDF especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0113.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-08-12T13:38:12.693",
"lastModified": "2024-08-12T13:41:36.517",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure."
},
{
"lang": "es",
"value": "NVIDIA Mellanox OS, ONYX, Skyway y MetroX-3 XCC contienen una vulnerabilidad en el soporte web, donde un atacante puede provocar que una ruta CGI atraviese una URI especialmente manipulada. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda conducir a una escalada de privilegios y divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {

6
CVE-2024/CVE-2024-01xx/CVE-2024-0115.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-08-12T13:38:12.943",
"lastModified": "2024-08-12T13:41:36.517",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss."
},
{
"lang": "es",
"value": "NVIDIA CV-CUDA para Ubuntu 20.04, Ubuntu 22.04 y Jetpack contiene una vulnerabilidad en las API de Python donde un usuario puede causar un problema de consumo incontrolado de recursos debido a un proceso CV-CUDA Python de larga duraci\u00f3n. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar denegaci\u00f3n de servicio y p\u00e9rdida de datos."
}
],
"metrics": {

2
CVE-2024/CVE-2024-200xx/CVE-2024-20082.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@mediatek.com",
"published": "2024-08-14T03:15:04.120",
"lastModified": "2024-08-14T15:35:04.003",
"vulnStatus": "Undergoing Analysis",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-200xx/CVE-2024-20083.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@mediatek.com",
"published": "2024-08-14T03:15:04.280",
"lastModified": "2024-08-14T13:00:48.243",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2024/CVE-2024-207xx/CVE-2024-20789.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:17.263",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": " Las versiones 3.4.11 y anteriores de Dimension se ven afectadas por una vulnerabilidad de Use After Free que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

6
CVE-2024/CVE-2024-207xx/CVE-2024-20790.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:17.580",
"lastModified": "2024-08-14T17:49:14.177",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 3.4.11 y anteriores de Dimension se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

2
CVE-2024/CVE-2024-215xx/CVE-2024-21591.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-12T01:15:46.697",
"lastModified": "2024-02-10T00:15:07.937",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-217xx/CVE-2024-21757.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup."
},
{
"lang": "es",
"value": "Un cambio de contrase\u00f1a no verificado en Fortinet FortiManager versiones 7.0.0 a 7.0.10, versiones 7.2.0 a 7.2.4 y versiones 7.4.0 a 7.4.1, as\u00ed como Fortinet FortiAnalyzer versiones 7.0.0 a 7.0.10, versiones 7.2.0 a 7.2.4 y las versiones 7.4.0 a 7.4.1 permiten a un atacante modificar las contrase\u00f1as de administrador a trav\u00e9s de la copia de seguridad de la configuraci\u00f3n del dispositivo."
}
],
"metrics": {

4
CVE-2024/CVE-2024-217xx/CVE-2024-21766.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": " La ruta de b\u00fasqueda no controlada para alg\u00fan software Intel(R) oneAPI Math Kernel Library anterior a la versi\u00f3n 2024.1 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-217xx/CVE-2024-21769.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": " La ruta de b\u00fasqueda no controlada en algunos software de instalaci\u00f3n de Intel(R) Ethernet Connection I219-LM puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-217xx/CVE-2024-21784.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": " La ruta de b\u00fasqueda no controlada para alg\u00fan software de Intel(R) IPP Cryptography anterior a la versi\u00f3n 2021.11 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-217xx/CVE-2024-21787.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La potencia de cifrado inadecuada para algunos software BMRA anteriores a la versi\u00f3n 22.08 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-218xx/CVE-2024-21801.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": " La gesti\u00f3n insuficiente del flujo de control en algunos software de m\u00f3dulos Intel(R) TDX anteriores a la versi\u00f3n 1.5.05.46.698 puede permitir que un usuario privilegiado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-218xx/CVE-2024-21806.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": " La verificaci\u00f3n de condiciones inadecuadas en el controlador del modo kernel de Linux para algunos Intel(R) Ethernet Network Controllers serie E810 anteriores a la versi\u00f3n 28.3 puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-218xx/CVE-2024-21807.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": " La inicializaci\u00f3n incorrecta en el controlador del modo kernel de Linux para algunos Intel(R) Ethernet Network Controllers and Adapters anteriores a la versi\u00f3n 28.3 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-218xx/CVE-2024-21810.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el controlador del modo kernel de Linux para algunos Intel(R) Ethernet Network Controllers and Adapters anteriores a la versi\u00f3n 28.3 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

4
CVE-2024/CVE-2024-218xx/CVE-2024-21844.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access."
},
{
"lang": "es",
"value": " El desbordamiento de enteros en el firmware de algunos CSME Intel(R) puede permitir que un usuario no autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."
}
],
"metrics": {

4
CVE-2024/CVE-2024-218xx/CVE-2024-21857.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": " La ruta de b\u00fasqueda no controlada para alg\u00fan software del compilador Intel(R) oneAPI anterior a la versi\u00f3n 2024.1 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {

6
CVE-2024/CVE-2024-218xx/CVE-2024-21876.json
View File

@ -3,12 +3,16 @@
"sourceIdentifier": "csirt@divd.nl",
"published": "2024-08-12T13:38:14.743",
"lastModified": "2024-08-12T13:41:36.517",
"vulnStatus": "Awaiting Analysis",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225."
},
{
"lang": "es",
"value": "Limitaci\u00f3n inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido (\"Path Traversal\") a trav\u00e9s de un par\u00e1metro de URL en Enphase IQ Gateway (anteriormente conocido como Envoy) permite a un atacante no autenticado acceder o crear archivos arbitrarios. Este problema afecta a Envoy: desde 4.x a 8.x y &lt; 8.2.4225."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More