mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-21 17:41:05 +00:00
Auto-Update: 2024-01-09T15:00:24.670939+00:00
This commit is contained in:
cad-safe-bot
parent
37ace03371
commit
50c7307374
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2015-10128",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-01-02T14:15:07.810",
|
||||
"lastModified": "2024-01-02T19:36:26.333",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-09T14:11:20.080",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad fue encontrada en rt-prettyphoto Plugin up to 1.2 en WordPress y clasificada como problem\u00e1tica. La funci\u00f3n royal_prettyphoto_plugin_links del archivo rt-prettyphoto.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede lanzarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.3 puede solucionar este problema. El parche se identifica como 0d3d38cfa487481b66869e4212df1cefc281ecb7. Se recomienda actualizar el componente afectado. VDB-249422 es el identificador asignado a esta vulnerabilidad."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
},
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
@ -71,18 +95,45 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:royaltechbd:royal_prettyphoto:*:*:*:*:*:wordpress:*:*",
|
||||
"versionEndExcluding": "1.3",
|
||||
"matchCriteriaId": "7D7871D2-A668-46F5-83F0-A6AC595BA243"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/wp-plugins/rt-prettyphoto/commit/0d3d38cfa487481b66869e4212df1cefc281ecb7",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.249422",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.249422",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2017-20188",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-01-02T15:15:08.377",
|
||||
"lastModified": "2024-01-02T19:36:26.333",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-09T14:28:14.867",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB-249421 was assigned to this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad ha sido encontrada en Zimbra zm-ajax hasta 8.8.1 y clasificada como problem\u00e1tica. La funci\u00f3n XFormItem.prototype.setError del archivo WebRoot/js/ajax/dwt/xforms/XFormItem.js es afectada por esta vulnerabilidad. La manipulaci\u00f3n del mensaje de argumento conduce a cross site scripting. El ataque se puede lanzar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. La actualizaci\u00f3n a la versi\u00f3n 8.8.2 puede solucionar este problema. El identificador del parche es 8d039d6efe80780adc40c6f670c06d21de272105. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249421."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.6,
|
||||
"impactScore": 2.7
|
||||
},
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
@ -71,22 +95,53 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:zimbra:zm-ajax:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "8.8.2",
|
||||
"matchCriteriaId": "92DC03A9-1A56-434C-AAF3-79B8DAA0B695"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/Zimbra/zm-ajax/commit/8d039d6efe80780adc40c6f670c06d21de272105",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/Zimbra/zm-ajax/releases/tag/8.8.2",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Release Notes"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.249421",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Permissions Required",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.249421",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2020-26625",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-02T22:15:07.880",
|
||||
"lastModified": "2024-01-03T13:48:00.677",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-09T13:26:22.477",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,90 @@
|
||||
"value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en Gila CMS 1.15.4 y versiones anteriores que permite a un atacante remoto ejecutar scripts web arbitrarios a trav\u00e9s del par\u00e1metro 'user_id' despu\u00e9s del portal de inicio de sesi\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 3.8,
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
"exploitabilityScore": 1.2,
|
||||
"impactScore": 2.5
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:gilacms:gila_cms:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "1.15.4",
|
||||
"matchCriteriaId": "A50D5646-7095-46DD-8C3F-1CA1FBD9D043"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://gilacms.com",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Product"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/GilaCMS/gila",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Product"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/GilaCMS/gila/security/policy",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
24
CVE-2022/CVE-2022-289xx/CVE-2022-28975.json
Normal file
24
CVE-2022/CVE-2022-289xx/CVE-2022-28975.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"id": "CVE-2022-28975",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T14:15:45.647",
|
||||
"lastModified": "2024-01-09T14:55:35.817",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "http://infoblox.com",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://piotrryciak.com/posts/xss-infoblox/",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-34344",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T22:15:44.540",
|
||||
"lastModified": "2024-01-08T22:15:44.540",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Rymera Web Co Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Rymera Web Co Wholesale Suite: precios mayoristas de WooCommerce, B2B, modo de cat\u00e1logo, formulario de pedido, roles de usuario mayoristas, precios din\u00e1micos y m\u00e1s. Este problema afecta a Wholesale Suite: precios mayoristas de WooCommerce, B2B, modo de cat\u00e1logo, formulario de pedido, venta al por mayor Roles de usuario, precios din\u00e1micos y m\u00e1s: desde n/a hasta 2.1.5."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-36352",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T22:15:44.760",
|
||||
"lastModified": "2024-01-08T22:15:44.760",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Missing Authorization vulnerability in Profilegrid ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Profilegrid ProfileGrid: perfiles de usuario, membres\u00edas, grupos y comunidades. Este problema afecta a ProfileGrid: perfiles de usuario, membres\u00edas, grupos y comunidades: desde n/a hasta 5.0.3."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-40696",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T22:15:44.970",
|
||||
"lastModified": "2024-01-08T22:15:44.970",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en WP Engine Advanced Custom Fields (ACF). Este problema afecta a Advanced Custom Fields (ACF): desde 3.1.1 hasta 6.0.2."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-45354",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:08.260",
|
||||
"lastModified": "2024-01-08T21:15:08.260",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en WPChill Download Monitor. Este problema afecta a Download Monitor: desde n/a hasta 4.7.60."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-26998",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T02:15:43.960",
|
||||
"lastModified": "2024-01-09T02:15:43.960",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de Cross Site Scripting encontrada en NetScoutnGeniusOne v.6.3.4 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro creator de la p\u00e1gina de configuraci\u00f3n de alerta."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-26999",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T02:15:44.020",
|
||||
"lastModified": "2024-01-09T02:15:44.020",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un problema encontrado en NetScout nGeniusOne v.6.3.4 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio a trav\u00e9s de un archivo manipulado."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-27000",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T02:15:44.067",
|
||||
"lastModified": "2024-01-09T02:15:44.067",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s)."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de Cross Site Scripting encontrada en NetScoutnGeniusOne v.6.3.4 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro name de las p\u00e1ginas de perfil y lista de exclusi\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-27098",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T02:15:44.113",
|
||||
"lastModified": "2024-01-09T02:15:44.113",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "TP-Link Tapo APK hasta v2.12.703 utiliza credenciales codificadas para acceder al panel de inicio de sesi\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-27739",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-08T21:15:08.587",
|
||||
"lastModified": "2024-01-08T21:15:08.587",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "easyXDM 2.5 allows XSS via the xdm_e parameter."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "easyXDM 2.5 permite XSS a trav\u00e9s del par\u00e1metro xdm_e."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-36629",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T02:15:44.163",
|
||||
"lastModified": "2024-01-09T02:15:44.163",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El paquete ST ST54-android-packages-apps-Nfc anterior a 130-20230215-23W07p0 para Android tiene una lectura fuera de los l\u00edmites."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-39336",
|
||||
"sourceIdentifier": "support@hackerone.com",
|
||||
"published": "2024-01-09T02:15:44.207",
|
||||
"lastModified": "2024-01-09T02:15:44.207",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. "
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de inyecci\u00f3n SQL no especificada en Ivanti Endpoint Manager lanzada antes de 2022 SU 5 permite a un atacante con acceso a la red interna ejecutar consultas SQL arbitrarias y recuperar resultados sin necesidad de autenticaci\u00f3n. En circunstancias espec\u00edficas, esto tambi\u00e9n puede provocar RCE en el servidor central."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42797",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:15.320",
|
||||
"lastModified": "2024-01-09T10:15:15.320",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps.\r\n\r\nBy uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en CP-8031 MASTER MODULE (Todas las versiones < CPCI85 V05.20), CP-8050 MASTER MODULE (Todas las versiones < CPCI85 V05.20). El servicio de configuraci\u00f3n de red de los dispositivos afectados contiene un fallo en la conversi\u00f3n de direcciones IPv4 que podr\u00eda llevar a que se utilice una variable no inicializada en los siguientes pasos de validaci\u00f3n. Al cargar una configuraci\u00f3n de red especialmente manipulada, un atacante remoto autenticado podr\u00eda inyectar comandos que se ejecutan en el dispositivo con privilegios de root durante el inicio del dispositivo."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-44120",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:15.613",
|
||||
"lastModified": "2024-01-09T10:15:15.613",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Spectrum Power 7 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46324",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-10-23T01:15:07.637",
|
||||
"lastModified": "2023-10-30T13:46:10.107",
|
||||
"vulnStatus": "Analyzed",
|
||||
"lastModified": "2024-01-09T14:15:45.940",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -96,6 +96,10 @@
|
||||
"Patch",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.gsma.com/security/wp-content/uploads/2023/10/0073-invalid_curve.pdf",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-46906",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T01:15:38.830",
|
||||
"lastModified": "2024-01-09T01:15:38.830",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "juzaweb <= 3.4 es vulnerable a un control de acceso incorrecto, lo que provoca una interrupci\u00f3n de la aplicaci\u00f3n despu\u00e9s de un c\u00f3digo de estado HTTP 500. El payload en el campo de timezone no se valid\u00f3 correctamente."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-47890",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-08T20:15:44.453",
|
||||
"lastModified": "2024-01-08T20:15:44.453",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "pyLoad 0.5.0 is vulnerable to Unrestricted File Upload."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "pyLoad 0.5.0 es vulnerable a la carga de archivos sin restricciones."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-48121",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-11-28T19:15:07.340",
|
||||
"lastModified": "2023-12-04T19:25:28.723",
|
||||
"vulnStatus": "Analyzed",
|
||||
"lastModified": "2024-01-09T14:15:46.100",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -161,12 +161,20 @@
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://joerngermany.github.io/ezviz_vulnerability/",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://www.ezviz.com/data-security/security-notice/detail/911",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49121",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:16.760",
|
||||
"lastModified": "2024-01-09T10:15:16.760",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49122",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:17.127",
|
||||
"lastModified": "2024-01-09T10:15:17.127",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49123",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:17.457",
|
||||
"lastModified": "2024-01-09T10:15:17.457",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49124",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:17.693",
|
||||
"lastModified": "2024-01-09T10:15:17.693",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49126",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:17.997",
|
||||
"lastModified": "2024-01-09T10:15:17.997",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49127",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:18.230",
|
||||
"lastModified": "2024-01-09T10:15:18.230",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49128",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:18.520",
|
||||
"lastModified": "2024-01-09T10:15:18.520",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49129",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:18.743",
|
||||
"lastModified": "2024-01-09T10:15:18.743",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49130",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:19.053",
|
||||
"lastModified": "2024-01-09T10:15:19.053",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49131",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:19.310",
|
||||
"lastModified": "2024-01-09T10:15:19.310",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49132",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:19.637",
|
||||
"lastModified": "2024-01-09T10:15:19.637",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49235",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T09:15:42.223",
|
||||
"lastModified": "2024-01-09T09:15:42.223",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en libremote_dbg.so en dispositivos TRENDnet TV-IP1314PI 5.5.3 200714. El filtrado de informaci\u00f3n de depuraci\u00f3n se maneja mal durante el uso de popen. En consecuencia, un atacante puede eludir la validaci\u00f3n y ejecutar un comando de shell."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49236",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T09:15:42.300",
|
||||
"lastModified": "2024-01-09T09:15:42.300",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en dispositivos TRENDnet TV-IP1314PI 5.5.3 200714, lo que provoc\u00f3 la ejecuci\u00f3n de comandos arbitrarios. Esto ocurre debido a la falta de validaci\u00f3n de longitud durante un sscanf de un campo de escala ingresado por el usuario en la funci\u00f3n de reproducci\u00f3n RTSP de davinci."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49237",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T09:15:42.350",
|
||||
"lastModified": "2024-01-09T09:15:42.350",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en los dispositivos TRENDnet TV-IP1314PI 5.5.3 200714. La inyecci\u00f3n de comandos puede ocurrir porque davinci utiliza la funci\u00f3n del sistema para descomprimir paquetes de idiomas sin un filtrado estricto de las cadenas de URL."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49238",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T02:15:44.837",
|
||||
"lastModified": "2024-01-09T02:15:44.837",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En Gradle Enterprise anterior a 2023.1, un atacante remoto podr\u00eda obtener acceso a una nueva instalaci\u00f3n (en ciertos escenarios de instalaci\u00f3n) debido a una contrase\u00f1a de usuario inicial del sistema no \u00fanica. Aunque esta contrase\u00f1a debe cambiarse en el primer inicio de sesi\u00f3n, es posible que un atacante inicie sesi\u00f3n antes que el administrador leg\u00edtimo."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49251",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:19.910",
|
||||
"lastModified": "2024-01-09T10:15:19.910",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The \"intermediate installation\" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en SIMATIC CN 4100 (todas las versiones < V2.7). El estado del sistema de \"intermediate installation\" de la aplicaci\u00f3n afectada permite a un atacante agregar sus propias credenciales de inicio de sesi\u00f3n al dispositivo. Esto permite a un atacante iniciar sesi\u00f3n de forma remota como root y tomar el control del dispositivo incluso despu\u00e9s de que el dispositivo afectado est\u00e9 completamente configurado."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49252",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:20.243",
|
||||
"lastModified": "2024-01-09T10:15:20.243",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en SIMATIC CN 4100 (todas las versiones < V2.7). La aplicaci\u00f3n afectada permite el cambio de configuraci\u00f3n de IP sin autenticaci\u00f3n en el dispositivo. Esto podr\u00eda permitir que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49621",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:20.503",
|
||||
"lastModified": "2024-01-09T10:15:20.503",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The \"intermediate installation\" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en SIMATIC CN 4100 (todas las versiones < V2.7). El estado del sistema de \"intermediate installation\" de la aplicaci\u00f3n afectada utiliza la credencial predeterminada con privilegios de administrador. Un atacante podr\u00eda utilizar las credenciales para obtener el control total del dispositivo afectado."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49722",
|
||||
"sourceIdentifier": "psirt@bosch.com",
|
||||
"published": "2024-01-09T10:15:20.720",
|
||||
"lastModified": "2024-01-09T10:15:20.720",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El puerto de red 8899 est\u00e1 abierto en el firmware WiFi de los productos BCC101/BCC102/BCC50, que permite a un atacante conectarse al dispositivo a trav\u00e9s de la misma red WiFi."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-49961",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-08T21:15:08.767",
|
||||
"lastModified": "2024-01-08T21:15:08.767",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "WALLIX Bastion 7.x, 8.x, 9.x y 10.x y WALLIX Access Manager 3.x y 4.x tienen un control de acceso incorrecto que puede provocar la exposici\u00f3n de datos confidenciales."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-50162",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T00:15:44.320",
|
||||
"lastModified": "2024-01-09T00:15:44.320",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de inyecci\u00f3n SQL en EmpireCMS v7.5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n DoExecSql."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-50585",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T09:15:42.430",
|
||||
"lastModified": "2024-01-09T09:15:42.430",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 que Tenda A18 v15.13.07.09 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro devName en la funci\u00f3n formSetDeviceName."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-50643",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T01:15:38.890",
|
||||
"lastModified": "2024-01-09T01:15:38.890",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un problema en Evernote Evernote para MacOS v.10.68.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de los componentes RunAsNode y enableNodeClilnspectArguments."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-50930",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T07:15:07.733",
|
||||
"lastModified": "2024-01-09T07:15:07.733",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Jira, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en savignano S/Notify anterior a 4.0.2 para Jira. Mientras un usuario administrativo inicia sesi\u00f3n, los ajustes de configuraci\u00f3n de S/Notify se pueden modificar mediante un ataque CSRF. La inyecci\u00f3n podr\u00eda iniciarse cuando el administrador hace clic en un enlace malicioso en un correo electr\u00f3nico o visita un sitio web malicioso. Si se ejecuta mientras un administrador est\u00e1 conectado a Jira, un atacante podr\u00eda aprovecharlo para modificar la configuraci\u00f3n de la aplicaci\u00f3n S/Notify en ese host. Esto puede provocar, en particular, que las notificaciones por correo electr\u00f3nico dejen de estar cifradas cuando deber\u00edan estarlo."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-50931",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T07:15:09.877",
|
||||
"lastModified": "2024-01-09T07:15:09.877",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en savignano S/Notify anterior a 2.0.1 para Bitbucket. Mientras un usuario administrativo inicia sesi\u00f3n, los ajustes de configuraci\u00f3n de S/Notify se pueden modificar mediante un ataque CSRF. La inyecci\u00f3n podr\u00eda iniciarse cuando el administrador hace clic en un enlace malicioso en un correo electr\u00f3nico o visita un sitio web malicioso. Si se ejecuta mientras un administrador est\u00e1 conectado a Bitbucket, un atacante podr\u00eda aprovecharlo para modificar la configuraci\u00f3n de la aplicaci\u00f3n S/Notify en ese host. Esto puede provocar, en particular, que las notificaciones por correo electr\u00f3nico dejen de estar cifradas cuando deber\u00edan estarlo."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-50932",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T07:15:10.937",
|
||||
"lastModified": "2024-01-09T07:15:10.937",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Confluence, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en savignano S/Notify anterior a 4.0.2 para Confluence. Mientras un usuario administrativo inicia sesi\u00f3n, los ajustes de configuraci\u00f3n de S/Notify se pueden modificar mediante un ataque CSRF. La inyecci\u00f3n podr\u00eda iniciarse cuando el administrador hace clic en un enlace malicioso en un correo electr\u00f3nico o visita un sitio web malicioso. Si se ejecuta mientras un administrador est\u00e1 conectado a Confluence, un atacante podr\u00eda aprovecharlo para modificar la configuraci\u00f3n de la aplicaci\u00f3n S/Notify en ese host. Esto puede provocar, en particular, que las notificaciones por correo electr\u00f3nico dejen de estar cifradas cuando deber\u00edan estarlo."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-50974",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T09:15:42.480",
|
||||
"lastModified": "2024-01-09T09:15:42.480",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En Appwrite CLI anterior a 3.0.0, cuando se utiliza el comando de inicio de sesi\u00f3n, las credenciales del usuario de Appwrite se almacenan en un archivo ~/.appwrite/prefs.json con 0644 como permisos UNIX. Cualquier usuario del sistema local puede acceder a esas credenciales."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-50982",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-08T20:15:44.513",
|
||||
"lastModified": "2024-01-08T20:15:44.513",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Stud.IP 5.x a 5.3.3 permite XSS con la carga resultante de archivos ejecutables, porque upload_action y edit_action en Admin_SmileysController no verifican la extensi\u00f3n del archivo. Esto conduce a la ejecuci\u00f3n remota de c\u00f3digo con los privilegios del usuario de www-data. Las versiones corregidas son 5.3.4, 5.2.6, 5.1.7 y 5.0.9."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51246",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-08T20:15:44.723",
|
||||
"lastModified": "2024-01-08T20:15:44.723",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de Cross Site Scripting (XSS) en GetSimple CMS 3.3.16 cuando se utiliza el modo de c\u00f3digo fuente como usuario backend para agregar art\u00edculos a trav\u00e9s de la p\u00e1gina /admin/edit.php."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51406",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:08.817",
|
||||
"lastModified": "2024-01-08T21:15:08.817",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup \u2013 Fastest WordPress Migration & Duplicator.This issue affects FastDup \u2013 Fastest WordPress Migration & Duplicator: from n/a through 2.1.7.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Ninja Team FastDup: duplicador y migraci\u00f3n de WordPress m\u00e1s r\u00e1pido. Este problema afecta a FastDup: duplicador y migraci\u00f3n de WordPress m\u00e1s r\u00e1pido: desde n/a hasta 2.1.7."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51408",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:09.013",
|
||||
"lastModified": "2024-01-08T21:15:09.013",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel \u2013 Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel \u2013 Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en StudioWombat WP Optin Wheel: herramienta de marketing por correo electr\u00f3nico Optin gamificada para WordPress y WooCommerce. Este problema afecta a WP Optin Wheel: herramienta de marketing por correo electr\u00f3nico Optin gamificada para WordPress y WooCommerce: desde n/a hasta 1.4.3 ."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51438",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:21.077",
|
||||
"lastModified": "2024-01-09T10:15:21.077",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish\u00ae server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en SIMATIC IPC1047E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows), SIMATIC IPC647E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows), SIMATIC IPC847E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows). En instalaciones predeterminadas de maxView Storage Manager donde el servidor Redfish\u00ae est\u00e1 configurado para la administraci\u00f3n remota del sistema, se ha identificado una vulnerabilidad que puede proporcionar acceso no autorizado."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51439",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:21.350",
|
||||
"lastModified": "2024-01-09T10:15:21.350",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones < V14.3.0.6), Teamcenter Visualization V13.3 (Todas las versiones < V13.3.0.13), Teamcenter Visualization V14.1 (Todas las versiones < V14.1.0.12), Teamcenter Visualization V14.2 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51490",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:09.213",
|
||||
"lastModified": "2024-01-08T21:15:09.213",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security \u2013 Malware Scanner, Login Security & Firewall.This issue affects Defender Security \u2013 Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en WPMU DEV Defender Security: an\u00e1lisis de malware, seguridad de inicio de sesi\u00f3n y firewall. Este problema afecta a Defender Security: an\u00e1lisis de malware, seguridad de inicio de sesi\u00f3n y firewall: desde n/a hasta 4.1.0."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51508",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:09.420",
|
||||
"lastModified": "2024-01-08T21:15:09.420",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Jordy Meow Database Cleaner: Limpiar, optimizar y reparar. Este problema afecta a Database Cleaner: Limpiar, optimizar y reparar: desde n/a hasta 0.9.8."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-51668",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-05T10:15:11.727",
|
||||
"lastModified": "2024-01-05T11:54:11.040",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-09T14:27:16.827",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "audit@patchstack.com",
|
||||
"type": "Secondary",
|
||||
@ -50,10 +70,31 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:wpzone:inline_image_upload_for_bbpress:*:*:*:*:*:wordpress:*:*",
|
||||
"versionEndIncluding": "1.1.18",
|
||||
"matchCriteriaId": "0F6DBC7F-BE75-4C89-BCEE-5611A77E9CEE"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://patchstack.com/database/vulnerability/image-upload-for-bbpress/wordpress-inline-image-upload-for-bbpress-plugin-1-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
|
||||
"source": "audit@patchstack.com"
|
||||
"source": "audit@patchstack.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-51673",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-05T10:15:12.053",
|
||||
"lastModified": "2024-01-05T11:54:11.040",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-09T14:22:21.900",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "audit@patchstack.com",
|
||||
"type": "Secondary",
|
||||
@ -40,8 +60,18 @@
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "audit@patchstack.com",
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "audit@patchstack.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -50,10 +80,31 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:stylishpricelist:stylish_price_list:*:*:*:*:*:wordpress:*:*",
|
||||
"versionEndIncluding": "7.0.17",
|
||||
"matchCriteriaId": "C84D3D94-02E0-4B01-9A81-E38EE8AE64E2"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://patchstack.com/database/vulnerability/stylish-price-list/wordpress-stylish-price-list-plugin-7-0-17-broken-access-control-vulnerability?_s_id=cve",
|
||||
"source": "audit@patchstack.com"
|
||||
"source": "audit@patchstack.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51717",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-09T02:15:45.537",
|
||||
"lastModified": "2024-01-09T02:15:45.537",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Dataiku DSS anterior a 11.4.5 y 12.4.1 tiene un control de acceso incorrecto que podr\u00eda provocar una omisi\u00f3n de autenticaci\u00f3n completa."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51744",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:21.657",
|
||||
"lastModified": "2024-01-09T10:15:21.657",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones < V14.3.0.6), Teamcenter Visualization V13.3 (Todas las versiones < V13.3.0.13), Teamcenter Visualization V14.1 (Todas las versiones < V14.1.0.12), Teamcenter Visualization V14.2 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51745",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:21.947",
|
||||
"lastModified": "2024-01-09T10:15:21.947",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones < V14.3.0.6), Teamcenter Visualization V13.3 (Todas las versiones < V13.3.0.13), Teamcenter Visualization V14.1 (Todas las versiones < V14.1.0.12), Teamcenter Visualization V14.2 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-51746",
|
||||
"sourceIdentifier": "productcert@siemens.com",
|
||||
"published": "2024-01-09T10:15:22.253",
|
||||
"lastModified": "2024-01-09T10:15:22.253",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones < V14.3.0.6), Teamcenter Visualization V13.3 (Todas las versiones < V13.3.0.13), Teamcenter Visualization V14.1 (Todas las versiones < V14.1.0.12), Teamcenter Visualization V14.2 (todas las versiones "
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52072",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-08T22:15:45.173",
|
||||
"lastModified": "2024-01-08T22:15:45.173",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 que FlyCms v1.0 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /system/site/userconfig_updagte."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52073",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-08T22:15:45.220",
|
||||
"lastModified": "2024-01-08T22:15:45.220",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 que FlyCms v1.0 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /system/site/config_footer_updagte."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52074",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-08T22:15:45.267",
|
||||
"lastModified": "2024-01-08T22:15:45.267",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 que FlyCms v1.0 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente system/site/webconfig_updagte."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52142",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:09.607",
|
||||
"lastModified": "2024-01-08T21:15:09.607",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Cool Plugins Events Shortcodes For The Events Calendar. Este problema afecta a Events Shortcodes For The Events Calendar: desde n/a hasta 2.3.1."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52196",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:09.820",
|
||||
"lastModified": "2024-01-08T21:15:09.820",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Phil Ewels CPT Bootstrap Carousel permite el XSS reflejado. Este problema afecta a CPT Bootstrap Carousel: desde n/a hasta 1.12."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52197",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:10.040",
|
||||
"lastModified": "2024-01-08T21:15:10.040",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Impactpixel Ads Invalid Click Protection permite almacenar XSS. Este problema afecta a Ads Invalid Click Protection: desde n/a hasta 1.0."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52198",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:10.243",
|
||||
"lastModified": "2024-01-08T21:15:10.243",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Michiel van Eerd Private Google Calendars permite almacenar XSS. Este problema afecta a Private Google Calendars: desde n/a hasta 20231125."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52200",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T20:15:44.777",
|
||||
"lastModified": "2024-01-08T20:15:44.777",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Cross-Site Request Forgery (CSRF), vulnerabilidad de deserializaci\u00f3n de datos no confiables en Repute Infosystems ARMember: complemento de membres\u00eda, restricci\u00f3n de contenido, niveles de miembros, perfil de usuario y registro de usuario. Este problema afecta a ARMember: complemento de membres\u00eda, restricci\u00f3n de contenido, niveles de miembros, perfil de usuario & Registro de usuario: n/a."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52201",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:10.443",
|
||||
"lastModified": "2024-01-08T21:15:10.443",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brian D. Goad pTypeConverter.This issue affects pTypeConverter: from n/a through 0.2.8.1.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Brian D. Goad pTypeConverter. Este problema afecta a pTypeConverter: desde n/a hasta 0.2.8.1."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52202",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T21:15:10.633",
|
||||
"lastModified": "2024-01-08T21:15:10.633",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Player MP3 HTML5 de SVNLabs Software con Folder Feedburner Playlist Free. Este problema afecta a Player MP3 HTML5 con Folder Feedburner Playlist Free: desde n/a hasta 2.8.0."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52203",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T20:15:45.010",
|
||||
"lastModified": "2024-01-08T20:15:45.010",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Oliver Seidel, Bastian Germann cformsII permite almacenar XSS. Este problema afecta a cformsII: desde n/a hasta 15.0.5."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52204",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T20:15:45.263",
|
||||
"lastModified": "2024-01-08T20:15:45.263",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Javik Randomize. Este problema afecta a Randomize: desde n/a hasta 1.4.3."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52205",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T20:15:45.463",
|
||||
"lastModified": "2024-01-08T20:15:45.463",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en HTML5 SoundCloud Player con Playlist Free del software SVNLabs. Este problema afecta a HTML5 SoundCloud Player con Playlist Free: desde n/a hasta 2.8.0."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52206",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T20:15:45.680",
|
||||
"lastModified": "2024-01-08T20:15:45.680",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Live Composer Team Page Builder: Live Composer live-composer-page-builder. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.25."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52213",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T20:15:45.920",
|
||||
"lastModified": "2024-01-08T20:15:45.920",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review \u2013 AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review \u2013 AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en VideoWhisper Rate Star Review: revisiones AJAX de contenido, con calificaciones de estrellas permite XSS reflejado. Este problema afecta a Rate Star Review: revisiones AJAX de contenido, con calificaciones de estrellas : desde n/a hasta 1.5.1."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52216",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-01-08T20:15:46.173",
|
||||
"lastModified": "2024-01-08T20:15:46.173",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Yevhen Kotelnytskyi JS y CSS Script Optimizer. Este problema afecta a JS y CSS Script Optimizer: desde n/a hasta 0.3.3."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-52271",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-08T20:15:46.387",
|
||||
"lastModified": "2024-01-08T20:15:46.387",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time)."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El controlador del kernel wsftprm.sys 2.0.0.0 en Topaz Antifraud permite a atacantes con pocos privilegios eliminar cualquier proceso (Protected Process Light) a trav\u00e9s de un IOCTL (que se nombrar\u00e1 m\u00e1s adelante)."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-5347",
|
||||
"sourceIdentifier": "office@cyberdanube.com",
|
||||
"published": "2024-01-09T10:15:22.523",
|
||||
"lastModified": "2024-01-09T10:15:22.523",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables.\u00a0This issue affects JetNet devices older than firmware version 2024/01."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de verificaci\u00f3n incorrecta de la firma criptogr\u00e1fica en el proceso de actualizaci\u00f3n de Korenix JetNet Series permite reemplazar todo el sistema operativo, incluidos los ejecutables confiables. Este problema afecta a los dispositivos JetNet anteriores a la versi\u00f3n de firmware 2024/01."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-5376",
|
||||
"sourceIdentifier": "office@cyberdanube.com",
|
||||
"published": "2024-01-09T10:15:22.823",
|
||||
"lastModified": "2024-01-09T10:15:22.823",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service.\u00a0This issue affects JetNet devices older than firmware version 2024/01."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de autenticaci\u00f3n incorrecta en Korenix JetNet TFTP permite el abuso de este servicio. Este problema afecta a los dispositivos JetNet anteriores a la versi\u00f3n de firmware 2024/01."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-6094",
|
||||
"sourceIdentifier": "psirt@moxa.com",
|
||||
"published": "2023-12-31T10:15:08.787",
|
||||
"lastModified": "2024-01-04T15:15:10.963",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-01-09T14:55:23.847",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 1.4
|
||||
},
|
||||
{
|
||||
"source": "psirt@moxa.com",
|
||||
"type": "Secondary",
|
||||
@ -39,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-319"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "psirt@moxa.com",
|
||||
"type": "Secondary",
|
||||
@ -50,10 +80,43 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:moxa:oncell_g3150a-lte_firmware:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "1.3",
|
||||
"matchCriteriaId": "4F758200-C50E-4456-AAA9-870206050FAE"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:moxa:oncell_g3150a-lte:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A4BDE004-9181-4030-AEB3-594B9B478879"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement",
|
||||
"source": "psirt@moxa.com"
|
||||
"source": "psirt@moxa.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-6147",
|
||||
"sourceIdentifier": "bugreport@qualys.com",
|
||||
"published": "2024-01-09T08:15:36.100",
|
||||
"lastModified": "2024-01-09T08:15:36.100",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\nQualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se identific\u00f3 que Qualys Jenkins Plugin para Policy Compliance anterior a la versi\u00f3n 1.0.5 incluida estaba afectado por un fallo de seguridad, al que le faltaba una verificaci\u00f3n de permiso al realizar una verificaci\u00f3n de conectividad con Qualys Cloud Services. Esto permiti\u00f3 a cualquier usuario con acceso de inicio de sesi\u00f3n configurar o editar jobs para utilizar el complemento y configurar un endpoint potencial a trav\u00e9s del cual era posible controlar la respuesta para cierta solicitud que podr\u00eda inyectarse con payloads XXE que conduzcan a XXE mientras se procesan los datos de respuesta."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-6148",
|
||||
"sourceIdentifier": "bugreport@qualys.com",
|
||||
"published": "2024-01-09T09:15:42.530",
|
||||
"lastModified": "2024-01-09T09:15:42.530",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\nQualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which\u00a0it was possible to control response for certain request which could be injected with XSS payloads leading to XSS\u00a0while processing the response data\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se identific\u00f3 que Qualys Jenkins Plugin para Policy Compliance anterior a la versi\u00f3n 1.0.5 incluida estaba afectado por un fallo de seguridad, al que le faltaba una verificaci\u00f3n de permiso al realizar una verificaci\u00f3n de conectividad con Qualys Cloud Services. Esto permiti\u00f3 a cualquier usuario con acceso de inicio de sesi\u00f3n y acceso para configurar o editar jobs utilizar el complemento para configurar un endpoint potencial a trav\u00e9s del cual era posible controlar la respuesta para cierta solicitud que podr\u00eda inyectarse con payloads XSS que conducen a XSS mientras se procesan los datos de respuesta."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-6149",
|
||||
"sourceIdentifier": "bugreport@qualys.com",
|
||||
"published": "2024-01-09T09:15:42.737",
|
||||
"lastModified": "2024-01-09T09:15:42.737",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\nQualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se identific\u00f3 que Qualys Jenkins Plugin para WAS anterior a la versi\u00f3n 2.0.11 incluida estaba afectado por un fallo de seguridad, al que le faltaba una verificaci\u00f3n de permiso al realizar una verificaci\u00f3n de conectividad con Qualys Cloud Services. Esto permiti\u00f3 a cualquier usuario con acceso de inicio de sesi\u00f3n configurar o editar jobs para utilizar el complemento y configurar un endpoint potencial a trav\u00e9s del cual era posible controlar la respuesta para cierta solicitud que podr\u00eda inyectarse con payloads XXE que conduzcan a XXE mientras se procesan los datos de respuesta."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-6594",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-09T03:15:08.390",
|
||||
"lastModified": "2024-01-09T03:15:08.390",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Administrators can give button creation privileges to users with lower levels (contributor+) which would allow those lower-privileged users to carry out attacks."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "WordPress Button Plugin MaxButtons complemento para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 9.7.4 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html. Los administradores pueden otorgar privilegios de creaci\u00f3n de botones a usuarios con niveles m\u00e1s bajos (colaborador+), lo que permitir\u00eda a esos usuarios con menos privilegios llevar a cabo ataques."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-6788",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-09T04:15:07.493",
|
||||
"lastModified": "2024-01-09T04:15:07.493",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options \"mf_hubsopt_token\", \"mf_hubsopt_refresh_token\", \"mf_hubsopt_token_type\", and \"mf_hubsopt_expires_in\" via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site's metform to obtain leads and contacts."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Metform Elementor Contact Form Builder complemento para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.8.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n de contents. Esto hace posible que atacantes no autenticados actualicen las opciones \"mf_hubsopt_token\", \"mf_hubsopt_refresh_token\", \"mf_hubsopt_token_type\" y \"mf_hubsopt_expires_in\" a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace. Esto permitir\u00eda a un atacante conectar su propia cuenta de Hubspot al metform del sitio v\u00edctima para obtener clientes potenciales y contactos."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-6830",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-09T07:15:13.223",
|
||||
"lastModified": "2024-01-09T07:15:13.223",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Formidable Forms complemento para WordPress es vulnerable a la inyecci\u00f3n de HTML en versiones hasta la 6.7 incluida. Esta vulnerabilidad permite a usuarios no autenticados inyectar c\u00f3digo HTML arbitrario en campos de formulario. Cuando un administrador ve los datos del formulario en la p\u00e1gina de vista de entradas, se procesa el c\u00f3digo HTML inyectado, lo que puede provocar la destrucci\u00f3n del \u00e1rea de administraci\u00f3n o la redirecci\u00f3n a sitios web maliciosos."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-6842",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-01-09T07:15:14.330",
|
||||
"lastModified": "2024-01-09T07:15:14.330",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 (inclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this only affects multi-site installations and installations where unfiltered_html has been disabled. However, in the formidable settings admins can extend form creation, deletion and other management permissions to other user types, which makes it possible for this vulnerability to be exploited by lower level user types as long as they have been granted the proper permissions."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder complemento para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la etiqueta name field y el par\u00e1metro description field label en todas las versiones hasta 6.7 (incluida) debido a una debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de administrador, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. De forma predeterminada, esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html. Sin embargo, en la configuraci\u00f3n formidable, los administradores pueden extender la creaci\u00f3n de formularios, la eliminaci\u00f3n y otros permisos de administraci\u00f3n a otros tipos de usuarios, lo que hace posible que esta vulnerabilidad sea explotada por tipos de usuarios de nivel inferior siempre que se les hayan otorgado los permisos adecuados."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-7218",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-01-08T21:15:10.850",
|
||||
"lastModified": "2024-01-08T21:15:10.850",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad fue encontrada en Totolink N350RT 9.3.5u.6139_B202012 y clasificada como cr\u00edtica. La funci\u00f3n loginAuth del fichero /cgi-bin/cstecgi.cgi es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento contrase\u00f1a provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Es posible lanzar el ataque de forma remota. El identificador de esta vulnerabilidad es VDB-249852. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-7219",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-01-09T06:15:45.930",
|
||||
"lastModified": "2024-01-09T06:15:45.930",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad ha sido encontrada en Totolink N350RT 9.3.5u.6139_B202012 y clasificada como cr\u00edtica. La funci\u00f3n loginAuth del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento http_host provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249853. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-7220",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-01-09T08:15:36.490",
|
||||
"lastModified": "2024-01-09T08:15:36.490",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad fue encontrada en Totolink NR1800X 9.1.0u.6279_B20210910 y clasificada como cr\u00edtica. La funci\u00f3n loginAuth del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento password provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada y puede utilizarse. VDB-249854 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
88
CVE-2023/CVE-2023-72xx/CVE-2023-7221.json
Normal file
88
CVE-2023/CVE-2023-72xx/CVE-2023-7221.json
Normal file
@ -0,0 +1,88 @@
|
||||
{
|
||||
"id": "CVE-2023-7221",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-01-09T14:15:46.200",
|
||||
"lastModified": "2024-01-09T14:55:35.817",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"baseScore": 10.0
|
||||
},
|
||||
"baseSeverity": "HIGH",
|
||||
"exploitabilityScore": 10.0,
|
||||
"impactScore": 10.0,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-120"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/T6/1/README.md",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.249855",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.249855",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
55
CVE-2024/CVE-2024-02xx/CVE-2024-0206.json
Normal file
55
CVE-2024/CVE-2024-02xx/CVE-2024-0206.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2024-0206",
|
||||
"sourceIdentifier": "trellixpsirt@trellix.com",
|
||||
"published": "2024-01-09T14:15:46.550",
|
||||
"lastModified": "2024-01-09T14:55:35.817",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\nA symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files\n\n"
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "trellixpsirt@trellix.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.1,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 5.2
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "trellixpsirt@trellix.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-59"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10415",
|
||||
"source": "trellixpsirt@trellix.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
55
CVE-2024/CVE-2024-02xx/CVE-2024-0213.json
Normal file
55
CVE-2024/CVE-2024-02xx/CVE-2024-0213.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2024-0213",
|
||||
"sourceIdentifier": "trellixpsirt@trellix.com",
|
||||
"published": "2024-01-09T14:15:46.763",
|
||||
"lastModified": "2024-01-09T14:55:35.817",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\nA buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. \n\n"
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "trellixpsirt@trellix.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.5,
|
||||
"impactScore": 6.0
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "trellixpsirt@trellix.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-120"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10416",
|
||||
"source": "trellixpsirt@trellix.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2024-21646",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-01-09T01:15:38.937",
|
||||
"lastModified": "2024-01-09T01:15:38.937",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Azure uAMQP es una librer\u00eda C de uso general para AMQP 1.0. Varios clientes utilizan la librer\u00eda UAMQP para implementar la comunicaci\u00f3n del protocolo AMQP. Cuando los clientes que utilizan esta librer\u00eda reciben datos de tipo binario manipulados, puede producirse un desbordamiento de enteros o un problema de seguridad de la memoria que puede provocar la ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 2024-01-01."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2024-21648",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-01-09T00:15:44.383",
|
||||
"lastModified": "2024-01-09T00:15:44.383",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. "
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. A la acci\u00f3n de reversi\u00f3n le falta una protecci\u00f3n adecuada, un usuario puede retroceder a una versi\u00f3n anterior de la p\u00e1gina para obtener derechos que ya no tiene. El problema se solucion\u00f3 en XWiki 14.10.17, 15.5.3 y 15.8-rc-1 asegur\u00e1ndose de que se verifiquen los derechos antes de realizar la reversi\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2024-21651",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-01-09T00:15:44.600",
|
||||
"lastModified": "2024-01-09T00:15:44.600",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Un usuario capaz de adjuntar un archivo a una p\u00e1gina puede publicar un archivo TAR con formato incorrecto manipulando los encabezados de los tiempos de modificaci\u00f3n del archivo, que cuando Tika los analiza, podr\u00eda causar un problema de denegaci\u00f3n de servicio debido al consumo de CPU. Esta vulnerabilidad ha sido parcheada en XWiki 14.10.18, 15.5.3 y 15.8 RC1."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2024-21663",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-01-09T00:15:44.790",
|
||||
"lastModified": "2024-01-09T00:15:44.790",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-01-09T14:01:44.900",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Discord-Recon es un bot de Discord creado para automatizar el reconocimiento de errores, escaneos automatizados y recopilaci\u00f3n de informaci\u00f3n a trav\u00e9s de un servidor de Discord. Discord-Recon es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede ejecutar comandos de shell en el servidor sin tener una funci\u00f3n de administrador. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 0.0.8."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user