From 59042740b57af36a17c601caa1d38a3d07bb7474 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 20 Feb 2024 21:00:35 +0000 Subject: [PATCH] Auto-Update: 2024-02-20T21:00:31.389455+00:00 --- CVE-2020/CVE-2020-367xx/CVE-2020-36774.json | 8 ++- CVE-2022/CVE-2022-417xx/CVE-2022-41737.json | 8 ++- CVE-2022/CVE-2022-417xx/CVE-2022-41738.json | 8 ++- CVE-2022/CVE-2022-424xx/CVE-2022-42443.json | 8 ++- CVE-2022/CVE-2022-453xx/CVE-2022-45320.json | 8 ++- CVE-2022/CVE-2022-486xx/CVE-2022-48621.json | 8 ++- CVE-2022/CVE-2022-486xx/CVE-2022-48624.json | 8 ++- CVE-2022/CVE-2022-486xx/CVE-2022-48625.json | 8 ++- CVE-2023/CVE-2023-218xx/CVE-2023-21833.json | 8 ++- CVE-2023/CVE-2023-317xx/CVE-2023-31728.json | 8 ++- CVE-2023/CVE-2023-385xx/CVE-2023-38562.json | 4 +- CVE-2023/CVE-2023-395xx/CVE-2023-39540.json | 4 +- CVE-2023/CVE-2023-395xx/CVE-2023-39541.json | 4 +- CVE-2023/CVE-2023-400xx/CVE-2023-40057.json | 28 ++++++++- CVE-2023/CVE-2023-427xx/CVE-2023-42791.json | 4 +- CVE-2023/CVE-2023-443xx/CVE-2023-44308.json | 8 ++- CVE-2023/CVE-2023-453xx/CVE-2023-45318.json | 4 +- CVE-2023/CVE-2023-455xx/CVE-2023-45581.json | 70 +++++++++++++++++++-- CVE-2023/CVE-2023-459xx/CVE-2023-45918.json | 8 ++- CVE-2023/CVE-2023-476xx/CVE-2023-47635.json | 4 +- CVE-2023/CVE-2023-482xx/CVE-2023-48220.json | 4 +- CVE-2023/CVE-2023-491xx/CVE-2023-49109.json | 4 +- CVE-2023/CVE-2023-492xx/CVE-2023-49250.json | 4 +- CVE-2023/CVE-2023-502xx/CVE-2023-50257.json | 8 ++- CVE-2023/CVE-2023-502xx/CVE-2023-50270.json | 4 +- CVE-2023/CVE-2023-503xx/CVE-2023-50306.json | 4 +- CVE-2023/CVE-2023-509xx/CVE-2023-50951.json | 8 ++- CVE-2023/CVE-2023-514xx/CVE-2023-51447.json | 4 +- CVE-2023/CVE-2023-517xx/CVE-2023-51770.json | 4 +- CVE-2023/CVE-2023-51xx/CVE-2023-5190.json | 8 ++- CVE-2023/CVE-2023-520xx/CVE-2023-52097.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52357.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52358.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52360.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52361.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52362.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52363.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52365.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52366.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52367.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52368.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52369.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52370.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52371.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52372.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52373.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52374.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52375.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52376.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52377.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52378.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52379.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52380.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52381.json | 8 ++- CVE-2023/CVE-2023-523xx/CVE-2023-52387.json | 8 ++- CVE-2023/CVE-2023-524xx/CVE-2023-52433.json | 4 +- CVE-2023/CVE-2023-524xx/CVE-2023-52434.json | 4 +- CVE-2023/CVE-2023-524xx/CVE-2023-52435.json | 24 +++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5455.json | 24 ++++--- CVE-2023/CVE-2023-57xx/CVE-2023-5779.json | 8 ++- CVE-2023/CVE-2023-62xx/CVE-2023-6249.json | 8 ++- CVE-2023/CVE-2023-62xx/CVE-2023-6259.json | 8 ++- CVE-2023/CVE-2023-62xx/CVE-2023-6260.json | 8 ++- CVE-2023/CVE-2023-63xx/CVE-2023-6397.json | 8 ++- CVE-2023/CVE-2023-63xx/CVE-2023-6398.json | 8 ++- CVE-2023/CVE-2023-63xx/CVE-2023-6399.json | 8 ++- CVE-2023/CVE-2023-67xx/CVE-2023-6749.json | 8 ++- CVE-2023/CVE-2023-67xx/CVE-2023-6764.json | 8 ++- CVE-2023/CVE-2023-72xx/CVE-2023-7245.json | 8 ++- CVE-2024/CVE-2024-06xx/CVE-2024-0610.json | 8 ++- CVE-2024/CVE-2024-07xx/CVE-2024-0715.json | 8 ++- CVE-2024/CVE-2024-07xx/CVE-2024-0794.json | 4 +- CVE-2024/CVE-2024-11xx/CVE-2024-1155.json | 4 +- CVE-2024/CVE-2024-11xx/CVE-2024-1156.json | 4 +- CVE-2024/CVE-2024-12xx/CVE-2024-1297.json | 8 ++- CVE-2024/CVE-2024-13xx/CVE-2024-1343.json | 8 ++- CVE-2024/CVE-2024-13xx/CVE-2024-1344.json | 8 ++- CVE-2024/CVE-2024-13xx/CVE-2024-1345.json | 8 ++- CVE-2024/CVE-2024-13xx/CVE-2024-1346.json | 8 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1510.json | 8 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1512.json | 8 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1546.json | 10 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1547.json | 10 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1548.json | 10 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1549.json | 10 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1550.json | 10 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1551.json | 10 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1552.json | 10 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1553.json | 10 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1554.json | 4 +- CVE-2024/CVE-2024-15xx/CVE-2024-1555.json | 4 +- CVE-2024/CVE-2024-15xx/CVE-2024-1556.json | 4 +- CVE-2024/CVE-2024-15xx/CVE-2024-1557.json | 4 +- CVE-2024/CVE-2024-15xx/CVE-2024-1559.json | 8 ++- CVE-2024/CVE-2024-15xx/CVE-2024-1580.json | 4 +- CVE-2024/CVE-2024-15xx/CVE-2024-1597.json | 4 +- CVE-2024/CVE-2024-16xx/CVE-2024-1608.json | 8 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1633.json | 8 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1635.json | 8 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1638.json | 8 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1644.json | 8 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1647.json | 8 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1648.json | 8 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1651.json | 8 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1661.json | 4 +- CVE-2024/CVE-2024-209xx/CVE-2024-20903.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20905.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20907.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20909.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20911.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20913.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20915.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20917.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20919.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20921.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20923.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20925.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20927.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20929.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20931.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20933.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20935.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20937.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20939.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20941.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20943.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20945.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20947.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20949.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20951.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20953.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20956.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20958.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20960.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20962.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20964.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20966.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20968.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20970.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20972.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20974.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20976.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20978.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20980.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20982.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20984.json | 8 ++- CVE-2024/CVE-2024-209xx/CVE-2024-20986.json | 8 ++- CVE-2024/CVE-2024-214xx/CVE-2024-21492.json | 8 ++- CVE-2024/CVE-2024-214xx/CVE-2024-21493.json | 8 ++- CVE-2024/CVE-2024-214xx/CVE-2024-21494.json | 8 ++- CVE-2024/CVE-2024-214xx/CVE-2024-21495.json | 8 ++- CVE-2024/CVE-2024-214xx/CVE-2024-21496.json | 8 ++- CVE-2024/CVE-2024-214xx/CVE-2024-21497.json | 8 ++- CVE-2024/CVE-2024-214xx/CVE-2024-21498.json | 8 ++- CVE-2024/CVE-2024-214xx/CVE-2024-21499.json | 8 ++- CVE-2024/CVE-2024-215xx/CVE-2024-21500.json | 8 ++- CVE-2024/CVE-2024-216xx/CVE-2024-21678.json | 4 +- CVE-2024/CVE-2024-216xx/CVE-2024-21682.json | 4 +- CVE-2024/CVE-2024-217xx/CVE-2024-21795.json | 4 +- CVE-2024/CVE-2024-218xx/CVE-2024-21812.json | 4 +- CVE-2024/CVE-2024-218xx/CVE-2024-21890.json | 8 ++- CVE-2024/CVE-2024-218xx/CVE-2024-21891.json | 8 ++- CVE-2024/CVE-2024-218xx/CVE-2024-21892.json | 8 ++- CVE-2024/CVE-2024-218xx/CVE-2024-21896.json | 8 ++- CVE-2024/CVE-2024-219xx/CVE-2024-21983.json | 8 ++- CVE-2024/CVE-2024-219xx/CVE-2024-21984.json | 8 ++- CVE-2024/CVE-2024-220xx/CVE-2024-22019.json | 8 ++- CVE-2024/CVE-2024-220xx/CVE-2024-22054.json | 4 +- CVE-2024/CVE-2024-220xx/CVE-2024-22097.json | 4 +- CVE-2024/CVE-2024-222xx/CVE-2024-22234.json | 8 ++- CVE-2024/CVE-2024-222xx/CVE-2024-22245.json | 4 +- CVE-2024/CVE-2024-222xx/CVE-2024-22250.json | 4 +- CVE-2024/CVE-2024-223xx/CVE-2024-22335.json | 8 ++- CVE-2024/CVE-2024-223xx/CVE-2024-22336.json | 8 ++- CVE-2024/CVE-2024-223xx/CVE-2024-22337.json | 8 ++- CVE-2024/CVE-2024-223xx/CVE-2024-22369.json | 4 +- CVE-2024/CVE-2024-227xx/CVE-2024-22727.json | 8 ++- CVE-2024/CVE-2024-228xx/CVE-2024-22824.json | 4 +- CVE-2024/CVE-2024-231xx/CVE-2024-23114.json | 4 +- CVE-2024/CVE-2024-233xx/CVE-2024-23305.json | 4 +- CVE-2024/CVE-2024-233xx/CVE-2024-23310.json | 4 +- CVE-2024/CVE-2024-233xx/CVE-2024-23313.json | 4 +- CVE-2024/CVE-2024-234xx/CVE-2024-23476.json | 28 ++++++++- CVE-2024/CVE-2024-234xx/CVE-2024-23477.json | 60 ++++++++++++++++-- CVE-2024/CVE-2024-234xx/CVE-2024-23478.json | 28 ++++++++- CVE-2024/CVE-2024-234xx/CVE-2024-23479.json | 27 +++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23606.json | 4 +- CVE-2024/CVE-2024-238xx/CVE-2024-23809.json | 4 +- CVE-2024/CVE-2024-244xx/CVE-2024-24474.json | 4 +- CVE-2024/CVE-2024-247xx/CVE-2024-24722.json | 8 ++- CVE-2024/CVE-2024-247xx/CVE-2024-24750.json | 8 ++- CVE-2024/CVE-2024-247xx/CVE-2024-24758.json | 8 ++- CVE-2024/CVE-2024-247xx/CVE-2024-24763.json | 4 +- CVE-2024/CVE-2024-247xx/CVE-2024-24793.json | 4 +- CVE-2024/CVE-2024-247xx/CVE-2024-24794.json | 4 +- CVE-2024/CVE-2024-251xx/CVE-2024-25149.json | 8 ++- CVE-2024/CVE-2024-251xx/CVE-2024-25150.json | 8 ++- CVE-2024/CVE-2024-251xx/CVE-2024-25196.json | 4 +- CVE-2024/CVE-2024-251xx/CVE-2024-25197.json | 4 +- CVE-2024/CVE-2024-251xx/CVE-2024-25198.json | 4 +- CVE-2024/CVE-2024-251xx/CVE-2024-25199.json | 4 +- CVE-2024/CVE-2024-252xx/CVE-2024-25260.json | 4 +- CVE-2024/CVE-2024-252xx/CVE-2024-25274.json | 4 +- CVE-2024/CVE-2024-252xx/CVE-2024-25297.json | 8 ++- CVE-2024/CVE-2024-252xx/CVE-2024-25298.json | 8 ++- CVE-2024/CVE-2024-253xx/CVE-2024-25366.json | 4 +- CVE-2024/CVE-2024-254xx/CVE-2024-25468.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25604.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25605.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25606.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25607.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25608.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25609.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25610.json | 4 +- CVE-2024/CVE-2024-256xx/CVE-2024-25623.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25625.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25626.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25630.json | 4 +- CVE-2024/CVE-2024-256xx/CVE-2024-25631.json | 4 +- CVE-2024/CVE-2024-256xx/CVE-2024-25634.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25635.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25636.json | 8 ++- CVE-2024/CVE-2024-256xx/CVE-2024-25640.json | 8 ++- CVE-2024/CVE-2024-257xx/CVE-2024-25710.json | 4 +- CVE-2024/CVE-2024-259xx/CVE-2024-25973.json | 8 ++- CVE-2024/CVE-2024-259xx/CVE-2024-25974.json | 8 ++- CVE-2024/CVE-2024-259xx/CVE-2024-25978.json | 8 ++- CVE-2024/CVE-2024-259xx/CVE-2024-25979.json | 8 ++- CVE-2024/CVE-2024-259xx/CVE-2024-25980.json | 8 ++- CVE-2024/CVE-2024-259xx/CVE-2024-25981.json | 8 ++- CVE-2024/CVE-2024-259xx/CVE-2024-25982.json | 8 ++- CVE-2024/CVE-2024-259xx/CVE-2024-25983.json | 8 ++- CVE-2024/CVE-2024-261xx/CVE-2024-26129.json | 8 ++- CVE-2024/CVE-2024-261xx/CVE-2024-26134.json | 8 ++- CVE-2024/CVE-2024-261xx/CVE-2024-26135.json | 59 +++++++++++++++++ CVE-2024/CVE-2024-262xx/CVE-2024-26265.json | 4 +- CVE-2024/CVE-2024-262xx/CVE-2024-26267.json | 4 +- CVE-2024/CVE-2024-262xx/CVE-2024-26268.json | 4 +- CVE-2024/CVE-2024-262xx/CVE-2024-26270.json | 4 +- CVE-2024/CVE-2024-263xx/CVE-2024-26308.json | 4 +- CVE-2024/CVE-2024-263xx/CVE-2024-26318.json | 8 ++- CVE-2024/CVE-2024-263xx/CVE-2024-26327.json | 8 ++- CVE-2024/CVE-2024-263xx/CVE-2024-26328.json | 8 ++- CVE-2024/CVE-2024-265xx/CVE-2024-26581.json | 4 +- README.md | 70 ++++++++++----------- 245 files changed, 1521 insertions(+), 545 deletions(-) create mode 100644 CVE-2023/CVE-2023-524xx/CVE-2023-52435.json create mode 100644 CVE-2024/CVE-2024-261xx/CVE-2024-26135.json diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36774.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36774.json index 1199b2c3234..5f798299ca2 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36774.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36774.json @@ -2,12 +2,16 @@ "id": "CVE-2020-36774", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-19T02:15:47.690", - "lastModified": "2024-02-19T02:15:47.690", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash)." + }, + { + "lang": "es", + "value": "plugins/gtk+/glade-gtk-box.c en GNOME Glade anterior a 3.38.1 y 3.39.x anterior a 3.40.0 maneja mal la reconstrucci\u00f3n de widgets para GladeGtkBox, lo que provoca una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n)." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-417xx/CVE-2022-41737.json b/CVE-2022/CVE-2022-417xx/CVE-2022-41737.json index f1ef0ebd7c5..1e902d05799 100644 --- a/CVE-2022/CVE-2022-417xx/CVE-2022-41737.json +++ b/CVE-2022/CVE-2022-417xx/CVE-2022-41737.json @@ -2,12 +2,16 @@ "id": "CVE-2022-41737", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-17T17:15:07.577", - "lastModified": "2024-02-17T17:15:07.577", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local attacker to initiate connections from a container outside the current namespace. IBM X-Force ID: 237811." + }, + { + "lang": "es", + "value": "IBM Storage Scale Container Native Storage Access 5.1.2.1 a 5.1.7.0 podr\u00eda permitir a un atacante local iniciar conexiones desde un contenedor fuera del espacio de nombres actual. ID de IBM X-Force: 237811." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-417xx/CVE-2022-41738.json b/CVE-2022/CVE-2022-417xx/CVE-2022-41738.json index d960f94fdf8..54bcd16aff9 100644 --- a/CVE-2022/CVE-2022-417xx/CVE-2022-41738.json +++ b/CVE-2022/CVE-2022-417xx/CVE-2022-41738.json @@ -2,12 +2,16 @@ "id": "CVE-2022-41738", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-17T17:15:07.790", - "lastModified": "2024-02-17T17:15:07.790", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812." + }, + { + "lang": "es", + "value": "IBM Storage Scale Container Native Storage Access 5.1.2.1 hasta 5.1.7.0 podr\u00eda permitir a un atacante iniciar conexiones a contenedores desde redes externas. ID de IBM X-Force: 237812." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-424xx/CVE-2022-42443.json b/CVE-2022/CVE-2022-424xx/CVE-2022-42443.json index 70de8e18b57..30756fee52d 100644 --- a/CVE-2022/CVE-2022-424xx/CVE-2022-42443.json +++ b/CVE-2022/CVE-2022-424xx/CVE-2022-42443.json @@ -2,12 +2,16 @@ "id": "CVE-2022-42443", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-17T17:15:07.973", - "lastModified": "2024-02-17T17:15:07.973", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535." + }, + { + "lang": "es", + "value": "Un problema no revelado en Trusteer iOS SDK para versiones m\u00f3viles anteriores a 5.7 y Trusteer Android SDK para versiones m\u00f3viles anteriores a 5.7 puede permitir la carga de archivos. ID de IBM X-Force: 238535." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45320.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45320.json index b49c49ae13f..51f3843840a 100644 --- a/CVE-2022/CVE-2022-453xx/CVE-2022-45320.json +++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45320.json @@ -2,12 +2,16 @@ "id": "CVE-2022-45320", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T05:15:07.613", - "lastModified": "2024-02-20T05:15:07.613", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page." + }, + { + "lang": "es", + "value": "Liferay Portal anterior a 7.4.3.16 y Liferay DXP anterior a 7.2 fixpack 19, 7.3 anterior a la actualizaci\u00f3n 6 y 7.4 anterior a la actualizaci\u00f3n 16 permiten a los usuarios autenticados remotamente convertirse en propietarios de una p\u00e1gina wiki editando la p\u00e1gina wiki." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48621.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48621.json index 4e076e2d722..d1c208154fa 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48621.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48621.json @@ -2,12 +2,16 @@ "id": "CVE-2022-48621", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T07:15:07.700", - "lastModified": "2024-02-18T07:15:07.700", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autenticaci\u00f3n para funciones cr\u00edticas en el m\u00f3dulo Wi-Fi. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48624.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48624.json index 13e4b168f3a..528522ac385 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48624.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48624.json @@ -2,12 +2,16 @@ "id": "CVE-2022-48624", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-19T01:15:48.643", - "lastModified": "2024-02-19T01:15:48.643", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE." + }, + { + "lang": "es", + "value": "close_altfile en filename.c en less antes de 606 omite las llamadas shell_quote para LESSCLOSE." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48625.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48625.json index 19c8898f603..6293ec5ce46 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48625.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48625.json @@ -2,12 +2,16 @@ "id": "CVE-2022-48625", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T00:15:14.393", - "lastModified": "2024-02-20T00:15:14.393", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary." + }, + { + "lang": "es", + "value": "Yealink Config Encrypt Tool agrega RSA anterior a 1.2 tiene un par de claves RSA incorporado y, por lo tanto, existe el riesgo de que un adversario lo descifre." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-218xx/CVE-2023-21833.json b/CVE-2023/CVE-2023-218xx/CVE-2023-21833.json index e5667923b3b..5b84854792c 100644 --- a/CVE-2023/CVE-2023-218xx/CVE-2023-21833.json +++ b/CVE-2023/CVE-2023-218xx/CVE-2023-21833.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21833", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:45.170", - "lastModified": "2024-02-17T02:15:45.170", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle ZFS Storage Appliance Kit de Oracle Systems (componente: Object Store). La versi\u00f3n compatible que se ve afectada es la 8.8. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer el kit de dispositivos de almacenamiento Oracle ZFS. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles del Oracle ZFS Storage Appliance Kit. CVSS 3.1 Puntaje base 4.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31728.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31728.json index eb294757b2c..9b83850885a 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31728.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31728.json @@ -2,12 +2,16 @@ "id": "CVE-2023-31728", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-17T04:15:07.503", - "lastModified": "2024-02-17T04:15:07.503", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface." + }, + { + "lang": "es", + "value": "Los dispositivos Teltonika RUT240 con firmware anterior a 07.04.2, cuando se utiliza el modo puente, a veces hacen que los servicios SSH y HTTP est\u00e9n disponibles en la interfaz WAN IPv6 aunque la interfaz de usuario muestre que solo est\u00e1n disponibles en la interfaz LAN." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38562.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38562.json index bb40c46ed89..f5db11d4997 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38562.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38562.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38562", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T15:15:08.020", - "lastModified": "2024-02-20T18:15:49.790", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39540.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39540.json index 08e4d05c02a..53d1f3ea578 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39540.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39540.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39540", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T15:15:08.323", - "lastModified": "2024-02-20T18:15:49.890", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39541.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39541.json index d175dfc0aca..199ff8a5350 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39541.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39541.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39541", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T15:15:08.533", - "lastModified": "2024-02-20T18:15:49.973", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40057.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40057.json index 01b00680b12..5e6a5578ad1 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40057.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40057.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40057", "sourceIdentifier": "psirt@solarwinds.com", "published": "2024-02-15T21:15:08.247", - "lastModified": "2024-02-16T13:38:00.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-20T20:39:34.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2.2", + "matchCriteriaId": "C1D2B6ED-102D-4654-B95B-73E06277861B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40057", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42791.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42791.json index 2eb52be4ee6..1f604c0fb12 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42791.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42791.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42791", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-02-20T14:15:08.030", - "lastModified": "2024-02-20T14:15:08.030", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44308.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44308.json index 092855612db..0460009c4db 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44308.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44308.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44308", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T07:15:08.033", - "lastModified": "2024-02-20T07:15:08.033", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_adaptive_media_web_portlet_AMPortlet_redirect parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de redireccionamiento abierto en la p\u00e1gina de administraci\u00f3n de medios adaptables en Liferay DXP 2023.Q3 antes del parche 6 y 7.4 GA hasta la actualizaci\u00f3n 92 permite a atacantes remotos redirigir a los usuarios a URL externas arbitrarias a trav\u00e9s del par\u00e1metro _com_liferay_adaptive_media_web_portlet_AMPortlet_redirect." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45318.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45318.json index c1359cefebc..aabd7acee3f 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45318.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45318.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45318", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T15:15:08.727", - "lastModified": "2024-02-20T18:15:50.060", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45581.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45581.json index eaf781f9093..603d3076e57 100644 --- a/CVE-2023/CVE-2023-455xx/CVE-2023-45581.json +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45581.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45581", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-02-15T14:15:45.033", - "lastModified": "2024-02-15T14:28:20.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-20T20:54:47.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an\u00a0Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de administraci\u00f3n de privilegios inadecuada [CWE-269] en Fortinet FortiClientEMS versi\u00f3n 7.2.0 a 7.2.2 y anteriores a 7.0.10 permite a un administrador del sitio con privilegios de superadministrador realizar operaciones administrativas globales que afectan a otros sitios a trav\u00e9s de solicitudes HTTP o HTTPS manipuladas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "psirt@fortinet.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@fortinet.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.10", + "matchCriteriaId": "17D081E7-E4F0-4E0F-BEBF-BF3AD0641861" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndIncluding": "7.2.2", + "matchCriteriaId": "3C4BC53A-0E69-4CDE-B89A-E6AAC3ADB1E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-357", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-459xx/CVE-2023-45918.json b/CVE-2023/CVE-2023-459xx/CVE-2023-45918.json index bf2d95d63d7..3bde7d89f20 100644 --- a/CVE-2023/CVE-2023-459xx/CVE-2023-45918.json +++ b/CVE-2023/CVE-2023-459xx/CVE-2023-45918.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45918", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-16T22:15:07.880", - "lastModified": "2024-02-16T22:15:07.880", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c." + }, + { + "lang": "es", + "value": "ncurses 6.4-20230610 tiene una desreferencia de puntero NULL en tgetstr en tinfo/lib_termcap.c." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47635.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47635.json index 8d05e8ef7cd..a3e2e0306bb 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47635.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47635.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47635", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-20T18:15:50.147", - "lastModified": "2024-02-20T18:15:50.147", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48220.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48220.json index 3c049c81bc4..42764a1559d 100644 --- a/CVE-2023/CVE-2023-482xx/CVE-2023-48220.json +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48220.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48220", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-20T18:15:50.350", - "lastModified": "2024-02-20T18:15:50.350", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49109.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49109.json index 60ff2a36714..47d5b6008ea 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49109.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49109.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49109", "sourceIdentifier": "security@apache.org", "published": "2024-02-20T10:15:07.927", - "lastModified": "2024-02-20T13:15:07.877", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49250.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49250.json index 369284fc62a..e56f475dbab 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49250.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49250.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49250", "sourceIdentifier": "security@apache.org", "published": "2024-02-20T10:15:08.040", - "lastModified": "2024-02-20T13:15:07.953", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50257.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50257.json index dc86d842765..7b33733e539 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50257.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50257.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50257", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T20:15:45.310", - "lastModified": "2024-02-19T20:15:45.310", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7." + }, + { + "lang": "es", + "value": "eProsima Fast DDS (anteriormente Fast RTPS) es una implementaci\u00f3n en C++ del est\u00e1ndar del Servicio de distribuci\u00f3n de datos del Object Management Group. Incluso con la aplicaci\u00f3n de SROS2, debido al problema donde los datos (`p[UD]`) y los valores `guid` utilizados para desconectar entre nodos no est\u00e1n cifrados, se ha descubierto una vulnerabilidad en la que un atacante malintencionado puede desconectar por la fuerza a un suscriptor y puede negarle a un suscriptor que intente conectarse. Posteriormente, si el atacante env\u00eda el paquete para desconectarse, que son datos (`p[UD]`), al Espacio de Datos Global (`239.255.0.1:7400`) usando dicho ID de Editor, todos los Suscriptores (Oyentes) conectados al Publicador (Hablador) no recibir\u00e1 ning\u00fan dato y su conexi\u00f3n se desconectar\u00e1. Adem\u00e1s, si este paquete de desconexi\u00f3n se env\u00eda continuamente, los suscriptores (Oyentes) que intenten conectarse no podr\u00e1n hacerlo. Desde el commit inicial del c\u00f3digo `SecurityManager.cpp` (`init`, `on_process_handshake`) el 8 de noviembre de 2016, la vulnerabilidad de desconexi\u00f3n en los paquetes RTPS utilizados por SROS2 ha estado presente antes de las versiones 2.13.0, 2.12.2, 2.11.3, 2.10.3 y 2.6.7." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50270.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50270.json index 6c36f5616a4..8a1e0ad3958 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50270.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50270.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50270", "sourceIdentifier": "security@apache.org", "published": "2024-02-20T10:15:08.140", - "lastModified": "2024-02-20T13:15:08.013", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50306.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50306.json index b8949f0ca66..dea0c69ff62 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50306.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50306.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50306", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-20T14:15:08.237", - "lastModified": "2024-02-20T14:15:08.237", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50951.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50951.json index 3c848c6b8f3..15fdd45cc28 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50951.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50951.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50951", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-17T16:15:46.443", - "lastModified": "2024-02-17T16:15:46.443", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747." + }, + { + "lang": "es", + "value": "IBM QRadar Suite 1.10.12.0 a 1.10.17.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 en algunas circunstancias registrar\u00e1n informaci\u00f3n confidencial sobre intentos de autorizaci\u00f3n no v\u00e1lidos. ID de IBM X-Force: 275747." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51447.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51447.json index 53dd88a4281..f228474ef10 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51447.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51447.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51447", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-20T18:15:50.547", - "lastModified": "2024-02-20T18:15:50.547", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51770.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51770.json index afdb68fd619..52c477d7a77 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51770.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51770.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51770", "sourceIdentifier": "security@apache.org", "published": "2024-02-20T10:15:08.243", - "lastModified": "2024-02-20T13:15:08.077", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5190.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5190.json index b3f744eac32..7ab9da56b79 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5190.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5190.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5190", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T06:15:07.680", - "lastModified": "2024-02-20T06:15:07.680", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Open redirect vulnerability in the Countries Management\u2019s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter." + }, + { + "lang": "es", + "value": "Vulnerabilidad de redireccionamiento abierto en la p\u00e1gina de edici\u00f3n de regi\u00f3n de Gesti\u00f3n de Pa\u00edses en Liferay Portal 7.4.3.45 a 7.4.3.101, y Liferay DXP 2023.Q3 antes del parche 6, y 7.4 actualizaci\u00f3n 45 a 92 permite a atacantes remotos redirigir a los usuarios a URL externas arbitrarias a trav\u00e9s de _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect par\u00e1metro." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52097.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52097.json index d09a33928c5..3d21b198872 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52097.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52097.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52097", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.403", - "lastModified": "2024-02-18T03:15:08.403", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de las restricciones del servicio en primer plano que se omiten en el m\u00f3dulo NMS. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52357.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52357.json index 65e5225508b..b83bee9c3ea 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52357.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52357.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52357", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.590", - "lastModified": "2024-02-18T03:15:08.590", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability." + }, + { + "lang": "es", + "value": "Vulnerabilidad de discrepancia entre serializaci\u00f3n y deserializaci\u00f3n en el framework de vibraci\u00f3n. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52358.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52358.json index d526fd0ab52..0b7130df349 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52358.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52358.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52358", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.640", - "lastModified": "2024-02-18T03:15:08.640", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of configuration defects in some APIs of the audio module.Successful exploitation of this vulnerability may affect availability." + }, + { + "lang": "es", + "value": "Vulnerabilidad de defectos de configuraci\u00f3n en algunas API del m\u00f3dulo de audio. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52360.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52360.json index 08a20522981..e6aa55ba6cd 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52360.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52360.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52360", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.683", - "lastModified": "2024-02-18T03:15:08.683", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Logic vulnerabilities in the baseband.Successful exploitation of this vulnerability may affect service integrity." + }, + { + "lang": "es", + "value": "Vulnerabilidades l\u00f3gicas en la banda base. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la integridad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52361.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52361.json index f7af93c9dd3..2d58a5b6ed2 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52361.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52361.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52361", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.730", - "lastModified": "2024-02-18T03:15:08.730", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity." + }, + { + "lang": "es", + "value": "El m\u00f3dulo VerifiedBoot tiene una vulnerabilidad que puede causar errores de autenticaci\u00f3n. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la integridad." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52362.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52362.json index 9fc0d117297..529cde35dbe 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52362.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52362.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52362", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.770", - "lastModified": "2024-02-18T03:15:08.770", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability." + }, + { + "lang": "es", + "value": "Vulnerabilidad de gesti\u00f3n de permisos en el m\u00f3dulo de pantalla de bloqueo. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52363.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52363.json index 2bda4aabefe..0a955d66a67 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52363.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52363.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52363", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.810", - "lastModified": "2024-02-18T03:15:08.810", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake." + }, + { + "lang": "es", + "value": "Vulnerabilidad de defectos introducidos en el proceso de dise\u00f1o en el m\u00f3dulo Panel de control. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar que los procesos de la aplicaci\u00f3n se inicien por error." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52365.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52365.json index 15d7324be75..74f420fecce 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52365.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52365.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52365", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.850", - "lastModified": "2024-02-18T03:15:08.850", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en el m\u00f3dulo de reconocimiento de actividad inteligente. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar que las funciones funcionen de manera anormal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52366.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52366.json index aa262e62e75..e7f10b016b3 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52366.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52366.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52366", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:07.560", - "lastModified": "2024-02-18T04:15:07.560", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en el m\u00f3dulo de reconocimiento de actividad inteligente. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar que las funciones funcionen de manera anormal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52367.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52367.json index 69dce8fb2f2..27495d20200 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52367.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52367.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52367", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:07.647", - "lastModified": "2024-02-18T04:15:07.647", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control de acceso inadecuado en el m\u00f3dulo de librer\u00eda multimedia. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad e integridad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52368.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52368.json index 94dd3fda2b3..86fe7803367 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52368.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52368.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52368", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:07.690", - "lastModified": "2024-02-18T04:15:07.690", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally." + }, + { + "lang": "es", + "value": "Vulnerabilidad de verificaci\u00f3n de entrada en el m\u00f3dulo de cuenta. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar que las funciones funcionen de manera anormal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52369.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52369.json index 981e98c809c..4aa8e96d34f 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52369.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52369.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52369", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:07.760", - "lastModified": "2024-02-18T04:15:07.760", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el m\u00f3dulo NFC. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad e integridad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52370.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52370.json index 43b286d8040..4c9d98467f1 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52370.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52370.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52370", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:07.803", - "lastModified": "2024-02-18T04:15:07.803", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el m\u00f3dulo de aceleraci\u00f3n de red. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar acceso no autorizado a archivos." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52371.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52371.json index 8147d83f4eb..37925cbd389 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52371.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52371.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52371", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:07.873", - "lastModified": "2024-02-18T04:15:07.873", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability." + }, + { + "lang": "es", + "value": "Vulnerabilidad de referencias nulas en el m\u00f3dulo motor. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52372.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52372.json index b9b8c2e7ce2..e561036a5eb 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52372.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52372.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52372", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:07.940", - "lastModified": "2024-02-18T04:15:07.940", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability." + }, + { + "lang": "es", + "value": "Vulnerabilidad de verificaci\u00f3n de par\u00e1metros de entrada en el m\u00f3dulo del motor. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52373.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52373.json index 1e611be3771..60b86b604e5 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52373.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52373.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52373", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:08.007", - "lastModified": "2024-02-18T04:15:08.007", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing." + }, + { + "lang": "es", + "value": "Vulnerabilidad de verificaci\u00f3n de permisos en el m\u00f3dulo emergente para compartir contenido. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar el intercambio de archivos no autorizado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52374.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52374.json index 3722f29c28f..49e9015072c 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52374.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52374.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52374", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:08.050", - "lastModified": "2024-02-18T04:15:08.050", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Permission control vulnerability in the package management module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control de permisos en el m\u00f3dulo de gesti\u00f3n de paquetes. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52375.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52375.json index 633eba3447d..63c6836d6bc 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52375.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52375.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52375", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T06:15:07.593", - "lastModified": "2024-02-18T06:15:07.593", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control de permisos en el m\u00f3dulo WindowManagerServices. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52376.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52376.json index 39315d5c6cb..6152f8c73ed 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52376.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52376.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52376", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T06:15:08.290", - "lastModified": "2024-02-18T06:15:08.290", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de gesti\u00f3n de informaci\u00f3n en el m\u00f3dulo Galer\u00eda. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52377.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52377.json index 0efd02928fc..01c33a34564 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52377.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52377.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52377", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T06:15:08.340", - "lastModified": "2024-02-18T06:15:08.340", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access." + }, + { + "lang": "es", + "value": "Vulnerabilidad de que los datos de entrada no se verifiquen en el m\u00f3dulo de datos m\u00f3viles. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar un acceso fuera de los l\u00edmites." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52378.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52378.json index 6fff2fa2601..3358410c692 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52378.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52378.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52378", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T07:15:08.793", - "lastModified": "2024-02-18T07:15:08.793", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally." + }, + { + "lang": "es", + "value": "Vulnerabilidad de l\u00f3gica de servicio incorrecta en el m\u00f3dulo WindowManagerServices. La explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar que las funciones funcionen de manera anormal." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52379.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52379.json index 453da663cb9..366046b110b 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52379.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52379.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52379", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T07:15:09.070", - "lastModified": "2024-02-18T07:15:09.070", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control de permisos en el m\u00f3dulo CalendarProvider. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52380.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52380.json index 3d9f37bb4b0..665bde57c63 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52380.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52380.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52380", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T07:15:09.367", - "lastModified": "2024-02-18T07:15:09.367", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability of improper access control in the email module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control de acceso inadecuado en el m\u00f3dulo de correo electr\u00f3nico. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52381.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52381.json index 48efe9e0730..30363cc3369 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52381.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52381.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52381", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T07:15:09.620", - "lastModified": "2024-02-18T07:15:09.620", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n de script en el m\u00f3dulo de correo electr\u00f3nico. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad, integridad y disponibilidad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52387.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52387.json index dcb1988deec..0b7508c84c4 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52387.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52387.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52387", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T03:15:08.920", - "lastModified": "2024-02-18T03:15:08.920", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de reutilizaci\u00f3n de recursos en el m\u00f3dulo GPU. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52433.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52433.json index c6a61247360..8e249b396a5 100644 --- a/CVE-2023/CVE-2023-524xx/CVE-2023-52433.json +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52433.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52433", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-20T13:15:08.140", - "lastModified": "2024-02-20T18:15:50.740", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52434.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52434.json index 362528b00c9..69042f4c160 100644 --- a/CVE-2023/CVE-2023-524xx/CVE-2023-52434.json +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52434.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52434", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-20T18:15:50.790", - "lastModified": "2024-02-20T18:15:50.790", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52435.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52435.json new file mode 100644 index 00000000000..2e39f6a3805 --- /dev/null +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52435.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-52435", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-02-20T20:15:08.063", + "lastModified": "2024-02-20T20:15:08.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: prevent mss overflow in skb_segment()\n\nOnce again syzbot is able to crash the kernel in skb_segment() [1]\n\nGSO_BY_FRAGS is a forbidden value, but unfortunately the following\ncomputation in skb_segment() can reach it quite easily :\n\n\tmss = mss * partial_segs;\n\n65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to\na bad final result.\n\nMake sure to limit segmentation so that the new mss value is smaller\nthan GSO_BY_FRAGS.\n\n[1]\n\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0\nR13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046\nFS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\nudp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x290/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626\n__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0xd5/0x180 net/socket.c:745\n__sys_sendto+0x255/0x340 net/socket.c:2190\n__do_sys_sendto net/socket.c:2202 [inline]\n__se_sys_sendto net/socket.c:2198 [inline]\n__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7f8692032aa9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9\nRDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003\nRBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480\nR13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003\n\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R0\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/23d05d563b7e7b0314e65c8e882bc27eac2da8e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95b3904a261a9f810205da560e802cc326f50d77", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5455.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5455.json index 70d66727836..8d71ff503cf 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5455.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5455.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5455", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-10T13:15:48.643", - "lastModified": "2024-01-26T02:15:07.177", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-20T19:05:40.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,20 +21,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", + "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH" + "baseScore": 6.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, - "impactScore": 5.2 + "impactScore": 3.6 }, { "source": "secalert@redhat.com", @@ -500,11 +500,17 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.freeipa.org/release-notes/4-10-3.html", diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5779.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5779.json index f0ccb2a3961..b2780cb95cf 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5779.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5779.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5779", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-02-18T08:15:06.917", - "lastModified": "2024-02-18T08:15:06.917", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "can: out of bounds in remove_rx_filter function" + }, + { + "lang": "es", + "value": "puede: fuera de los l\u00edmites en la funci\u00f3n remove_rx_filter" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6249.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6249.json index 6ad08a93734..b865a78256f 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6249.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6249.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6249", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-02-18T08:15:07.223", - "lastModified": "2024-02-18T08:15:07.223", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Signed to unsigned conversion esp32_ipm_send" + }, + { + "lang": "es", + "value": "Conversi\u00f3n firmada a no firmada esp32_ipm_send" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6259.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6259.json index e7e6689ef23..883d7e31cca 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6259.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6259.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6259", "sourceIdentifier": "57dba5dd-1a03-47f6-8b36-e84e47d335d8", "published": "2024-02-19T22:15:48.253", - "lastModified": "2024-02-19T22:15:48.253", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3.\n\n" + }, + { + "lang": "es", + "value": "Credenciales insuficientemente protegidas: vulnerabilidad de control de acceso inadecuado en Brivo ACS100, ACS300 permite la explotaci\u00f3n de la recuperaci\u00f3n de contrase\u00f1as, evitando la seguridad f\u00edsica. Este problema afecta a ACS100, ACS300: desde 5.2.4 antes de 6.2.4.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6260.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6260.json index f683ec22042..6160efc315e 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6260.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6260.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6260", "sourceIdentifier": "57dba5dd-1a03-47f6-8b36-e84e47d335d8", "published": "2024-02-19T22:15:48.460", - "lastModified": "2024-02-19T22:15:48.460", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Brivo ACS100, ACS300 permite la inyecci\u00f3n de comandos del sistema operativo, evitando la seguridad f\u00edsica. Este problema afecta a ACS100 (acceso adyacente a la red), ACS300 (acceso f\u00edsico): desde 5.2 .4 antes del 6.2.4.3." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6397.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6397.json index d12144f29b1..a1d07d3209f 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6397.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6397.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6397", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-02-20T02:15:48.793", - "lastModified": "2024-02-20T02:15:48.793", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\n\nA null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the \u201cAnti-Malware\u201d feature enabled.\n\n\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desreferencia de puntero nulo en las versiones de firmware de la serie Zyxel ATP desde 4.32 hasta 5.37 parche 1 y en las versiones de firmware de la serie USG FLEX desde 4.50 hasta 5.37 parche 1 podr\u00eda permitir que un atacante basado en LAN provoque condiciones de denegaci\u00f3n de servicio (DoS) descargando un archivo comprimido RAR creado en un host del lado LAN si el firewall tiene habilitada la funci\u00f3n \u201cAnti-Malware\u201d." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6398.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6398.json index b277031098b..c530e1f6c39 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6398.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6398.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6398", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-02-20T02:15:49.110", - "lastModified": "2024-02-20T03:15:07.650", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en el binario de carga de archivos en las versiones de firmware de la serie Zyxel ATP de 4.32 a 5.37, parche 1, versiones de firmware de la serie USG FLEX de 4.50 a 5.37, parche 1, versiones de firmware de la serie USG FLEX 50(W) de 4.16 a 5.37 Parche 1, versiones de firmware de la serie USG20(W)-VPN desde 4.16 hasta 5.37 Parche 1, versiones de firmware NWA50AX hasta 6.29(ABYW.3), versiones de firmware WAC500 hasta 6.65(ABVS.1), versiones de firmware WAX300H hasta 6.60(ACHF.1 ), y las versiones de firmware WBE660S hasta 6.65 (ACGG.1) podr\u00edan permitir que un atacante autenticado con privilegios de administrador ejecute algunos comandos del sistema operativo (SO) en un dispositivo afectado a trav\u00e9s de FTP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6399.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6399.json index 32d355119a5..d0620dccf13 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6399.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6399.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6399", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-02-20T02:15:49.407", - "lastModified": "2024-02-20T02:15:49.407", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \u201cdeviceid\u201d daemon by sending a crafted hostname to an affected device if it has the \u201cDevice Insight\u201d feature enabled." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cadena de formato en las versiones de firmware de la serie Zyxel ATP desde 4.32 hasta 5.37 Parche 1, versiones de firmware de la serie USG FLEX desde 4.50 hasta 5.37 Parche 1, versiones de firmware de la serie USG FLEX 50(W) desde 4.16 hasta 5.37 Parche 1 y USG20(W) -Las versiones de firmware de la serie VPN desde la 4.16 hasta la 5.37, parche 1, podr\u00edan permitir que un usuario de VPN IPSec autenticado provoque condiciones DoS contra el demonio \"deviceid\" enviando un nombre de host manipulado a un dispositivo afectado si tiene habilitada la funci\u00f3n \"Device Insight\"." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6749.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6749.json index 00f673694e7..5285d1aa0f0 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6749.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6749.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6749", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-02-18T07:15:10.047", - "lastModified": "2024-02-18T07:15:10.047", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Unchecked length coming from user input in settings shell" + }, + { + "lang": "es", + "value": "Longitud no marcada proveniente de la entrada del usuario en el shell de configuraci\u00f3n" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6764.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6764.json index 4cb7c87f68f..5cd0bad482b 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6764.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6764.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6764", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-02-20T03:15:07.870", - "lastModified": "2024-02-20T03:15:07.870", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cadena de formato en una funci\u00f3n de la funci\u00f3n VPN IPSec en las versiones de firmware de la serie Zyxel ATP de 4.32 a 5.37 Parche 1, versiones de firmware de la serie USG FLEX de 4.50 a 5.37 Parche 1, versiones de firmware de la serie USG FLEX 50(W) de 4.16 a 5.37 El parche 1 y las versiones de firmware de la serie USG20(W)-VPN desde 4.16 hasta 5.37. El parche 1 podr\u00eda permitir a un atacante lograr la ejecuci\u00f3n remota no autorizada de c\u00f3digo enviando una secuencia de payloads especialmente manipulados que contengan un puntero no v\u00e1lido; sin embargo, un ataque de este tipo requerir\u00eda un conocimiento detallado del dise\u00f1o y la configuraci\u00f3n de la memoria del dispositivo afectado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7245.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7245.json index 5539ad48228..ff838996761 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7245.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7245.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7245", "sourceIdentifier": "security@openvpn.net", "published": "2024-02-20T11:15:07.750", - "lastModified": "2024-02-20T11:15:07.750", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable\n" + }, + { + "lang": "es", + "value": "El framework nodejs en OpenVPN Connect 3.0 a 3.4.3 (Windows)/3.4.7 (macOS) no se configur\u00f3 correctamente, lo que permite a un usuario local ejecutar c\u00f3digo arbitrario dentro del contexto del proceso nodejs a trav\u00e9s de la variable de entorno ELECTRON_RUN_AS_NODE" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0610.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0610.json index c3cf2827051..76d00347b4f 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0610.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0610.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0610", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-17T08:15:07.680", - "lastModified": "2024-02-17T08:15:07.680", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Payment Gateway de Piraeus Bank para WordPress es vulnerable a la inyecci\u00f3n SQL ciega basada en el tiempo a trav\u00e9s del par\u00e1metro 'MerchantReference' en todas las versiones hasta la 1.6.5.1 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0715.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0715.json index 025abfd7986..f435cfa290c 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0715.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0715.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0715", "sourceIdentifier": "hirt@hitachi.co.jp", "published": "2024-02-20T02:15:49.720", - "lastModified": "2024-02-20T02:15:49.720", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n de lenguaje de expresi\u00f3n en Hitachi Global Link Manager en Windows permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Hitachi Global Link Manager: versiones anteriores a 8.8.7-03." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0794.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0794.json index abbd4adbe65..b80d1f96138 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0794.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0794.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0794", "sourceIdentifier": "hp-security-alert@hp.com", "published": "2024-02-20T18:15:50.840", - "lastModified": "2024-02-20T18:15:50.840", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1155.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1155.json index e97334950f9..f4037e22498 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1155.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1155.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1155", "sourceIdentifier": "security@ni.com", "published": "2024-02-20T15:15:09.703", - "lastModified": "2024-02-20T15:15:09.703", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1156.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1156.json index f1551e34a1f..6f9ba95af21 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1156.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1156.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1156", "sourceIdentifier": "security@ni.com", "published": "2024-02-20T15:15:09.910", - "lastModified": "2024-02-20T15:15:09.910", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1297.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1297.json index 1b15595bb54..e56293ece10 100644 --- a/CVE-2024/CVE-2024-12xx/CVE-2024-1297.json +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1297.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1297", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-02-20T00:15:14.463", - "lastModified": "2024-02-20T00:15:14.463", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Loomio version 2.22.0 allows executing arbitrary commands on the server.\n\nThis is possible because the application is vulnerable to OS Command Injection.\n\n\n\n" + }, + { + "lang": "es", + "value": "La versi\u00f3n 2.22.0 de Loomio permite ejecutar comandos arbitrarios en el servidor. Esto es posible porque la aplicaci\u00f3n es vulnerable a la inyecci\u00f3n de comandos del sistema operativo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1343.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1343.json index 37356aad3c6..f88d4b95379 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1343.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1343.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1343", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-02-19T12:15:44.413", - "lastModified": "2024-02-19T12:15:44.413", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un permiso d\u00e9bil en el directorio de respaldo en LaborOfficeFree que afecta la versi\u00f3n 19.10. Esta vulnerabilidad permite que cualquier usuario autenticado lea archivos de respaldo en el directorio '%programfiles(x86)% LaborOfficeFree BackUp'." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1344.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1344.json index 68f86d6dada..a0f8e3a7fe3 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1344.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1344.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1344", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-02-19T12:15:44.617", - "lastModified": "2024-02-19T12:15:44.617", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\\LaborOfficeFree\\' directory. This user can log in remotely and has root-like privileges." + }, + { + "lang": "es", + "value": "Credenciales de base de datos cifradas en LaborOfficeFree que afectan a la versi\u00f3n 19.10. Esta vulnerabilidad permite a un atacante leer y extraer el nombre de usuario y la contrase\u00f1a de la base de datos de 'LOF_service.exe' y 'LaborOfficeFree.exe' ubicada en el directorio '%programfiles(x86)%\\LaborOfficeFree\\'. Este usuario puede iniciar sesi\u00f3n de forma remota y tiene privilegios similares a los de root." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1345.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1345.json index 41cdf60eb92..c79097d055a 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1345.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1345.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1345", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-02-19T12:15:44.803", - "lastModified": "2024-02-19T12:15:44.803", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password." + }, + { + "lang": "es", + "value": "La contrase\u00f1a ra\u00edz d\u00e9bil de la base de datos MySQL en LaborOfficeFree afecta la versi\u00f3n 19.10. Esta vulnerabilidad permite a un atacante realizar un ataque de fuerza bruta y descubrir f\u00e1cilmente la contrase\u00f1a de root." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1346.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1346.json index 8fdfce40178..3398b327475 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1346.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1346.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1346", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-02-19T12:15:45.000", - "lastModified": "2024-02-19T12:15:45.000", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants." + }, + { + "lang": "es", + "value": "La contrase\u00f1a ra\u00edz d\u00e9bil de la base de datos MySQL en LaborOfficeFree afecta la versi\u00f3n 19.10. Esta vulnerabilidad permite a un atacante calcular la contrase\u00f1a ra\u00edz de la base de datos MySQL utilizada por LaborOfficeFree utilizando dos constantes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json index 781ae8cec69..4c70d496edf 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1510.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1510", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-20T03:15:08.077", - "lastModified": "2024-02-20T03:15:08.077", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WP Shortcodes Plugin \u2014 Shortcodes Ultimate para WordPress es vulnerable a Cross-Site Scripting Almacenado, a trav\u00e9s del c\u00f3digo abreviado su_tooltip del complemento en todas las versiones hasta la 7.0.2 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos y etiquetas proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1512.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1512.json index c33e22e777d..17e1f3103a0 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1512.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1512.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1512", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-17T08:15:08.093", - "lastModified": "2024-02-17T08:15:08.093", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education para WordPress es vulnerable a la inyecci\u00f3n SQL basada en uni\u00f3n a trav\u00e9s del par\u00e1metro 'user' de la ruta REST /lms/stm-lms/order/items en todas las versiones hasta, e incluyendo, 3.2.5 debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1546.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1546.json index fc753d45a60..935f5e7605c 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1546.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1546.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1546", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.477", - "lastModified": "2024-02-20T14:15:08.477", - "vulnStatus": "Received", + "lastModified": "2024-02-20T20:15:08.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8." + "value": "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8." } ], "metrics": {}, @@ -23,6 +23,10 @@ { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", + "source": "security@mozilla.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1547.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1547.json index 547e971c17f..5f381c44514 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1547.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1547.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1547", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.547", - "lastModified": "2024-02-20T14:15:08.547", - "vulnStatus": "Received", + "lastModified": "2024-02-20T20:15:08.220", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123 and Firefox ESR < 115.8." + "value": "Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8." } ], "metrics": {}, @@ -23,6 +23,10 @@ { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", + "source": "security@mozilla.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1548.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1548.json index 14517cbb4d4..554fc52e32d 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1548.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1548.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1548", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.603", - "lastModified": "2024-02-20T14:15:08.603", - "vulnStatus": "Received", + "lastModified": "2024-02-20T20:15:08.267", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8." + "value": "A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8." } ], "metrics": {}, @@ -23,6 +23,10 @@ { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", + "source": "security@mozilla.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1549.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1549.json index d87b54e9256..8c469f23eb4 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1549.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1549.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1549", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.683", - "lastModified": "2024-02-20T14:15:08.683", - "vulnStatus": "Received", + "lastModified": "2024-02-20T20:15:08.317", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8." + "value": "If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8." } ], "metrics": {}, @@ -23,6 +23,10 @@ { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", + "source": "security@mozilla.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1550.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1550.json index b858c222810..59b473abba2 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1550.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1550.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1550", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.733", - "lastModified": "2024-02-20T14:15:08.733", - "vulnStatus": "Received", + "lastModified": "2024-02-20T20:15:08.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8." + "value": "A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8." } ], "metrics": {}, @@ -23,6 +23,10 @@ { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", + "source": "security@mozilla.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1551.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1551.json index 15d7a873f2d..349c51da20c 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1551.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1551.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1551", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.790", - "lastModified": "2024-02-20T14:15:08.790", - "vulnStatus": "Received", + "lastModified": "2024-02-20T20:15:08.413", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8." + "value": "Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8." } ], "metrics": {}, @@ -23,6 +23,10 @@ { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", + "source": "security@mozilla.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1552.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1552.json index 3c718832b54..d8e209eebfc 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1552.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1552.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1552", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.840", - "lastModified": "2024-02-20T14:15:08.840", - "vulnStatus": "Received", + "lastModified": "2024-02-20T20:15:08.460", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. *Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8." + "value": "Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8." } ], "metrics": {}, @@ -23,6 +23,10 @@ { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", + "source": "security@mozilla.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1553.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1553.json index 42818bd0fde..5462fd8282c 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1553.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1553.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1553", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.903", - "lastModified": "2024-02-20T14:15:08.903", - "vulnStatus": "Received", + "lastModified": "2024-02-20T20:15:08.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8." + "value": "Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8." } ], "metrics": {}, @@ -23,6 +23,10 @@ { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/", "source": "security@mozilla.org" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/", + "source": "security@mozilla.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1554.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1554.json index 88e1876c6a4..7dfc3a9afd1 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1554.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1554.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1554", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.960", - "lastModified": "2024-02-20T14:15:08.960", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1555.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1555.json index eae0fafb655..1dc84d3dd5c 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1555.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1555.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1555", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:09.007", - "lastModified": "2024-02-20T14:15:09.007", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1556.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1556.json index f1c850d9491..b0f4b8ec661 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1556.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1556.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1556", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:09.053", - "lastModified": "2024-02-20T14:15:09.053", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1557.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1557.json index adaf23d8ff7..47fcc29f432 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1557.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1557.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1557", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:09.100", - "lastModified": "2024-02-20T14:15:09.100", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1559.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1559.json index 78c15d9b652..3c6cdc092c8 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1559.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1559.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1559", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-20T04:15:07.330", - "lastModified": "2024-02-20T04:15:07.330", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Link Library para WordPress es vulnerable a Cross-Site Scripting Almacenado, a trav\u00e9s del par\u00e1metro 'll_reciprocal' en todas las versiones hasta la 7.6 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1580.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1580.json index dac463b1df6..db4c7ce4742 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1580.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1580.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1580", "sourceIdentifier": "cve-coordination@google.com", "published": "2024-02-19T11:15:08.817", - "lastModified": "2024-02-19T11:15:08.817", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1597.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1597.json index 19304329ae6..08098238673 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1597.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1597.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1597", "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "published": "2024-02-19T13:15:07.740", - "lastModified": "2024-02-19T13:15:07.740", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1608.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1608.json index fb6e530aa6f..2a291c16f3e 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1608.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1608.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1608", "sourceIdentifier": "security@oppo.com", "published": "2024-02-20T09:15:08.877", - "lastModified": "2024-02-20T09:15:08.877", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction." + }, + { + "lang": "es", + "value": "En OPPO Usercenter Credit SDK, existe una posible escalada de privilegios debido a una verificaci\u00f3n de permisos suelta, lo que podr\u00eda provocar una fuga de informaci\u00f3n interna de la aplicaci\u00f3n sin interacci\u00f3n del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json index 303574ec5ff..24d204b728c 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1633", "sourceIdentifier": "cve@asrg.io", "published": "2024-02-19T17:15:08.347", - "lastModified": "2024-02-19T17:15:08.347", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u00a0Because of the way of reading from the image, which base on\u00a032-bit unsigned integer value, it can result to\u00a0an integer overflow.\u00a0An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\n\n Affected git version from\u00a0c2f286820471ed276c57e603762bd831873e5a17 until (not\u00a0\n" + }, + { + "lang": "es", + "value": "Durante el arranque seguro, bl2 (la segunda etapa del gestor de arranque) recorre las im\u00e1genes definidas en la tabla \"bl2_mem_params_descs\". Para cada imagen, el bl2 lee la longitud y el destino de la imagen en el certificado de la imagen. Debido a la forma de leer la imagen, que se basa en un valor entero sin signo de 32 bits, puede provocar un desbordamiento de enteros. Un atacante puede eludir la restricci\u00f3n del rango de memoria y escribir datos fuera de los l\u00edmites del b\u00fafer, lo que podr\u00eda provocar la omisi\u00f3n del inicio seguro. Versi\u00f3n de git afectada desde c2f286820471ed276c57e603762bd831873e5a17 hasta (no" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1635.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1635.json index 6a52642b991..a5394c1aa84 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1635.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1635.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1635", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-19T22:15:48.647", - "lastModified": "2024-02-19T22:15:48.647", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Undertow. Esta vulnerabilidad afecta a un servidor que admite el protocolo wildfly-http-client. Siempre que un usuario malintencionado abre y cierra una conexi\u00f3n con el puerto HTTP del servidor y luego cierra la conexi\u00f3n inmediatamente, el servidor finalizar\u00e1 con los l\u00edmites de memoria y de archivos abiertos agotados en alg\u00fan momento, dependiendo de la cantidad de memoria disponible. En la actualizaci\u00f3n HTTP a comunicaci\u00f3n remota, WriteTimeoutStreamSinkConduit pierde conexiones si RemotingConnection se cierra mediante Remoting ServerConnectionOpenListener. Debido a que la conexi\u00f3n remota se origina en Undertow como parte de la actualizaci\u00f3n HTTP, existe una capa externa a la conexi\u00f3n remota. Esta conexi\u00f3n desconoce la capa m\u00e1s externa al cerrar la conexi\u00f3n durante el procedimiento de apertura de la conexi\u00f3n. Por lo tanto, Undertow WriteTimeoutStreamSinkConduit no recibe notificaci\u00f3n de la conexi\u00f3n cerrada en este escenario. Debido a que WriteTimeoutStreamSinkConduit crea una tarea de tiempo de espera, todo el \u00e1rbol de dependencia se filtra a trav\u00e9s de esa tarea, que se agrega a XNIO WorkerThread. Entonces, el hilo de trabajo apunta al conducto Undertow, que contiene las conexiones y causa la fuga." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1638.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1638.json index 2e3f813c969..480d54562cb 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1638.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1638.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1638", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-02-19T22:15:48.837", - "lastModified": "2024-02-19T22:15:48.837", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read." + }, + { + "lang": "es", + "value": "La documentaci\u00f3n especifica que BT_GATT_PERM_READ_LESC y BT_GATT_PERM_WRITE_LESC definen para una caracter\u00edstica de Bluetooth: Atributo permiso de lectura/escritura con cifrado LE Secure Connection. Si est\u00e1 configurado, requiere que se utilice LE Secure Connections para acceso de lectura/escritura; sin embargo, esto solo es cierto cuando se combina con otros permisos, a saber, BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (para lectura) o BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (para escritura), si estos permisos adicionales no est\u00e1n configurados (incluso en el modo de solo conexiones seguras), entonces la pila no realiza ninguna verificaci\u00f3n de permisos sobre estas caracter\u00edsticas y se pueden escribir/leer libremente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1644.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1644.json index 08e8653c3cc..012aa85274c 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1644.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1644.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1644", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-02-20T00:15:14.653", - "lastModified": "2024-02-20T00:15:14.653", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Suite CRM version 7.14.2 allows including local php files. This is possible\n\nbecause the application is vulnerable to LFI.\n\n\n\n" + }, + { + "lang": "es", + "value": "La versi\u00f3n 7.14.2 de Suite CRM permite incluir archivos php locales. Esto es posible porque la aplicaci\u00f3n es vulnerable a LFI." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1647.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1647.json index 50a6b20f31d..f31fe529549 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1647.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1647.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1647", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-02-20T01:15:07.717", - "lastModified": "2024-02-20T01:15:07.717", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain\n\narbitrary local files. This is possible because the application does not\n\nvalidate the HTML content entered by the user.\n\n\n\n" + }, + { + "lang": "es", + "value": "Pyhtml2pdf versi\u00f3n 0.0.6 permite a un atacante externo obtener de forma remota archivos locales arbitrarios. Esto es posible porque la aplicaci\u00f3n no valida el contenido HTML ingresado por el usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1648.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1648.json index 58091193426..3c8e50003ce 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1648.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1648.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1648", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-02-20T01:15:07.943", - "lastModified": "2024-02-20T01:15:07.943", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "electron-pdf version 20.0.0 allows an external attacker to remotely obtain\n\narbitrary local files. This is possible because the application does not\n\nvalidate the HTML content entered by the user.\n\n\n\n" + }, + { + "lang": "es", + "value": "electron-pdf versi\u00f3n 20.0.0 permite a un atacante externo obtener de forma remota archivos locales arbitrarios. Esto es posible porque la aplicaci\u00f3n no valida el contenido HTML ingresado por el usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1651.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1651.json index 595bedf4f87..ed65aec82f6 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1651.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1651.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1651", "sourceIdentifier": "help@fluidattacks.com", "published": "2024-02-20T00:15:14.847", - "lastModified": "2024-02-20T00:15:14.847", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Torrentpier version 2.4.1 allows executing arbitrary commands on the server.\n\nThis is possible because the application is vulnerable to insecure deserialization.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Torrentpier versi\u00f3n 2.4.1 permite ejecutar comandos arbitrarios en el servidor. Esto es posible porque la aplicaci\u00f3n es vulnerable a una deserializaci\u00f3n insegura." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json index 8f69c94be10..bef41cd3134 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1661.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1661", "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-20T13:15:08.230", - "lastModified": "2024-02-20T13:15:08.230", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20903.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20903.json index 9c8cfc19863..5d213990b6f 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20903.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20903.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20903", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:45.470", - "lastModified": "2024-02-17T02:15:45.470", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el componente Java VM de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.21 y 21.3-21.12. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios que tenga privilegios de Crear sesi\u00f3n y Crear procedimiento con acceso a la red a trav\u00e9s de Oracle Net comprometa la m\u00e1quina virtual Java. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o a todos los datos accesibles de Java VM. CVSS 3.1 Puntaje base 6.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20905.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20905.json index d17cedf5405..e354cb94442 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20905.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20905.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20905", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:45.637", - "lastModified": "2024-02-17T02:15:45.637", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Enterprise Infrastructure SEC). Las versiones compatibles que se ven afectadas son anteriores a la 9.2.8.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios y acceso a la red a trav\u00e9s de JDENET comprometer JD Edwards EnterpriseOne Tools. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de JD Edwards EnterpriseOne Tools. CVSS 3.1 Puntuaci\u00f3n base 2.7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20907.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20907.json index 0b8055ea8fd..61038e598ea 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20907.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20907.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20907", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:45.793", - "lastModified": "2024-02-17T02:15:45.793", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Web Applications Desktop Integrator de Oracle E-Business Suite (componente: descarga de archivos). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Web Applications Desktop Integrator. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Web Applications Desktop Integrator, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Web Applications Desktop Integrator, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Web Applications Desktop Integrator. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20909.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20909.json index fe42f0c7ab3..545b95c2cda 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20909.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20909.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20909", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:45.950", - "lastModified": "2024-02-17T02:15:45.950", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Audit Vault y Database Firewall (componente: Firewall). Las versiones compatibles que se ven afectadas son 20.1-20.9. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de Oracle Net comprometer Oracle Audit Vault y Database Firewall. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o a todos los datos accesibles de Oracle Audit Vault y Database Firewall. CVSS 3.1 Puntaje base 7.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20911.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20911.json index b56aa2bf03b..0e3c40be277 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20911.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20911.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20911", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:46.113", - "lastModified": "2024-02-17T02:15:46.113", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Audit Vault y Database Firewall (componente: Firewall). Las versiones compatibles que se ven afectadas son 20.1-20.9. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de Oracle Net comprometa Oracle Audit Vault y Database Firewall. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Audit Vault y Database Firewall, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Audit Vault y Database Firewall. CVSS 3.1 Puntaje base 2.6 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20913.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20913.json index 93a9c1319f4..fec63a4d4f7 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20913.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20913.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20913", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:46.277", - "lastModified": "2024-02-17T02:15:46.277", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Business Intelligence Enterprise Edition de Oracle Analytics (componente: BI Platform Security). La versi\u00f3n compatible afectada es 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Business Intelligence Enterprise Edition. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Business Intelligence Enterprise Edition, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Business Intelligence Enterprise Edition, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20915.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20915.json index 0d0ed7b0ff8..9a815b6c23a 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20915.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20915.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20915", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:46.443", - "lastModified": "2024-02-17T02:15:46.443", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Application Object Library de Oracle E-Business Suite (componente: Inicio de sesi\u00f3n - SSO). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer la librer\u00eda de objetos de aplicaciones de Oracle. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de la librer\u00eda de objetos de aplicaci\u00f3n Oracle. CVSS 3.1 Puntuaci\u00f3n base 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20917.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20917.json index 90dd17db94a..71ddc806808 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20917.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20917.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20917", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:46.603", - "lastModified": "2024-02-17T02:15:46.603", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Enterprise Manager Base Platform de Oracle Enterprise Manager (componente: Log Management). La versi\u00f3n compatible afectada es 13.5.0.0. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa la plataforma base de Oracle Enterprise Manager. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en la plataforma base de Oracle Enterprise Manager, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de la plataforma base de Oracle Enterprise Manager, as\u00ed como acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de la plataforma base de Oracle Enterprise Manager y la capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de la plataforma base Oracle Enterprise Manager. CVSS 3.1 Puntuaci\u00f3n base 7,5 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20919.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20919.json index 4c718c458b2..98f58a19556 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20919.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20919.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20919", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:46.770", - "lastModified": "2024-02-17T02:15:46.770", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o de todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad solo se puede aprovechar proporcionando datos a las API en el componente especificado sin utilizar aplicaciones Java Web Start que no son de confianza o subprogramas de Java que no son de confianza, como a trav\u00e9s de un servicio web. CVSS 3.1 Puntaje base 5.9 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20921.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20921.json index aa6f0f47a8d..cb1652a225d 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20921.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20921.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20921", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:46.937", - "lastModified": "2024-02-17T02:15:46.937", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 5.9 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20923.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20923.json index 9320e5ebb2b..f98dd53016a 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20923.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20923.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20923", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:47.103", - "lastModified": "2024-02-17T02:15:47.103", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JavaFX). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 y 21.3.8. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 3.1 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20925.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20925.json index 7afa7cf76c9..8823d7fdd7c 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20925.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20925.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20925", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:47.263", - "lastModified": "2024-02-17T02:15:47.263", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JavaFX). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 y 21.3.8. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos a esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 3.1 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20927.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20927.json index 0e9ecffc0da..412f29cbc70 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20927.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20927.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20927", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:47.420", - "lastModified": "2024-02-17T02:15:47.420", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.6 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles que se ven afectadas son 12.2.1.4.0 y 14.1.1.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle WebLogic Server. Si bien la vulnerabilidad est\u00e1 en Oracle WebLogic Server, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o a todos los datos accesibles de Oracle WebLogic Server. CVSS 3.1 Puntaje base 8.6 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20929.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20929.json index fd11ecc5f86..4df15fb6f3d 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20929.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20929.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20929", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:47.590", - "lastModified": "2024-02-17T02:15:47.590", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Application Object Library de Oracle E-Business Suite (componente: DB Privileges). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer la librer\u00eda de objetos de aplicaciones de Oracle. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos datos accesibles de la librer\u00eda de objetos de aplicaciones de Oracle, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de la librer\u00eda de objetos de aplicaciones de Oracle. CVSS 3.1 Puntaje base 6.5 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20931.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20931.json index e5210965dc1..5f2b0be4c43 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20931.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20931.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20931", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:47.740", - "lastModified": "2024-02-17T02:15:47.740", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles que se ven afectadas son 12.2.1.4.0 y 14.1.1.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de T3, IIOP comprometa Oracle WebLogic Server. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle WebLogic Server. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20933.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20933.json index 7d1f1be785d..29f982ef63b 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20933.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20933.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20933", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:47.903", - "lastModified": "2024-02-17T02:15:47.903", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Installed Base de Oracle E-Business Suite (componente: Orden de cambio de ingenier\u00eda). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa la base instalada de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en la base instalada de Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Installed Base, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Installed Base. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20935.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20935.json index 50e7e67e43b..5c09852d8cf 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20935.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20935.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20935", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:48.077", - "lastModified": "2024-02-17T02:15:48.077", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Installed Base de Oracle E-Business Suite (componente: Orden de cambio de ingenier\u00eda). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa la base instalada de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en la base instalada de Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Installed Base, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Installed Base. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20937.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20937.json index c36fd670138..41011153ef6 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20937.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20937.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20937", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:48.227", - "lastModified": "2024-02-17T02:15:48.227", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Monitoreo y Diagn\u00f3stico SEC). Las versiones compatibles que se ven afectadas son anteriores a la 9.2.8.1. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer JD Edwards EnterpriseOne Tools. Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de JD Edwards EnterpriseOne Tools. CVSS 3.1 Puntaje base 4.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20939.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20939.json index e6b8b124308..5636fcf8a83 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20939.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20939.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20939", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:48.390", - "lastModified": "2024-02-17T02:15:48.390", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle CRM Technical Foundation de Oracle E-Business Suite (componente: Admin Console). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle CRM Technical Foundation. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle CRM Technical Foundation. CVSS 3.1 Puntuaci\u00f3n base 4.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20941.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20941.json index 03fed0c535a..83c1446a4e5 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20941.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20941.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20941", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:48.560", - "lastModified": "2024-02-17T02:15:48.560", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Installed Base de Oracle E-Business Suite (componente: interfaz de usuario HTML). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa la base instalada de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en la base instalada de Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Installed Base, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Installed Base. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20943.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20943.json index 6d38e4f9a24..fa1f8581908 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20943.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20943.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20943", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:48.720", - "lastModified": "2024-02-17T02:15:48.720", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Knowledge Management de Oracle E-Business Suite (componente: Operaciones Internas). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Knowledge Management. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Knowledge Management, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Knowledge Management, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Knowledge Management. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20945.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20945.json index 1580ff5e0cd..91895b36eb0 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20945.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20945.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20945", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:48.880", - "lastModified": "2024-02-17T02:15:48.880", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con pocos privilegios inicie sesi\u00f3n en la infraestructura donde se ejecuta Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition para comprometer Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 4.7 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20947.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20947.json index 09cd910e3e7..539a5c2897f 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20947.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20947.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20947", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:49.040", - "lastModified": "2024-02-17T02:15:49.040", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Common Applications de Oracle E-Business Suite (componente: CRM User Management Framework). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer las aplicaciones comunes de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en las aplicaciones comunes de Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Common Applications, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Common Applications. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20949.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20949.json index bd2ae7708eb..ce38ff3b6e7 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20949.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20949.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20949", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:49.200", - "lastModified": "2024-02-17T02:15:49.200", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Customer Interaction History de Oracle E-Business Suite (componente: Outcome-Result). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el historial de interacci\u00f3n con el cliente de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en el Historial de interacci\u00f3n con el cliente de Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles del Historial de interacci\u00f3n con el cliente de Oracle, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles del Historial de interacci\u00f3n con el cliente de Oracle. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20951.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20951.json index 4f943bbddb7..f5899072b5b 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20951.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20951.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20951", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:49.357", - "lastModified": "2024-02-17T02:15:49.357", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Customer Interaction History de Oracle E-Business Suite (componente: Outcome-Result). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa el historial de interacci\u00f3n con el cliente de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en el Historial de interacci\u00f3n con el cliente de Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles del Historial de interacci\u00f3n con el cliente de Oracle, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles del Historial de interacci\u00f3n con el cliente de Oracle. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20953.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20953.json index f9e4a2b07af..3c05b3bd257 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20953.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20953.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20953", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:49.520", - "lastModified": "2024-02-17T02:15:49.520", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Agile PLM de Oracle Supply Chain (componente: Exportar). La versi\u00f3n compatible afectada es la 9.3.6. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Agile PLM. Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle Agile PLM. CVSS 3.1 Puntuaci\u00f3n base 8,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20956.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20956.json index 8e6a93528d8..bc8c3f36c7c 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20956.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20956.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20956", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:49.680", - "lastModified": "2024-02-17T02:15:49.680", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Agile Product Lifecycle Management for Process de Oracle Supply Chain (componente: Instalaci\u00f3n). Las versiones compatibles que se ven afectadas son anteriores a 6.2.4.2. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Agile Product Lifecycle Management for Process. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle Agile Product Lifecycle Management for Process, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Agile Product Lifecycle Management for Process y capacidad no autorizada para provocar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Puntuaci\u00f3n base 7.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20958.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20958.json index 89c3ef6b22f..7b43049a504 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20958.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20958.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20958", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:49.853", - "lastModified": "2024-02-17T02:15:49.853", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Installed Base de Oracle E-Business Suite (componente: Orden de cambio de ingenier\u00eda). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer la base instalada de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en la base instalada de Oracle, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Installed Base, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Installed Base. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20960.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20960.json index 12317776998..3ff61e86ca5 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20960.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20960.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20960", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:50.037", - "lastModified": "2024-02-17T02:15:50.037", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: RAPID). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20962.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20962.json index f7405fa5eee..29f3b24f32e 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20962.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20962.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20962", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:50.207", - "lastModified": "2024-02-17T02:15:50.207", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20964.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20964.json index c60bef44cd9..ecaed794fc9 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20964.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20964.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20964", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:50.363", - "lastModified": "2024-02-17T02:15:50.363", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Seguridad: Privilegios). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20966.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20966.json index abafc9ed7b7..35d79401413 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20966.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20966.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20966", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:50.517", - "lastModified": "2024-02-17T02:15:50.517", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20968.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20968.json index 5dbaf2dfad6..272ed657539 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20968.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20968.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20968", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:50.670", - "lastModified": "2024-02-17T02:15:50.670", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Opciones). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.4 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20970.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20970.json index d5f8013ac7e..1c9742d932e 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20970.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20970.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20970", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:50.833", - "lastModified": "2024-02-17T02:15:50.833", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20972.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20972.json index b46564db129..19043528605 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20972.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20972.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20972", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:50.993", - "lastModified": "2024-02-17T02:15:50.993", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20974.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20974.json index a0a194ecd23..82f7687b1f2 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20974.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20974.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20974", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:51.157", - "lastModified": "2024-02-17T02:15:51.157", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20976.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20976.json index bb0ae179f40..1f968b80c95 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20976.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20976.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20976", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:51.310", - "lastModified": "2024-02-17T02:15:51.310", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20978.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20978.json index 5e9facf0a87..8a5a999cf5b 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20978.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20978.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20978", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:51.470", - "lastModified": "2024-02-17T02:15:51.470", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20980.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20980.json index ca4f80e967b..70534fbabad 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20980.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20980.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20980", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:51.620", - "lastModified": "2024-02-17T02:15:51.620", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle BI Publisher de Oracle Analytics (componente: Web Server). Las versiones compatibles que se ven afectadas son 6.4.0.0.0 y 7.0.0.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle BI Publisher. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle BI Publisher, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle BI Publisher, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle BI Publisher. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20982.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20982.json index 4f182feee6a..a0066c5ebe9 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20982.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20982.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20982", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:51.780", - "lastModified": "2024-02-17T02:15:51.780", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20984.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20984.json index 30472b8410e..1a42eeed08b 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20984.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20984.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20984", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:51.937", - "lastModified": "2024-02-17T02:15:51.937", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Seguridad: Firewall). Las versiones compatibles que se ven afectadas son la 8.0.35 y anteriores y la 8.2.0 y anteriores. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.4 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20986.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20986.json index 11bec920513..e89a028cc80 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20986.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20986.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20986", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:52.097", - "lastModified": "2024-02-17T02:15:52.097", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles que se ven afectadas son 12.2.1.4.0 y 14.1.1.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle WebLogic Server. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle WebLogic Server, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle WebLogic Server, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle WebLogic Server. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21492.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21492.json index f9916c5f10d..af79ff6a8c4 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21492.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21492.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21492", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:08.223", - "lastModified": "2024-02-17T05:15:08.223", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the \"Sign Out\" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user." + }, + { + "lang": "es", + "value": "Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a una caducidad de sesi\u00f3n insuficiente debido a una invalidaci\u00f3n incorrecta de la sesi\u00f3n del usuario al hacer clic en el bot\u00f3n \"Cerrar sesi\u00f3n\". Las sesiones de usuario siguen siendo v\u00e1lidas incluso despu\u00e9s de enviar solicitudes a /logout y /oauth2/google/logout. Los atacantes que obtienen acceso a una sesi\u00f3n activa pero supuestamente cerrada pueden realizar acciones no autorizadas en nombre del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21493.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21493.json index 00ba9a6fa17..db1db7bb10e 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21493.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21493.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21493", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:08.747", - "lastModified": "2024-02-17T05:15:08.747", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server." + }, + { + "lang": "es", + "value": "Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a una validaci\u00f3n incorrecta del \u00edndice de matriz al analizar un Caddyfile. Varias funciones de an\u00e1lisis en la librer\u00eda afectada no validan si sus valores de entrada son nulos antes de intentar acceder a los elementos, lo que puede provocar p\u00e1nico (\u00edndice fuera de rango). Los p\u00e1nicos durante el an\u00e1lisis de un archivo de configuraci\u00f3n pueden introducir ambig\u00fcedad y vulnerabilidades, dificultando la correcta interpretaci\u00f3n y configuraci\u00f3n del servidor web." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21494.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21494.json index 2b0d2911ef5..ccbfe2bdd72 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21494.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21494.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21494", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:09.077", - "lastModified": "2024-02-17T05:15:09.077", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address." + }, + { + "lang": "es", + "value": "Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a la omisi\u00f3n de autenticaci\u00f3n mediante suplantaci\u00f3n de identidad a trav\u00e9s del encabezado X-Forwarded-For debido a una sanitizaci\u00f3n de entrada inadecuada. Un atacante puede falsificar una direcci\u00f3n IP utilizada en el m\u00f3dulo de identidad del usuario (endpoint API/whoami). Esto podr\u00eda dar lugar a un acceso no autorizado si el sistema conf\u00eda en esta direcci\u00f3n IP falsificada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21495.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21495.json index a52be491975..7e459a67558 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21495.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21495.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21495", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:09.343", - "lastModified": "2024-02-17T05:15:09.343", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package." + }, + { + "lang": "es", + "value": "Las versiones del paquete github.com/greenpau/caddy-security anteriores a la 1.0.42 son vulnerables a la aleatoriedad insegura debido al uso de una librer\u00eda de generaci\u00f3n de n\u00fameros aleatorios insegura que posiblemente podr\u00eda predecirse mediante una b\u00fasqueda de fuerza bruta. Los atacantes podr\u00edan utilizar el valor nonce potencialmente predecible utilizado con fines de autenticaci\u00f3n en el flujo de OAuth para realizar ataques de reproducci\u00f3n de OAuth. Adem\u00e1s, se utiliza aleatoriedad insegura al generar secretos de autenticaci\u00f3n multifactor (MFA) y crear claves API en el paquete de base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21496.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21496.json index a3c281f40f5..688aa27981e 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21496.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21496.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21496", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:09.603", - "lastModified": "2024-02-17T05:15:09.603", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], [\"], [']), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target user\u2019s browser, compromising user sessions." + }, + { + "lang": "es", + "value": "Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a Cross-site Scripting (XSS) a trav\u00e9s del encabezado Referer, debido a una desinfecci\u00f3n de entrada inadecuada. Aunque el encabezado Referer se desinfecta mediante el escape de algunos caracteres que pueden permitir XSS (por ejemplo, [&], [<], [>], [\"], [']), no tiene en cuenta el ataque basado en el esquema de URL de JavaScript (por ejemplo, javascript:alert(document.domain)// payload). Explotar esta vulnerabilidad puede no ser trivial, pero podr\u00eda llevar a la ejecuci\u00f3n de scripts maliciosos en el contexto del navegador del usuario objetivo, comprometiendo las sesiones del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21497.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21497.json index 24cb47fb5b8..27dd6be11ae 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21497.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21497.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21497", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:09.863", - "lastModified": "2024-02-17T05:15:09.863", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser\u2019s back button, to trigger the redirection." + }, + { + "lang": "es", + "value": "Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a Open Redirect a trav\u00e9s del par\u00e1metro redirect_url. Un atacante podr\u00eda realizar un ataque de phishing y enga\u00f1ar a los usuarios para que visiten un sitio web malicioso creando una URL convincente con este par\u00e1metro. Para aprovechar esta vulnerabilidad, el usuario debe realizar una acci\u00f3n, como hacer clic en un bot\u00f3n del portal o usar el bot\u00f3n atr\u00e1s del navegador, para activar la redirecci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21498.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21498.json index 46dc0f5d9bd..7d584600572 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21498.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21498.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21498", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:10.087", - "lastModified": "2024-02-17T05:15:10.087", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability." + }, + { + "lang": "es", + "value": "Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a Server-side Request Forgery (SSRF) a trav\u00e9s de la manipulaci\u00f3n del encabezado X-Forwarded-Host. Un atacante puede exponer informaci\u00f3n confidencial, interactuar con servicios internos o explotar otras vulnerabilidades dentro de la red aprovechando esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21499.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21499.json index 768064875ad..0cebde65ab6 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21499.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21499.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21499", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:10.400", - "lastModified": "2024-02-17T05:15:10.400", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS." + }, + { + "lang": "es", + "value": "Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a la inyecci\u00f3n de encabezado HTTP a trav\u00e9s del encabezado X-Forwarded-Proto debido a la redirecci\u00f3n al protocolo inyectado. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda provocar la elusi\u00f3n de los mecanismos de seguridad o confusi\u00f3n en el manejo de TLS." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21500.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21500.json index 2e84f155982..5a7366be4c9 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21500.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21500.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21500", "sourceIdentifier": "report@snyk.io", "published": "2024-02-17T05:15:10.697", - "lastModified": "2024-02-17T05:15:10.697", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application\u2019s full multistep 2FA process." + }, + { + "lang": "es", + "value": "Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a una restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos a trav\u00e9s de la autenticaci\u00f3n de dos factores (2FA). Aunque la aplicaci\u00f3n bloquea al usuario despu\u00e9s de varios intentos fallidos de proporcionar c\u00f3digos 2FA, los atacantes pueden evitar este mecanismo de bloqueo automatizando todo el proceso 2FA de varios pasos de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21678.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21678.json index 7a1020a0849..b904a68f110 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21678.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21678.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21678", "sourceIdentifier": "security@atlassian.com", "published": "2024-02-20T18:15:50.897", - "lastModified": "2024-02-20T18:15:50.897", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21682.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21682.json index d8e66fc706e..31a82505745 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21682.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21682.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21682", "sourceIdentifier": "security@atlassian.com", "published": "2024-02-20T18:15:51.063", - "lastModified": "2024-02-20T18:15:51.063", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21795.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21795.json index 33ea6bde853..aed96d588ed 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21795.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21795.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21795", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:08.130", - "lastModified": "2024-02-20T18:15:51.220", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21812.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21812.json index d0169ffd516..47e78a052da 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21812.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21812.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21812", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:08.370", - "lastModified": "2024-02-20T18:15:51.313", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21890.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21890.json index 1224adf5fca..fab8ce2fc4c 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21890.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21890.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21890", "sourceIdentifier": "support@hackerone.com", "published": "2024-02-20T02:15:50.120", - "lastModified": "2024-02-20T02:15:50.120", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." + }, + { + "lang": "es", + "value": "El modelo de permisos de Node.js no aclara en la documentaci\u00f3n que los comodines solo deben usarse como \u00faltimo car\u00e1cter de la ruta de un archivo. Por ejemplo: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` ignorar\u00e1 `pub` y dar\u00e1 acceso a todo lo que est\u00e9 despu\u00e9s de `.ssh/`. Esta documentaci\u00f3n enga\u00f1osa afecta a todos los usuarios que utilizan el modelo de permiso experimental en Node.js 20 y Node.js 21. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21891.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21891.json index 800681579d5..f4437ed4236 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21891.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21891.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21891", "sourceIdentifier": "support@hackerone.com", "published": "2024-02-20T02:15:50.347", - "lastModified": "2024-02-20T02:15:50.347", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." + }, + { + "lang": "es", + "value": "Node.js depende de m\u00faltiples funciones de utilidad integradas para normalizar las rutas proporcionadas a las funciones de node:fs, que pueden ser exageradas con implementaciones definidas por el usuario que conducen a la omisi\u00f3n del modelo de permisos del sistema de archivos mediante un ataque de path traversal. Esta vulnerabilidad afecta a todos los usuarios que utilizan el modelo de permiso experimental en Node.js 20 y Node.js 21. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21892.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21892.json index 42b7b7a1962..5c4cfb12467 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21892.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21892.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21892", "sourceIdentifier": "support@hackerone.com", "published": "2024-02-20T02:15:50.567", - "lastModified": "2024-02-20T02:15:50.567", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges." + }, + { + "lang": "es", + "value": "En Linux, Node.js ignora ciertas variables de entorno si pueden haber sido configuradas por un usuario sin privilegios mientras el proceso se ejecuta con privilegios elevados con la \u00fanica excepci\u00f3n de CAP_NET_BIND_SERVICE. Debido a un error en la implementaci\u00f3n de esta excepci\u00f3n, Node.js aplica incorrectamente esta excepci\u00f3n incluso cuando se han configurado otras capacidades. Esto permite a los usuarios sin privilegios inyectar c\u00f3digo que hereda los privilegios elevados del proceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21896.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21896.json index 971f76c48f6..8bd10c3285f 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21896.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21896.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21896", "sourceIdentifier": "support@hackerone.com", "published": "2024-02-20T02:15:50.770", - "lastModified": "2024-02-20T02:15:50.770", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." + }, + { + "lang": "es", + "value": "El modelo de permiso se protege contra ataques de path traversal llamando a path.resolve() en cualquier ruta proporcionada por el usuario. Si la ruta se va a tratar como un b\u00fafer, la implementaci\u00f3n usa Buffer.from() para obtener un b\u00fafer a partir del resultado de path.resolve(). Al parchear los componentes internos del Buffer, es decir, Buffer.prototype.utf8Write, la aplicaci\u00f3n puede modificar el resultado de path.resolve(), lo que conduce a una vulnerabilidad de path traversal. Esta vulnerabilidad afecta a todos los usuarios que utilizan el modelo de permiso experimental en Node.js 20 y Node.js 21. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21983.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21983.json index 790f8ac9c4a..aaf19a4f333 100644 --- a/CVE-2024/CVE-2024-219xx/CVE-2024-21983.json +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21983.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21983", "sourceIdentifier": "security-alert@netapp.com", "published": "2024-02-16T23:15:07.857", - "lastModified": "2024-02-16T23:15:07.857", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 \nare susceptible to a Denial of Service (DoS) vulnerability. Successful \nexploit by an authenticated attacker could lead to an out of memory \ncondition or node reboot.\n\n" + }, + { + "lang": "es", + "value": "Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11.8 son susceptibles a una vulnerabilidad de denegaci\u00f3n de servicio (DoS). La explotaci\u00f3n exitosa por parte de un atacante autenticado podr\u00eda provocar una condici\u00f3n de falta de memoria o el reinicio del nodo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21984.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21984.json index 23a0ef99300..8d8fad045ee 100644 --- a/CVE-2024/CVE-2024-219xx/CVE-2024-21984.json +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21984.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21984", "sourceIdentifier": "security-alert@netapp.com", "published": "2024-02-16T23:15:08.050", - "lastModified": "2024-02-16T23:15:08.050", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 \nare susceptible to a difficult to exploit Reflected Cross-Site Scripting\n (XSS) vulnerability. Successful exploit requires the attacker to know \nspecific information about the target instance and trick a privileged \nuser into clicking a specially crafted link. This could allow the \nattacker to view or modify configuration settings or add or modify user \naccounts. \n\n\n\n\n" + }, + { + "lang": "es", + "value": "Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11.8 son susceptibles a una vulnerabilidad dif\u00edcil de explotar de Cross-Site Scripting (XSS) Reflejado. Una explotaci\u00f3n exitosa requiere que el atacante conozca informaci\u00f3n espec\u00edfica sobre la instancia de destino y enga\u00f1e a un usuario privilegiado para que haga clic en un enlace especialmente manipulado. Esto podr\u00eda permitir al atacante ver o modificar ajustes de configuraci\u00f3n o agregar o modificar cuentas de usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22019.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22019.json index 27ddf017bc5..4a8668c62e3 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22019.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22019.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22019", "sourceIdentifier": "support@hackerone.com", "published": "2024-02-20T02:15:50.983", - "lastModified": "2024-02-20T02:15:50.983", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en los servidores HTTP de Node.js permite a un atacante enviar una solicitud HTTP especialmente manipulada con codificaci\u00f3n fragmentada, lo que provoca el agotamiento de los recursos y la denegaci\u00f3n de servicio (DoS). El servidor lee una cantidad ilimitada de bytes de una \u00fanica conexi\u00f3n, aprovechando la falta de limitaciones en los bytes de extensi\u00f3n de fragmentos. El problema puede provocar el agotamiento del ancho de banda de la CPU y de la red, pasando por alto salvaguardas est\u00e1ndar como tiempos de espera y l\u00edmites de tama\u00f1o corporal." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22054.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22054.json index 895dbec1737..582ee22eb51 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22054.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22054.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22054", "sourceIdentifier": "support@hackerone.com", "published": "2024-02-20T18:15:51.393", - "lastModified": "2024-02-20T18:15:51.393", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22097.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22097.json index 436bba39e85..9e7b30cc71b 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22097.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22097.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22097", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:08.583", - "lastModified": "2024-02-20T18:15:51.550", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22234.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22234.json index 9c19bc76511..b29b7c4ad8c 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22234.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22234.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22234", "sourceIdentifier": "security@vmware.com", "published": "2024-02-20T07:15:09.967", - "lastModified": "2024-02-20T07:15:09.967", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html \n\n\n\n" + }, + { + "lang": "es", + "value": "En Spring Security, versiones 6.1.x anteriores a 6.1.7 y versiones 6.2.x anteriores a 6.2.2, una aplicaci\u00f3n es vulnerable a un control de acceso roto cuando utiliza directamente el m\u00e9todo AuthenticationTrustResolver.isFullyAuthenticated(Authentication). Espec\u00edficamente, una aplicaci\u00f3n es vulnerable si: * La aplicaci\u00f3n usa AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente y se le pasa un par\u00e1metro de autenticaci\u00f3n nulo, lo que genera un valor de retorno verdadero err\u00f3neo. Una aplicaci\u00f3n no es vulnerable si se cumple alguna de las siguientes condiciones: * La aplicaci\u00f3n no utiliza AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente. * La aplicaci\u00f3n no pasa nulo a AuthenticationTrustResolver.isFullyAuthenticated * La aplicaci\u00f3n solo usa isFullyAuthenticated a trav\u00e9s de Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html o HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22245.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22245.json index dc6e220a64e..588e115ca60 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22245.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22245.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22245", "sourceIdentifier": "security@vmware.com", "published": "2024-02-20T18:15:51.647", - "lastModified": "2024-02-20T18:15:51.647", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22250.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22250.json index 6568bba075c..57c1aa13e89 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22250.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22250.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22250", "sourceIdentifier": "security@vmware.com", "published": "2024-02-20T18:15:51.843", - "lastModified": "2024-02-20T18:15:51.843", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22335.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22335.json index 7e9e62454cf..e0f678bb2c3 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22335.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22335.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22335", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-17T16:15:47.000", - "lastModified": "2024-02-17T16:15:47.000", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975." + }, + { + "lang": "es", + "value": "IBM QRadar Suite 1.10.12.0 a 1.10.17.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 almacenan informaci\u00f3n potencialmente confidencial en archivos de registro que un usuario local podr\u00eda leer. ID de IBM X-Force: 279975." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22336.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22336.json index 69c464c37e8..10cd34c6d2c 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22336.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22336.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22336", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-17T16:15:47.190", - "lastModified": "2024-02-17T16:15:47.190", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976." + }, + { + "lang": "es", + "value": "IBM QRadar Suite 1.10.12.0 a 1.10.17.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 almacenan informaci\u00f3n potencialmente confidencial en archivos de registro que un usuario local podr\u00eda leer. ID de IBM X-Force: 279976." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22337.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22337.json index 89e0a88b24b..dca91f722bd 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22337.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22337.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22337", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-17T16:15:47.370", - "lastModified": "2024-02-17T16:15:47.370", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977." + }, + { + "lang": "es", + "value": "IBM QRadar Suite 1.10.12.0 a 1.10.17.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 almacenan informaci\u00f3n potencialmente confidencial en archivos de registro que un usuario local podr\u00eda leer. ID de IBM X-Force: 279977." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22369.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22369.json index a63ee043220..e022fc1b954 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22369.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22369.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22369", "sourceIdentifier": "security@apache.org", "published": "2024-02-20T15:15:10.113", - "lastModified": "2024-02-20T15:15:10.113", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22727.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22727.json index 896171adbfe..0afc600617c 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22727.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22727.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22727", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-17T04:15:07.573", - "lastModified": "2024-02-17T04:15:07.573", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB." + }, + { + "lang": "es", + "value": "Los dispositivos Teltonika de la serie TRB1 con firmware anterior a TRB1_R_00.07.05.2 permiten a los atacantes explotar una vulnerabilidad del firmware a trav\u00e9s de Ethernet LAN o USB." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22824.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22824.json index ddc0e4841e6..9075d9ade35 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22824.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22824.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22824", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T15:15:10.270", - "lastModified": "2024-02-20T15:15:10.270", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23114.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23114.json index e490ae8cb53..9ffca719466 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23114.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23114.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23114", "sourceIdentifier": "security@apache.org", "published": "2024-02-20T15:15:10.333", - "lastModified": "2024-02-20T15:15:10.333", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23305.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23305.json index 57c1103230d..3b1e141f79a 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23305.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23305.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23305", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:08.823", - "lastModified": "2024-02-20T18:15:52.023", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23310.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23310.json index 1e43cca23a3..6bc2e1b28f2 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23310.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23310.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23310", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:09.097", - "lastModified": "2024-02-20T18:15:52.113", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23313.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23313.json index b4923c5c83f..c0366a277a3 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23313.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23313.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23313", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:09.477", - "lastModified": "2024-02-20T18:15:52.200", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23476.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23476.json index fa90d7d2f61..a784db92021 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23476.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23476.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23476", "sourceIdentifier": "psirt@solarwinds.com", "published": "2024-02-15T21:15:09.353", - "lastModified": "2024-02-16T13:38:00.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-20T20:39:10.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2.3", + "matchCriteriaId": "2C08A49C-ABE0-488A-8F47-151E406D22D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23476", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23477.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23477.json index f9aae72ba22..d773c349c46 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23477.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23477.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23477", "sourceIdentifier": "psirt@solarwinds.com", "published": "2024-02-15T21:15:09.603", - "lastModified": "2024-02-16T13:38:00.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-20T20:38:43.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@solarwinds.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + }, + { + "source": "psirt@solarwinds.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "psirt@solarwinds.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2.3", + "matchCriteriaId": "2C08A49C-ABE0-488A-8F47-151E406D22D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23477", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23478.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23478.json index d28e4b02420..f5a5e8b45c7 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23478.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23478.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23478", "sourceIdentifier": "psirt@solarwinds.com", "published": "2024-02-15T21:15:09.867", - "lastModified": "2024-02-16T13:38:00.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-20T20:39:52.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2.3", + "matchCriteriaId": "2C08A49C-ABE0-488A-8F47-151E406D22D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23478", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23479.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23479.json index e02fa0eb025..9f45bd86854 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23479.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23479.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23479", "sourceIdentifier": "psirt@solarwinds.com", "published": "2024-02-15T21:15:10.213", - "lastModified": "2024-02-16T13:38:00.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-20T20:17:31.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2.3", + "matchCriteriaId": "2C08A49C-ABE0-488A-8F47-151E406D22D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23479", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23606.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23606.json index e4e73fda5c1..c462e4e4983 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23606.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23606.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23606", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:09.737", - "lastModified": "2024-02-20T18:15:52.293", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23809.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23809.json index 959768a2661..28cb7aad046 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23809.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23809.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23809", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T16:15:10.003", - "lastModified": "2024-02-20T18:15:52.380", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24474.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24474.json index f962a0b8eac..1c2d8524c0c 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24474.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24474.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24474", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T18:15:52.463", - "lastModified": "2024-02-20T18:15:52.463", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24722.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24722.json index 27f012683b9..3793ec181dc 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24722.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24722.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24722", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-19T06:15:07.890", - "lastModified": "2024-02-19T06:15:07.890", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de ruta de servicio sin comillas en los componentes de 12d Synergy Server y File Replication Server puede permitir que un atacante obtenga privilegios elevados a trav\u00e9s de la ruta de servicio ejecutable de 12d Synergy Server y/o 12d Synergy File Replication Server. Esto se solucion\u00f3 en 4.3.10.192, 5.1.5.221 y 5.1.6.235." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24750.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24750.json index ced42d5ae7a..4fbf8a272f8 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24750.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24750.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24750", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-16T22:15:07.947", - "lastModified": "2024-02-16T22:15:07.947", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body." + }, + { + "lang": "es", + "value": "Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. En las versiones afectadas, llamar a `fetch(url)` y no consumir el cuerpo entrante ((o consumirlo muy lentamente) provocar\u00e1 una p\u00e9rdida de memoria. Este problema se solucion\u00f3 en la versi\u00f3n 6.6.1. Se recomienda a los usuarios actualizar. Los usuarios no pueden Para actualizar debe asegurarse de consumir siempre el cuerpo entrante." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24758.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24758.json index 42fedd846cf..0d8e3e76c5e 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24758.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24758.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24758", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-16T22:15:08.160", - "lastModified": "2024-02-16T22:15:08.160", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:51:05.510", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Undici ya borr\u00f3 los encabezados de Autorizaci\u00f3n en redirecciones de origen cruzado, pero no borr\u00f3 los encabezados \"Proxy-Authentication\". Este problema se solucion\u00f3 en las versiones 5.28.3 y 6.6.1. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24763.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24763.json index 49b26e2ecb9..a1b7f3b042b 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24763.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24763.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24763", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-20T18:15:52.520", - "lastModified": "2024-02-20T18:15:52.520", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24793.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24793.json index 91021d75ecc..030fe61d2cb 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24793.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24793.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24793", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T11:15:08.090", - "lastModified": "2024-02-20T18:15:52.700", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24794.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24794.json index cb109bc9a0e..d778d688d92 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24794.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24794.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24794", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-02-20T11:15:08.343", - "lastModified": "2024-02-20T18:15:52.793", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25149.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25149.json index a8595795537..8c4e0a47913 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25149.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25149.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25149", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T07:15:10.557", - "lastModified": "2024-02-20T07:15:10.557", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the \"Limit membership to members of the parent site\" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site." + }, + { + "lang": "es", + "value": "Liferay Portal 7.2.0 a 7.4.1 y versiones anteriores no compatibles, y Liferay DXP 7.3 anterior al service pack 3, 7.2 anterior al fix pack 15 y versiones anteriores no compatibles no restringen adecuadamente la membres\u00eda de un sitio secundario cuando la opci\u00f3n \"Limitar membres\u00eda a miembros del sitio principal\" est\u00e1 habilitada, lo que permite a los usuarios autenticados remotamente agregar usuarios que no son miembros del sitio principal a un sitio secundario. El usuario agregado puede obtener permiso para realizar acciones no autorizadas en el sitio secundario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25150.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25150.json index fecbbe06c3c..34a66552c93 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25150.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25150.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25150", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T08:15:07.290", - "lastModified": "2024-02-20T08:15:07.290", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el Panel de control en Liferay Portal 7.2.0 a 7.4.2 y versiones anteriores no compatibles, y Liferay DXP 7.3 anterior a la actualizaci\u00f3n 4, 7.2 anterior al fix pack 19 y las versiones anteriores no compatibles permiten a los usuarios autenticados remotamente obtener el nombre completo de un usuario a partir del t\u00edtulo de la p\u00e1gina enumerando los nombres de pantalla de los usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25196.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25196.json index 47acc1f0c54..845eb3ae799 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25196.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25196.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25196", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T14:15:09.160", - "lastModified": "2024-02-20T14:15:09.160", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25197.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25197.json index 7a8785ad4ae..e0c2247dca9 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25197.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25197.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25197", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T14:15:09.213", - "lastModified": "2024-02-20T14:15:09.213", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25198.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25198.json index f1b90a82858..7ab23127ed8 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25198.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25198.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25198", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T14:15:09.260", - "lastModified": "2024-02-20T14:15:09.260", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25199.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25199.json index f655c0a65b1..9654c80479d 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25199.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25199.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25199", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T14:15:09.300", - "lastModified": "2024-02-20T14:15:09.300", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25260.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25260.json index 35818da3fa4..0adedd08225 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25260.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25260.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25260", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T18:15:52.880", - "lastModified": "2024-02-20T18:15:52.880", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25274.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25274.json index fa892a5f53a..dc7bdc550f9 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25274.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25274.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25274", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T16:15:10.230", - "lastModified": "2024-02-20T16:15:10.230", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25297.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25297.json index 33dc1aa47a6..c99de1c70cc 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25297.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25297.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25297", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-17T06:15:53.653", - "lastModified": "2024-02-17T06:15:53.653", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Bludit CMS versi\u00f3n 3.15, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de edit-content.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25298.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25298.json index b900ef5d735..2747521f2c3 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25298.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25298.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25298", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-17T06:15:54.437", - "lastModified": "2024-02-17T06:15:54.437", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en REDAXO versi\u00f3n 5.15.1, que permite a los atacantes ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de module.modules.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-253xx/CVE-2024-25366.json b/CVE-2024/CVE-2024-253xx/CVE-2024-25366.json index 87777be11a8..efc35de1738 100644 --- a/CVE-2024/CVE-2024-253xx/CVE-2024-25366.json +++ b/CVE-2024/CVE-2024-253xx/CVE-2024-25366.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25366", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T16:15:10.283", - "lastModified": "2024-02-20T16:15:10.283", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25468.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25468.json index 973e55e0da8..277ae9b5931 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25468.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25468.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25468", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-17T06:15:54.487", - "lastModified": "2024-02-17T06:15:54.487", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component." + }, + { + "lang": "es", + "value": "Un problema en TOTOLINK X5000R V.9.1.0u.6369_B20230113 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s del par\u00e1metro host_time del componente NTPSyncWithHost." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25604.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25604.json index 8e4d201e42d..1cd58fc652b 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25604.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25604.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25604", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T09:15:09.057", - "lastModified": "2024-02-20T09:15:09.057", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel." + }, + { + "lang": "es", + "value": "Liferay Portal 7.2.0 a 7.4.3.4 y versiones anteriores no compatibles, y Liferay DXP 7.4.13, 7.3 anterior al service pack 3, 7.2 anterior al fix pack 17 y versiones anteriores no compatibles no comprueban correctamente los permisos de usuario, lo que permite a los usuarios autenticados remotamente con el permiso de usuario VER para editar su propio permiso a trav\u00e9s de la secci\u00f3n Usuarios y organizaciones del Panel de control." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25605.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25605.json index e060d061569..42e42c4cfc9 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25605.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25605.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25605", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T09:15:09.323", - "lastModified": "2024-02-20T09:15:09.323", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API." + }, + { + "lang": "es", + "value": "El m\u00f3dulo Journal en Liferay Portal 7.2.0 a 7.4.3.4 y versiones anteriores no compatibles, y Liferay DXP 7.4.13, 7.3 anteriores al service pack 3, 7.2 anteriores al fix pack 17 y versiones anteriores no compatibles otorga a los usuarios invitados permiso de visualizaci\u00f3n del contenido web plantillas de forma predeterminada, lo que permite a atacantes remotos ver cualquier plantilla a trav\u00e9s de la interfaz de usuario o API." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25606.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25606.json index d38d85e5917..8470b1ee809 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25606.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25606.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25606", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T09:15:09.533", - "lastModified": "2024-02-20T09:15:09.533", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method." + }, + { + "lang": "es", + "value": "La vulnerabilidad XXE en Liferay Portal 7.2.0 a 7.4.3.7 y versiones anteriores no compatibles, y Liferay DXP 7.4 antes de la actualizaci\u00f3n 4, 7.3 antes de la actualizaci\u00f3n 12, 7.2 antes del fixpack 20 y versiones anteriores no compatibles permite a atacantes con permiso implementar widgets/portlets /extensiones para obtener informaci\u00f3n confidencial o consumir recursos del sistema a trav\u00e9s del m\u00e9todo Java2WsddTask._format." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25607.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25607.json index dc79e09176a..7e5cd64e1ce 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25607.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25607.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25607", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T10:15:08.333", - "lastModified": "2024-02-20T10:15:08.333", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes." + }, + { + "lang": "es", + "value": "El algoritmo de hash de contrase\u00f1a predeterminado (PBKDF2-HMAC-SHA1) en Liferay Portal 7.2.0 a 7.4.3.15 y versiones anteriores no compatibles, y Liferay DXP 7.4 antes de la actualizaci\u00f3n 16, 7.3 antes de la actualizaci\u00f3n 4, 7.2 antes del fixpack 17 y anteriores no compatibles Las versiones tienen por defecto un factor de trabajo bajo, lo que permite a los atacantes descifrar r\u00e1pidamente hashes de contrase\u00f1as." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25608.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25608.json index 8c7aa76a50f..6f195e3bda2 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25608.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25608.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25608", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T10:15:08.530", - "lastModified": "2024-02-20T10:15:08.530", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect." + }, + { + "lang": "es", + "value": "HtmlUtil.escapeRedirect en Liferay Portal 7.2.0 a 7.4.3.18 y versiones anteriores no compatibles, y Liferay DXP 7.4 antes de la actualizaci\u00f3n 19, 7.3 antes de la actualizaci\u00f3n 4, 7.2 antes del fixpack 19 y versiones anteriores no compatibles se pueden eludir utilizando el 'REPLACEMENT CHARACTER' (U+FFFD), que permite a atacantes remotos redirigir a los usuarios a URL externas arbitrarias a trav\u00e9s del (1) par\u00e1metro 'redirect` (2) par\u00e1metro `FORWARD_URL`, (3) par\u00e1metro `noSuchEntryRedirect` y (4) otros par\u00e1metros que dependen de HtmlUtil.escapeRedirect." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25609.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25609.json index 0e9b17dbb32..5b47e0c48ad 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25609.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25609.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25609", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T10:15:08.707", - "lastModified": "2024-02-20T10:15:08.707", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977." + }, + { + "lang": "es", + "value": "HtmlUtil.escapeRedirect en Liferay Portal 7.2.0 a 7.4.3.12 y versiones anteriores no compatibles, y Liferay DXP 7.4 anterior a la actualizaci\u00f3n 9, 7.3 service pack 3, 7.2 fixpack 15 a 18 y versiones anteriores no compatibles se pueden eludir usando dos barras diagonales, que permiten a atacantes remotos redirigir a los usuarios a URL externas arbitrarias a trav\u00e9s del (1) par\u00e1metro 'redirect` (2) el par\u00e1metro `FORWARD_URL` y (3) otros par\u00e1metros que dependen de HtmlUtil.escapeRedirect. Esta vulnerabilidad es el resultado de una soluci\u00f3n incompleta en CVE-2022-28977." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25610.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25610.json index e63a587c85b..3f9bb03a890 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25610.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25610.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25610", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T13:15:08.493", - "lastModified": "2024-02-20T13:15:08.493", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25623.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25623.json index dbbc5b284b7..7dd89837388 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25623.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25623.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25623", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T16:15:51.847", - "lastModified": "2024-02-19T16:15:51.847", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Mastodon server fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate an account on a remote server that satisfies all of the following properties: allows the attacker to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as the ActivityPub actors; and serves user-uploaded document in response to requests with an `Accept` header value of the Activity Streams media type. Versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19 contain a fix for this issue." + }, + { + "lang": "es", + "value": "Mastodon es un servidor de red social gratuito y de c\u00f3digo abierto basado en ActivityPub. Antes de las versiones 4.2.7, 4.1.15, 4.0.15 y 3.5.19, al recuperar estados remotos, Mastodon no verifica que la respuesta del servidor remoto tenga un valor de encabezado \"Tipo de contenido\" de los flujos de actividad. tipo de medio, que permite a un actor de amenazas cargar un documento de Activity Streams manipulado a un servidor remoto y hacer que un servidor Mastodon lo recupere, si el servidor remoto acepta cargas arbitrarias de usuarios. La vulnerabilidad permite a un actor de amenazas hacerse pasar por una cuenta en un servidor remoto que cumple con todas las siguientes propiedades: permite al atacante registrar una cuenta; acepta documentos arbitrarios subidos por usuarios y los coloca en el mismo dominio que los actores de ActivityPub; y proporciona documentos subidos por el usuario en respuesta a solicitudes con un valor de encabezado \"Aceptar\" del tipo de medio Activity Streams. Las versiones 4.2.7, 4.1.15, 4.0.15 y 3.5.19 contienen una soluci\u00f3n para este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25625.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25625.json index fdbd3feb63d..32e4bb7aa41 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25625.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25625.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25625", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T16:15:52.060", - "lastModified": "2024-02-19T16:15:52.060", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application's domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent." + }, + { + "lang": "es", + "value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario de backend para Pimcore. Se ha descubierto una posible vulnerabilidad de seguridad en `pimcore/admin-ui-classic-bundle` anterior a la versi\u00f3n 1.3.4. La vulnerabilidad implica una inyecci\u00f3n de encabezado de host en la funci\u00f3n `invitationLinkAction` del UserController, espec\u00edficamente en la forma en que `$loginUrl` conf\u00eda en la entrada del usuario. El encabezado del host de las solicitudes HTTP entrantes se utiliza de forma insegura al generar URL. Un atacante puede manipular el encabezado del host HTTP en solicitudes al ednpoint /admin/user/invitationlink, lo que genera la generaci\u00f3n de URL con el dominio del atacante. De hecho, si se inyecta un encabezado de host en la solicitud POST, el par\u00e1metro $loginURL se construye con este encabezado de host no validado. Luego se utiliza para enviar un correo electr\u00f3nico de invitaci\u00f3n al usuario proporcionado. Esta vulnerabilidad se puede utilizar para realizar ataques de phishing haciendo que las URL de los correos electr\u00f3nicos con enlaces de invitaci\u00f3n apunten a un dominio controlado por el atacante. La versi\u00f3n 1.3.4 contiene un parche para la vulnerabilidad. Los fabricantes recomiendan validar el encabezado del host y asegurarse de que coincida con el dominio de la aplicaci\u00f3n. Tambi\u00e9n ser\u00eda beneficioso utilizar un host o nombre de host confiable predeterminado si el encabezado del host entrante no se reconoce o est\u00e1 ausente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25626.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25626.json index 82b75f466da..42ee15ce7f5 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25626.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25626.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25626", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T20:15:45.513", - "lastModified": "2024-02-19T20:15:45.513", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake) running, missing input validation allows an attacker to perform a remote code execution in the server's shell via a crafted HTTP request. Authentication is not necessary. Toaster server execution has to be specifically run and is not the default for Bitbake command line builds, it is only used for the Toaster web based user interface to Bitbake. The fix has been backported to the bitbake included with Yocto Project 5.0, 3.1.31, 4.0.16, and 4.3.2." + }, + { + "lang": "es", + "value": "Yocto Project es un proyecto de colaboraci\u00f3n de c\u00f3digo abierto que ayuda a los desarrolladores a crear sistemas personalizados basados en Linux independientemente de la arquitectura del hardware. En Yocto Projects Bitbake anterior a 2.6.2 (anterior e incluido Yocto Project 4.3.1), con el servidor Toaster (incluido en bitbake) ejecut\u00e1ndose, la validaci\u00f3n de entrada faltante permite a un atacante realizar una ejecuci\u00f3n remota de c\u00f3digo en el shell del servidor a trav\u00e9s de un HTTP manipulado pedido. La autenticaci\u00f3n no es necesaria. La ejecuci\u00f3n del servidor Toaster debe ejecutarse espec\u00edficamente y no es la opci\u00f3n predeterminada para las compilaciones de la l\u00ednea de comandos de Bitbake; solo se usa para la interfaz de usuario basada en web de Toaster para Bitbake. La soluci\u00f3n se ha compatible con el bitbake incluido en Yocto Project 5.0, 3.1.31, 4.0.16 y 4.3.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25630.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25630.json index 62b69a56f24..f9a71e6db2c 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25630.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25630.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25630", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-20T18:15:52.930", - "lastModified": "2024-02-20T18:15:52.930", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25631.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25631.json index b69dd788966..55338867134 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25631.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25631.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25631", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-20T18:15:53.117", - "lastModified": "2024-02-20T18:15:53.117", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25634.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25634.json index 5f9df2ba73f..3bbd0bff99b 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25634.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25634.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25634", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T20:15:45.707", - "lastModified": "2024-02-19T20:15:45.707", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue." + }, + { + "lang": "es", + "value": "alf.io es un sistema de reserva de entradas de c\u00f3digo abierto. Antes de la versi\u00f3n 2.0-Mr-2402, un atacante pod\u00eda acceder a datos de otros organizadores. El atacante puede utilizar una solicitud especialmente manipulada para recibir el registro de correo electr\u00f3nico enviado por otros eventos. La versi\u00f3n 2.0-M4-2402 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25635.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25635.json index 5393b4b440c..69a168c45cf 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25635.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25635.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25635", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T20:15:45.890", - "lastModified": "2024-02-19T20:15:45.890", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue." + }, + { + "lang": "es", + "value": "alf.io es un sistema de reserva de entradas de c\u00f3digo abierto. Antes de la versi\u00f3n 2.0-Mr-2402, los propietarios de organizaciones pueden ver la CLAVE API generada y los USUARIOS de otros propietarios de organizaciones utilizando el ednpoint `http://192.168.26.128:8080/admin/api/users/`, que expone los detalles del ID de usuario proporcionado. Esto tambi\u00e9n puede exponer la CLAVE API en el nombre de usuario del usuario. La versi\u00f3n 2.0-M4-2402 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25636.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25636.json index b3d3598b529..ec81963e4db 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25636.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25636.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25636", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T20:15:46.077", - "lastModified": "2024-02-19T20:15:46.077", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Misskey instance fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate and take over an account on a remote server that satisfies all of the following properties: allows the threat actor to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as legitimate Activity Streams actors; and serves user-uploaded document in response to requests with an `Accept` header value of the Activity Streams media type. Version 2024.2.0 contains a patch for the issue." + }, + { + "lang": "es", + "value": "Misskey es una plataforma de redes sociales descentralizada y de c\u00f3digo abierto con soporte ActivityPub. Antes de la versi\u00f3n 2024.2.0, al recuperar objetos remotos de Activity Streams, Misskey no verifica que la respuesta del servidor remoto tenga un valor de encabezado `Content-Type` del tipo de medio Activity Streams, lo que permite a un actor de amenazas cargar un documento de Activity Streams elaborado a un servidor remoto y hacer que una instancia de Misskey lo recupere, si el servidor remoto acepta cargas arbitrarias de usuarios. La vulnerabilidad permite que un actor de amenazas se haga pasar por una cuenta y se haga cargo de ella en un servidor remoto que cumple con todas las siguientes propiedades: permite al actor de amenazas registrar una cuenta; acepta documentos arbitrarios subidos por usuarios y los coloca en el mismo dominio que los actores leg\u00edtimos de Activity Streams; y proporciona documentos subidos por el usuario en respuesta a solicitudes con un valor de encabezado \"Aceptar\" del tipo de medio Activity Streams. La versi\u00f3n 2024.2.0 contiene un parche para el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25640.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25640.json index a38bc037972..2489dbbb03c 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25640.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25640.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25640", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T20:15:46.270", - "lastModified": "2024-02-19T20:15:46.270", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.4.0 of iris-web. No workarounds are available." + }, + { + "lang": "es", + "value": "Iris es una plataforma colaborativa web que ayuda a los servicios de respuesta a incidentes a compartir detalles t\u00e9cnicos durante las investigaciones. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en iris-web, que afecta a varias ubicaciones en versiones anteriores a la v2.4.0. La vulnerabilidad puede permitir a un atacante inyectar scripts maliciosos en la aplicaci\u00f3n, que luego podr\u00edan ejecutarse cuando un usuario visite las ubicaciones afectadas. Esto podr\u00eda provocar acceso no autorizado, robo de datos u otras actividades maliciosas relacionadas. Un atacante debe autenticarse en la aplicaci\u00f3n para aprovechar esta vulnerabilidad. El problema se solucion\u00f3 en la versi\u00f3n v2.4.0 de iris-web. No hay soluciones workarounds disponibles." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-257xx/CVE-2024-25710.json b/CVE-2024/CVE-2024-257xx/CVE-2024-25710.json index 33905ec4bdb..d704a3dcc7f 100644 --- a/CVE-2024/CVE-2024-257xx/CVE-2024-25710.json +++ b/CVE-2024/CVE-2024-257xx/CVE-2024-25710.json @@ -2,8 +2,8 @@ "id": "CVE-2024-25710", "sourceIdentifier": "security@apache.org", "published": "2024-02-19T09:15:37.943", - "lastModified": "2024-02-19T11:15:09.090", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25973.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25973.json index 272711c13bf..50b76b2c573 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25973.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25973.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25973", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-02-20T08:15:07.717", - "lastModified": "2024-02-20T08:15:07.717", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities.\u00a0An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser.\n\n" + }, + { + "lang": "es", + "value": "El LMS OpenOlat de Frentix GmbH se ve afectado por m\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) Almacenado. Un atacante con derechos para crear o editar grupos puede crear un curso con un nombre que contenga un payload XSS. Adem\u00e1s, los atacantes con permisos para crear o cambiar el nombre de un cat\u00e1logo (subcategor\u00eda) pueden ingresar entradas sin filtrar en el campo de nombre. Adem\u00e1s, los atacantes a quienes se les permite crear curr\u00edculos tambi\u00e9n pueden ingresar datos sin filtrar en el campo de nombre. Esto permite a un atacante ejecutar c\u00f3digo JavaScript almacenado con los permisos de la v\u00edctima en el contexto del navegador del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25974.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25974.json index 3bae548ba25..eafe32ce610 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25974.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25974.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25974", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2024-02-20T08:15:07.823", - "lastModified": "2024-02-20T08:15:07.823", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload." + }, + { + "lang": "es", + "value": "El LMS OpenOlat de Frentix GmbH se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Es posible cargar archivos dentro del Media Center de OpenOlat versi\u00f3n 18.1.5 (o inferior) como usuario autenticado sin ning\u00fan otro derecho. Aunque los tipos de archivos son limitados, se puede cargar una imagen SVG que contenga un payload XSS. Despu\u00e9s de una carga exitosa, el archivo se puede compartir con grupos de usuarios (incluidos administradores) que pueden ser atacados con el payload de JavaScript." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25978.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25978.json index 496ddf60b03..4004bd92284 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25978.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25978.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25978", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-02-19T17:15:08.567", - "lastModified": "2024-02-19T17:15:08.567", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality." + }, + { + "lang": "es", + "value": "Las comprobaciones insuficientes del tama\u00f1o de los archivos provocaron un riesgo de denegaci\u00f3n de servicio en la funcionalidad de descompresi\u00f3n del selector de archivos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25979.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25979.json index b5ed5cc9ae6..c85fc672264 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25979.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25979.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25979", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-02-19T17:15:08.793", - "lastModified": "2024-02-19T17:15:08.793", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The URL parameters accepted by forum search were not limited to the allowed parameters." + }, + { + "lang": "es", + "value": "Los par\u00e1metros de URL aceptados por la b\u00fasqueda en el foro no se limitaron a los par\u00e1metros permitidos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25980.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25980.json index f2110d968fa..f252d6b43fb 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25980.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25980.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25980", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-02-19T17:15:09.023", - "lastModified": "2024-02-19T17:15:09.023", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers." + }, + { + "lang": "es", + "value": "Las restricciones del modo de grupos separados no se respetaron en el informe de intentos de H5P, que mostrar\u00eda usuarios de otros grupos. De forma predeterminada, esto solo proporcionaba acceso adicional a los profesores que no eran editores." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25981.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25981.json index d1cb8c6704e..5c5ff051904 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25981.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25981.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25981", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-02-19T17:15:09.230", - "lastModified": "2024-02-19T17:15:09.230", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers." + }, + { + "lang": "es", + "value": "Las restricciones del modo de grupos separados no se respetaban al realizar una exportaci\u00f3n de foro, que exportar\u00eda datos del foro para todos los grupos. De forma predeterminada, esto solo proporcionaba acceso adicional a los profesores que no eran editores." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25982.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25982.json index b114678d051..fd2a17de874 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25982.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25982.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25982", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-02-19T17:15:09.467", - "lastModified": "2024-02-19T17:15:09.467", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The link to update all installed language packs did not include the necessary token to prevent a CSRF risk." + }, + { + "lang": "es", + "value": "El enlace para actualizar todos los paquetes de idiomas instalados no inclu\u00eda el token necesario para evitar un riesgo de CSRF." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25983.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25983.json index ad61f4355d5..ae511c36bd1 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25983.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25983.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25983", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-02-19T17:15:09.697", - "lastModified": "2024-02-19T17:15:09.697", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page)." + }, + { + "lang": "es", + "value": "Las comprobaciones insuficientes en un servicio web hicieron posible agregar comentarios al bloque de comentarios en el panel de otro usuario cuando de otro modo no estaba disponible (por ejemplo, en su p\u00e1gina de perfil)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-261xx/CVE-2024-26129.json b/CVE-2024/CVE-2024-261xx/CVE-2024-26129.json index 93f1fc26cc2..68c28b8d129 100644 --- a/CVE-2024/CVE-2024-261xx/CVE-2024-26129.json +++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26129.json @@ -2,12 +2,16 @@ "id": "CVE-2024-26129", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T22:15:49.013", - "lastModified": "2024-02-19T22:15:49.013", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4." + }, + { + "lang": "es", + "value": "PrestaShop es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. A partir de la versi\u00f3n 8.1.0 y anteriores a la versi\u00f3n 8.1.4, PrestaShop es vulnerable a la divulgaci\u00f3n de rutas en una variable de JavaScript. Hay un parche disponible en la versi\u00f3n 8.1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-261xx/CVE-2024-26134.json b/CVE-2024/CVE-2024-261xx/CVE-2024-26134.json index 04109f490cf..f1aa3b504ca 100644 --- a/CVE-2024/CVE-2024-261xx/CVE-2024-26134.json +++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26134.json @@ -2,12 +2,16 @@ "id": "CVE-2024-26134", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-19T23:15:07.810", - "lastModified": "2024-02-19T23:15:07.810", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue." + }, + { + "lang": "es", + "value": "cbor2 proporciona codificaci\u00f3n y decodificaci\u00f3n para el formato de serializaci\u00f3n de representaci\u00f3n concisa de objetos binarios (CBOR) (RFC 8949). A partir de la versi\u00f3n 5.5.1 y antes de la versi\u00f3n 5.6.2, un atacante puede bloquear un servicio que utiliza cbor2 para analizar un binario CBOR enviando un objeto lo suficientemente largo. La versi\u00f3n 5.6.2 contiene un parche para este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-261xx/CVE-2024-26135.json b/CVE-2024/CVE-2024-261xx/CVE-2024-26135.json new file mode 100644 index 00000000000..3ad28cccd45 --- /dev/null +++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26135.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-26135", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-20T20:15:08.560", + "lastModified": "2024-02-20T20:15:08.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Ylianst/MeshCentral/commit/f2e43cc6da9f5447dbff0948e6c6024c8a315af3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26265.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26265.json index b52bd7c50b9..eb7e7aacc18 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26265.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26265.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26265", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T13:15:08.673", - "lastModified": "2024-02-20T13:15:08.673", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26267.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26267.json index c2f3d02495b..32f4d3e45dd 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26267.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26267.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26267", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T13:15:08.843", - "lastModified": "2024-02-20T13:15:08.843", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26268.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26268.json index f1a7da36a29..aa2504f1b6c 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26268.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26268.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26268", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T14:15:09.350", - "lastModified": "2024-02-20T14:15:09.350", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26270.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26270.json index b7cd659a568..192e9104182 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26270.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26270.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26270", "sourceIdentifier": "security@liferay.com", "published": "2024-02-20T14:15:09.530", - "lastModified": "2024-02-20T14:15:09.530", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-263xx/CVE-2024-26308.json b/CVE-2024/CVE-2024-263xx/CVE-2024-26308.json index 0fafed3d787..7d1cc3deacc 100644 --- a/CVE-2024/CVE-2024-263xx/CVE-2024-26308.json +++ b/CVE-2024/CVE-2024-263xx/CVE-2024-26308.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26308", "sourceIdentifier": "security@apache.org", "published": "2024-02-19T09:15:38.277", - "lastModified": "2024-02-19T11:15:09.173", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-263xx/CVE-2024-26318.json b/CVE-2024/CVE-2024-263xx/CVE-2024-26318.json index 7883ab7ca68..4ac46e63e3e 100644 --- a/CVE-2024/CVE-2024-263xx/CVE-2024-26318.json +++ b/CVE-2024/CVE-2024-263xx/CVE-2024-26318.json @@ -2,12 +2,16 @@ "id": "CVE-2024-26318", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-19T04:15:07.400", - "lastModified": "2024-02-19T04:15:07.400", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character." + }, + { + "lang": "es", + "value": "Serenity antes de 6.8.0 permite XSS a trav\u00e9s de un enlace de correo electr\u00f3nico porque LoginPage.tsx permite URL de retorno que no comienzan con el car\u00e1cter /." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-263xx/CVE-2024-26327.json b/CVE-2024/CVE-2024-263xx/CVE-2024-26327.json index 9e64751c5e2..508d9fe2c0e 100644 --- a/CVE-2024/CVE-2024-263xx/CVE-2024-26327.json +++ b/CVE-2024/CVE-2024-263xx/CVE-2024-26327.json @@ -2,12 +2,16 @@ "id": "CVE-2024-26327", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-19T05:15:22.527", - "lastModified": "2024-02-19T05:15:22.527", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en QEMU 7.1.0 a 8.2.1. Register_vfs en hw/pci/pcie_sriov.c maneja mal la situaci\u00f3n en la que un invitado escribe NumVF mayores que TotalVF, lo que provoca un desbordamiento del b\u00fafer en las implementaciones de VF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-263xx/CVE-2024-26328.json b/CVE-2024/CVE-2024-263xx/CVE-2024-26328.json index 26794372ba3..245dadd014c 100644 --- a/CVE-2024/CVE-2024-263xx/CVE-2024-26328.json +++ b/CVE-2024/CVE-2024-263xx/CVE-2024-26328.json @@ -2,12 +2,16 @@ "id": "CVE-2024-26328", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-19T05:15:26.263", - "lastModified": "2024-02-19T05:15:26.263", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en QEMU 7.1.0 a 8.2.1. Register_vfs en hw/pci/pcie_sriov.c no configura NumVFs en PCI_SRIOV_TOTAL_VF y, por lo tanto, la interacci\u00f3n con hw/nvme/ctrl.c no se maneja correctamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26581.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26581.json index 1700527e6cc..11e12d04c09 100644 --- a/CVE-2024/CVE-2024-265xx/CVE-2024-26581.json +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26581.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26581", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-20T13:15:09.020", - "lastModified": "2024-02-20T18:15:53.283", - "vulnStatus": "Received", + "lastModified": "2024-02-20T19:50:53.960", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 1004bb4a739..015c4575cd7 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-20T19:00:39.502142+00:00 +2024-02-20T21:00:31.389455+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-20T18:52:19.997000+00:00 +2024-02-20T20:54:47.437000+00:00 ``` ### Last Data Feed Release @@ -29,52 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -239001 +239003 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` +Recently added CVEs: `2` -* [CVE-2023-47635](CVE-2023/CVE-2023-476xx/CVE-2023-47635.json) (`2024-02-20T18:15:50.147`) -* [CVE-2023-48220](CVE-2023/CVE-2023-482xx/CVE-2023-48220.json) (`2024-02-20T18:15:50.350`) -* [CVE-2023-51447](CVE-2023/CVE-2023-514xx/CVE-2023-51447.json) (`2024-02-20T18:15:50.547`) -* [CVE-2023-52434](CVE-2023/CVE-2023-524xx/CVE-2023-52434.json) (`2024-02-20T18:15:50.790`) -* [CVE-2024-0794](CVE-2024/CVE-2024-07xx/CVE-2024-0794.json) (`2024-02-20T18:15:50.840`) -* [CVE-2024-21678](CVE-2024/CVE-2024-216xx/CVE-2024-21678.json) (`2024-02-20T18:15:50.897`) -* [CVE-2024-21682](CVE-2024/CVE-2024-216xx/CVE-2024-21682.json) (`2024-02-20T18:15:51.063`) -* [CVE-2024-22054](CVE-2024/CVE-2024-220xx/CVE-2024-22054.json) (`2024-02-20T18:15:51.393`) -* [CVE-2024-22245](CVE-2024/CVE-2024-222xx/CVE-2024-22245.json) (`2024-02-20T18:15:51.647`) -* [CVE-2024-22250](CVE-2024/CVE-2024-222xx/CVE-2024-22250.json) (`2024-02-20T18:15:51.843`) -* [CVE-2024-24474](CVE-2024/CVE-2024-244xx/CVE-2024-24474.json) (`2024-02-20T18:15:52.463`) -* [CVE-2024-24763](CVE-2024/CVE-2024-247xx/CVE-2024-24763.json) (`2024-02-20T18:15:52.520`) -* [CVE-2024-25260](CVE-2024/CVE-2024-252xx/CVE-2024-25260.json) (`2024-02-20T18:15:52.880`) -* [CVE-2024-25630](CVE-2024/CVE-2024-256xx/CVE-2024-25630.json) (`2024-02-20T18:15:52.930`) -* [CVE-2024-25631](CVE-2024/CVE-2024-256xx/CVE-2024-25631.json) (`2024-02-20T18:15:53.117`) +* [CVE-2023-52435](CVE-2023/CVE-2023-524xx/CVE-2023-52435.json) (`2024-02-20T20:15:08.063`) +* [CVE-2024-26135](CVE-2024/CVE-2024-261xx/CVE-2024-26135.json) (`2024-02-20T20:15:08.560`) ### CVEs modified in the last Commit -Recently modified CVEs: `18` +Recently modified CVEs: `242` -* [CVE-2023-38562](CVE-2023/CVE-2023-385xx/CVE-2023-38562.json) (`2024-02-20T18:15:49.790`) -* [CVE-2023-39540](CVE-2023/CVE-2023-395xx/CVE-2023-39540.json) (`2024-02-20T18:15:49.890`) -* [CVE-2023-39541](CVE-2023/CVE-2023-395xx/CVE-2023-39541.json) (`2024-02-20T18:15:49.973`) -* [CVE-2023-45318](CVE-2023/CVE-2023-453xx/CVE-2023-45318.json) (`2024-02-20T18:15:50.060`) -* [CVE-2023-52433](CVE-2023/CVE-2023-524xx/CVE-2023-52433.json) (`2024-02-20T18:15:50.740`) -* [CVE-2023-39251](CVE-2023/CVE-2023-392xx/CVE-2023-39251.json) (`2024-02-20T18:50:54.943`) -* [CVE-2023-51363](CVE-2023/CVE-2023-513xx/CVE-2023-51363.json) (`2024-02-20T18:52:19.997`) -* [CVE-2024-21795](CVE-2024/CVE-2024-217xx/CVE-2024-21795.json) (`2024-02-20T18:15:51.220`) -* [CVE-2024-21812](CVE-2024/CVE-2024-218xx/CVE-2024-21812.json) (`2024-02-20T18:15:51.313`) -* [CVE-2024-22097](CVE-2024/CVE-2024-220xx/CVE-2024-22097.json) (`2024-02-20T18:15:51.550`) -* [CVE-2024-23305](CVE-2024/CVE-2024-233xx/CVE-2024-23305.json) (`2024-02-20T18:15:52.023`) -* [CVE-2024-23310](CVE-2024/CVE-2024-233xx/CVE-2024-23310.json) (`2024-02-20T18:15:52.113`) -* [CVE-2024-23313](CVE-2024/CVE-2024-233xx/CVE-2024-23313.json) (`2024-02-20T18:15:52.200`) -* [CVE-2024-23606](CVE-2024/CVE-2024-236xx/CVE-2024-23606.json) (`2024-02-20T18:15:52.293`) -* [CVE-2024-23809](CVE-2024/CVE-2024-238xx/CVE-2024-23809.json) (`2024-02-20T18:15:52.380`) -* [CVE-2024-24793](CVE-2024/CVE-2024-247xx/CVE-2024-24793.json) (`2024-02-20T18:15:52.700`) -* [CVE-2024-24794](CVE-2024/CVE-2024-247xx/CVE-2024-24794.json) (`2024-02-20T18:15:52.793`) -* [CVE-2024-26581](CVE-2024/CVE-2024-265xx/CVE-2024-26581.json) (`2024-02-20T18:15:53.283`) +* [CVE-2024-20935](CVE-2024/CVE-2024-209xx/CVE-2024-20935.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20937](CVE-2024/CVE-2024-209xx/CVE-2024-20937.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20939](CVE-2024/CVE-2024-209xx/CVE-2024-20939.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20941](CVE-2024/CVE-2024-209xx/CVE-2024-20941.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20943](CVE-2024/CVE-2024-209xx/CVE-2024-20943.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20945](CVE-2024/CVE-2024-209xx/CVE-2024-20945.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20947](CVE-2024/CVE-2024-209xx/CVE-2024-20947.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20949](CVE-2024/CVE-2024-209xx/CVE-2024-20949.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20951](CVE-2024/CVE-2024-209xx/CVE-2024-20951.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20953](CVE-2024/CVE-2024-209xx/CVE-2024-20953.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20956](CVE-2024/CVE-2024-209xx/CVE-2024-20956.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20958](CVE-2024/CVE-2024-209xx/CVE-2024-20958.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-20960](CVE-2024/CVE-2024-209xx/CVE-2024-20960.json) (`2024-02-20T19:51:05.510`) +* [CVE-2024-1546](CVE-2024/CVE-2024-15xx/CVE-2024-1546.json) (`2024-02-20T20:15:08.167`) +* [CVE-2024-1547](CVE-2024/CVE-2024-15xx/CVE-2024-1547.json) (`2024-02-20T20:15:08.220`) +* [CVE-2024-1548](CVE-2024/CVE-2024-15xx/CVE-2024-1548.json) (`2024-02-20T20:15:08.267`) +* [CVE-2024-1549](CVE-2024/CVE-2024-15xx/CVE-2024-1549.json) (`2024-02-20T20:15:08.317`) +* [CVE-2024-1550](CVE-2024/CVE-2024-15xx/CVE-2024-1550.json) (`2024-02-20T20:15:08.370`) +* [CVE-2024-1551](CVE-2024/CVE-2024-15xx/CVE-2024-1551.json) (`2024-02-20T20:15:08.413`) +* [CVE-2024-1552](CVE-2024/CVE-2024-15xx/CVE-2024-1552.json) (`2024-02-20T20:15:08.460`) +* [CVE-2024-1553](CVE-2024/CVE-2024-15xx/CVE-2024-1553.json) (`2024-02-20T20:15:08.510`) +* [CVE-2024-23479](CVE-2024/CVE-2024-234xx/CVE-2024-23479.json) (`2024-02-20T20:17:31.460`) +* [CVE-2024-23477](CVE-2024/CVE-2024-234xx/CVE-2024-23477.json) (`2024-02-20T20:38:43.587`) +* [CVE-2024-23476](CVE-2024/CVE-2024-234xx/CVE-2024-23476.json) (`2024-02-20T20:39:10.033`) +* [CVE-2024-23478](CVE-2024/CVE-2024-234xx/CVE-2024-23478.json) (`2024-02-20T20:39:52.377`) ## Download and Usage