admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-29T15:00:24.860612+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-29 15:00:28 +00:00
parent 8baa794125
commit 59457a7a43
75 changed files with 2431 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CVE-2023/CVE-2023-290xx/CVE-2023-29055.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-29055",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-29T13:15:07.970",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials.\n\nTo avoid this threat, users are recommended to\u00a0\n\n * Always turn on HTTPS so that network payload is encrypted.\n\n * Avoid putting credentials in kylin.properties, or at least not in plain text.\n * Use network firewalls to protect the serverside such that it is not accessible to external attackers.\n\n * Upgrade to version Apache Kylin 4.0.4, which filters out the sensitive content that goes to the Server Config web interface.\n\n"
},
{
"lang": "es",
"value": "En Apache Kylin versi\u00f3n 2.0.0 a 4.0.3, hay una interfaz web de configuraci\u00f3n de servidor que muestra el contenido del archivo 'kylin.properties', que puede contener credenciales del lado del servidor. Cuando el servicio kylin se ejecuta a trav\u00e9s de HTTP (u otro protocolo de texto plano), es posible que los rastreadores de red secuestren el payload HTTP y obtengan acceso al contenido de kylin.properties y potencialmente a las credenciales que lo contienen. Para evitar esta amenaza, se recomienda a los usuarios * activar siempre HTTPS para que el payload de la red est\u00e9 cifrado. * Evite poner credenciales en kylin.properties, o al menos no en texto plano. * Utilice firewalls de red para proteger el lado del servidor de modo que no sea accesible para atacantes externos. * Actualice a la versi\u00f3n Apache Kylin 4.0.4, que filtra el contenido confidencial que va a la interfaz web de Server Config."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r",
"source": "security@apache.org"
}
]
}

4
CVE-2023/CVE-2023-468xx/CVE-2023-46838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46838",
"sourceIdentifier": "security@xen.org",
"published": "2024-01-29T11:15:07.933",
"lastModified": "2024-01-29T11:15:07.933",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-482xx/CVE-2023-48201.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48201",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T06:15:47.880",
"lastModified": "2024-01-27T06:15:47.880",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting (XSS) en Sunlight CMS v.8.0.1 permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario y escalar privilegios a trav\u00e9s de una secuencia de comandos manipulada al componente del editor de texto de contenido."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-482xx/CVE-2023-48202.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48202",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T06:15:47.967",
"lastModified": "2024-01-27T06:15:47.967",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting (XSS) en Sunlight CMS 8.0.1 permite a un usuario autenticado con pocos privilegios escalar privilegios a trav\u00e9s de un archivo SVG manipulado en el componente File Manager."
}
],
"metrics": {},

18
CVE-2023/CVE-2023-490xx/CVE-2023-49081.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49081",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-30T07:15:08.723",
"lastModified": "2024-01-08T03:15:13.457",
"lastModified": "2024-01-29T14:15:08.373",
"vulnStatus": "Modified",
"descriptions": [
{
@ -107,6 +107,14 @@
"Third Party Advisory"
]
},
{
"url": "https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aio-libs/aiohttp/pull/7835/files",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2",
"source": "security-advisories@github.com",
@ -114,14 +122,6 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A/",
"source": "security-advisories@github.com"
}
]
}

18
CVE-2023/CVE-2023-490xx/CVE-2023-49082.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49082",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-29T20:15:08.180",
"lastModified": "2024-01-08T03:15:13.593",
"lastModified": "2024-01-29T14:15:08.580",
"vulnStatus": "Modified",
"descriptions": [
{
@ -101,6 +101,14 @@
"Third Party Advisory"
]
},
{
"url": "https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aio-libs/aiohttp/pull/7806/files",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx",
"source": "security-advisories@github.com",
@ -108,14 +116,6 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A/",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-523xx/CVE-2023-52389.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52389",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T03:15:07.883",
"lastModified": "2024-01-27T03:15:07.883",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0."
},
{
"lang": "es",
"value": "UTF32Encoding.cpp en POCO tiene Poco::UTF32Encoding un desbordamiento de enteros y un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria resultante porque Poco::UTF32Encoding::convert() y Poco::UTF32::queryConvert() pueden devolver un entero negativo si una secuencia de bytes UTF-32 se eval\u00faa a un valor de 0x80000000 o superior. Esto se solucion\u00f3 en 1.11.8p2, 1.12.5p2 y 1.13.0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-53xx/CVE-2023-5378.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5378",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-29T12:15:07.860",
"lastModified": "2024-01-29T12:15:07.860",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2 (newer versions were not tested; the vendor has not confirmed fixing the vulnerability). \n\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en MegaBIP y el software SmodBIP que ya no es compatible permite almacenar XSS. Este problema afecta a SmodBIP en todas las versiones y a MegaBIP en versiones hasta 4.36.2 (las versiones m\u00e1s recientes no se probaron; el proveedor no ha confirmado que solucione la vulnerabilidad)."
}
],
"metrics": {

8
CVE-2023/CVE-2023-62xx/CVE-2023-6200.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6200",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-28T13:15:07.817",
"lastModified": "2024-01-28T13:15:07.817",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el kernel de Linux. Bajo ciertas condiciones, un atacante no autenticado de una red adyacente podr\u00eda enviar un paquete de publicidad de enrutador ICMPv6, provocando la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {

8
CVE-2023/CVE-2023-64xx/CVE-2023-6482.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6482",
"sourceIdentifier": "PSIRT@synaptics.com",
"published": "2024-01-27T01:15:08.033",
"lastModified": "2024-01-27T01:15:08.033",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use of encryption key derived from static information in Synaptics Fingerprint Driver allows \n\nan attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor.\u00a0This may \nallow an attacker, who has physical access to the sensor, to enroll a fingerprint into the \ntemplate database."
},
{
"lang": "es",
"value": "El uso de una clave de cifrado derivada de informaci\u00f3n est\u00e1tica en Synaptics Fingerprint Driver permite a un atacante configurar una sesi\u00f3n TLS con el sensor de huellas digitales y enviar comandos restringidos al sensor de huellas digitales. Esto puede permitir que un atacante, que tiene acceso f\u00edsico al sensor, registre una huella digital en la base de datos de la plantilla."
}
],
"metrics": {

8
CVE-2023/CVE-2023-64xx/CVE-2023-6497.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6497",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-27T04:15:08.047",
"lastModified": "2024-01-27T04:15:08.047",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento WordPress Simple Shopping Cart para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de URL de redireccionamiento autom\u00e1tico en todas las versiones hasta la 4.7.1 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0212.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0212",
"sourceIdentifier": "cna@cloudflare.com",
"published": "2024-01-29T10:15:08.013",
"lastModified": "2024-01-29T10:15:08.013",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el complemento Cloudflare Wordpress era vulnerable a una autenticaci\u00f3n incorrecta. La vulnerabilidad permite a los atacantes con una cuenta con menos privilegios acceder a datos de la API de Cloudflare."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0618.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0618",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-27T06:15:48.010",
"lastModified": "2024-01-27T06:15:48.010",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de t\u00edtulos de formulario importados en todas las versiones hasta la 5.1.5 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de administrador, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0664.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0664",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-27T04:15:08.237",
"lastModified": "2024-01-27T04:15:08.237",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento Meks Smart Social Widget para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del Meks Smart Social Widget en todas las versiones hasta la 1.6.3 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de administrador, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0667.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0667",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-27T04:15:08.453",
"lastModified": "2024-01-27T04:15:08.453",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Form Maker de 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.15.21 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'execute'. Esto hace posible que atacantes no autenticados ejecuten m\u00e9todos arbitrarios en la clase 'BoosterController' a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0697.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0697",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-27T05:15:08.470",
"lastModified": "2024-01-27T05:15:08.470",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information."
},
{
"lang": "es",
"value": "El complemento Backuply \u2013 Backup, Restore, Migrate and Clone para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 1.2.3 inclusive a trav\u00e9s del par\u00e1metro node_id en la funci\u00f3n backuply_get_jstree. Esto hace posible que atacantes con privilegios de administrador o superiores lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."
}
],
"metrics": {

69
CVE-2024/CVE-2024-07xx/CVE-2024-0770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0770",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-21T23:15:44.273",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T14:00:47.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:echa.europa:iuclid:7.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0EF040E-347D-423A-9981-B9AC90E7BD39"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://imagebin.ca/v/7nx8zv3l62Kf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.251670",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251670",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-07xx/CVE-2024-0771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0771",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-21T23:15:44.567",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T14:13:07.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -65,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -75,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nsasoft:product_key_explorer:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0820ED-D971-4E5B-9D92-A60381D3C80F"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.251671",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251671",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/eecN5mC0avU",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
}
]
}

69
CVE-2024/CVE-2024-07xx/CVE-2024-0772.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0772",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T00:15:06.807",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T14:12:53.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -65,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -75,18 +105,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nsasoft:sharealarmpro:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6632DF6E-C47C-44C2-8DF5-9612EF40A0D6"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.251672",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251672",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/WIeWeuXbkiY",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
}
]
}

57
CVE-2024/CVE-2024-07xx/CVE-2024-0774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0774",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T01:15:08.033",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T13:50:37.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:taurisoft:any_sound_recorder:2.93:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAE6C7E-2006-42A2-B826-CF6F5EF06D1F"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.251674",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251674",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/f_4eHkISrZg",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
}
]
}

58
CVE-2024/CVE-2024-07xx/CVE-2024-0776.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0776",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T01:15:08.263",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T13:49:14.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pb-cms_project:pb-cms:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F86DD81E-85E9-48B3-A5A2-DE92B739D7C6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.251678",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251678",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-08xx/CVE-2024-0804.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0804",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.720",
"lastModified": "2024-01-26T02:15:07.777",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:29:25.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "La aplicaci\u00f3n insuficiente de pol\u00edticas en iOS Security UI en Google Chrome anterior a 121.0.6167.85 permiti\u00f3 que un atacante remoto filtrara datos de or\u00edgenes cruzados a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1515137",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

100
CVE-2024/CVE-2024-08xx/CVE-2024-0805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0805",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.787",
"lastModified": "2024-01-26T02:15:07.833",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:24:19.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,109 @@
"value": "La implementaci\u00f3n inadecuada en Downloads en Google Chrome anterior a 121.0.6167.85 permiti\u00f3 a un atacante remoto realizar una suplantaci\u00f3n de dominio a trav\u00e9s de un nombre de dominio manipulado. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1514925",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
}
]
}

100
CVE-2024/CVE-2024-08xx/CVE-2024-0806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0806",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.847",
"lastModified": "2024-01-26T02:15:07.887",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:24:48.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,109 @@
"value": "Use after free en Passwords en Google Chrome anterior a 121.0.6167.85 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una interacci\u00f3n de interfaz de usuario espec\u00edfica. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1505176",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-08xx/CVE-2024-0807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0807",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.897",
"lastModified": "2024-01-26T02:15:07.943",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:25:31.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "Use after free en Web Audio en Google Chrome anterior a 121.0.6167.85 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1505080",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-08xx/CVE-2024-0808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0808",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.950",
"lastModified": "2024-01-26T02:15:07.993",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:25:59.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "El desbordamiento de enteros en WebUI en Google Chrome anterior a 121.0.6167.85 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de un archivo malicioso. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1504936",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-08xx/CVE-2024-0809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0809",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.003",
"lastModified": "2024-01-26T02:15:08.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:26:42.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "La implementaci\u00f3n inapropiada de Autocompletar en Google Chrome anterior a 121.0.6167.85 permiti\u00f3 a un atacante remoto evitar las restricciones de Autocompletar a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: baja)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1497985",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

82
CVE-2024/CVE-2024-08xx/CVE-2024-0810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0810",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.063",
"lastModified": "2024-01-26T02:15:08.107",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:29:03.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,91 @@
"value": "La aplicaci\u00f3n insuficiente de pol\u00edticas en DevTools en Google Chrome antes de 121.0.6167.85 permiti\u00f3 a un atacante que convenci\u00f3 a un usuario de instalar una extensi\u00f3n maliciosa para filtrar datos de or\u00edgenes cruzados a trav\u00e9s de una extensi\u00f3n de Chrome manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1496250",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-08xx/CVE-2024-0811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0811",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.117",
"lastModified": "2024-01-26T02:15:08.160",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:27:18.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "La implementaci\u00f3n inadecuada en Extensions API en Google Chrome anterior a 121.0.6167.85 permiti\u00f3 a un atacante que convenci\u00f3 a un usuario de instalar una extensi\u00f3n maliciosa para filtrar datos de or\u00edgenes cruzados a trav\u00e9s de una extensi\u00f3n de Chrome manipulada. (Severidad de seguridad de Chrome: baja)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1494490",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-08xx/CVE-2024-0812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0812",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.167",
"lastModified": "2024-01-26T02:15:08.210",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:28:45.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "La implementaci\u00f3n inadecuada de Accessibility en Google Chrome anterior a 121.0.6167.85 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de objetos a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1484394",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-08xx/CVE-2024-0813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0813",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.223",
"lastModified": "2024-01-26T02:15:08.263",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:28:14.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "Use after free en Reading Mode en Google Chrome anterior a 121.0.6167.85 permiti\u00f3 a un atacante convencer a un usuario de instalar una extensi\u00f3n maliciosa para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una interacci\u00f3n espec\u00edfica de la interfaz de usuario. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1477151",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-08xx/CVE-2024-0814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0814",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.273",
"lastModified": "2024-01-26T02:15:08.317",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T14:27:48.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,111 @@
"value": "La interfaz de usuario de seguridad incorrecta en Payments en Google Chrome anterior a 121.0.6167.85 permit\u00eda a un atacante remoto falsificar potencialmente la interfaz de usuario de seguridad a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.6167.85",
"matchCriteriaId": "73FE6D96-D7C7-4D4E-AEB8-89D59E790616"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1463935",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-08xx/CVE-2024-0824.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0824",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-27T05:15:08.767",
"lastModified": "2024-01-27T05:15:08.767",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Exclusive Addons for Elementor para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la funcionalidad Link Anything en todas las versiones hasta la 2.6.8 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-08xx/CVE-2024-0841.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0841",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-28T12:15:52.737",
"lastModified": "2024-01-28T12:15:52.737",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo de desreferencia de puntero null en la funci\u00f3n Hugetlbfs_fill_super en la funcionalidad Hugetlbfs (p\u00e1ginas HugeTLB) del kernel de Linux. Este problema puede permitir que un usuario local bloquee el sistema o potencialmente aumente sus privilegios en el sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0958.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0958",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-27T06:15:48.183",
"lastModified": "2024-01-27T06:15:48.183",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en CodeAstro Stock Management System 1.0 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /index.php del componente Add Category Handler. La manipulaci\u00f3n del argumento Category Name/Category Description conduce a cross site scripting. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252203."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0959.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0959",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-27T11:15:17.497",
"lastModified": "2024-01-27T11:15:17.497",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\\utils\\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en StanfordVL GibsonEnv 0.3.1. Ha sido clasificada como cr\u00edtica. La funci\u00f3n cloudpickle.load del archivo gibson\\utils\\pposgd_fuse.py es afectada por la vulnerabilidad. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. Es posible lanzar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252204."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0960.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0960",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-27T12:15:07.903",
"lastModified": "2024-01-27T12:15:07.903",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \\ai_flow\\cli\\commands\\workflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en flink-extended ai-flow 0.3.1. Ha sido declarado cr\u00edtico. La funci\u00f3n cloudpickle.loads del archivo \\ai_flow\\cli\\commands\\workflow_command.py es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. El ataque se puede lanzar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252205."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0962.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0962",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-27T13:15:07.973",
"lastModified": "2024-01-27T13:15:07.973",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en obgm libcoap 4.3.4. Ha sido calificada como cr\u00edtica. La funci\u00f3n get_split_entry del archivo src/coap_oscore.c del componente Configuration File Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. VDB-252206 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0986.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0986",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T00:15:07.850",
"lastModified": "2024-01-29T00:15:07.850",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Issabel PBX 4.0.0. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /index.php?menu=asterisk_cli del componente Asterisk-Cli. La manipulaci\u00f3n del argumento Command conduce a la inyecci\u00f3n de comando del sistema operativo. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252251. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0987.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0987",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T00:15:08.143",
"lastModified": "2024-01-29T00:15:08.143",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Sichuan Yougou Technology KuERP hasta 1.0.4 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /runtime/log es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una neutralizaci\u00f3n incorrecta de la salida de registros. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252252. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0988.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0988",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T00:15:08.403",
"lastModified": "2024-01-29T00:15:08.403",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument App_User_id/App_user_Token leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-252253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Sichuan Yougou Technology KuERP hasta 1.0.4 y clasificada como cr\u00edtica. La funci\u00f3n checklogin del archivo /application/index/common.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento App_User_id/App_user_Token conduce a una autenticaci\u00f3n incorrecta. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252253. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0989.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0989",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T01:15:07.890",
"lastModified": "2024-01-29T01:15:07.890",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en Sichuan Yougou Technology KuERP hasta 1.0.4. La funci\u00f3n del_sn_db del archivo /application/index/controller/Service.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumentos file conduce a path traversal: '../filedir'. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252254 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0990.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0990",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T01:15:08.150",
"lastModified": "2024-01-29T01:15:08.150",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tenda i6 1.0.0.9(3857). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component httpd. The manipulation of the argument ping1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tenda i6 1.0.0.9(3857) y clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n formSetAutoPing del archivo /goform/setAutoPing del componente httpd. La manipulaci\u00f3n del argumento ping1 provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252255. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0991.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0991",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T01:15:08.440",
"lastModified": "2024-01-29T01:15:08.440",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Tenda i6 1.0.0.9(3857) y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n formSetCfm del archivo /goform/setcfm del componente httpd. La manipulaci\u00f3n del argumento funcpara1 provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252256. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0992.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0992",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T01:15:08.737",
"lastModified": "2024-01-29T01:15:08.737",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as critical. This issue affects the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tenda i6 1.0.0.9(3857) y clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n formwrlSSIDset del archivo /goform/wifiSSIDset del componente httpd. La manipulaci\u00f3n del argumento index conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252257. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0993.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0993",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T02:15:07.547",
"lastModified": "2024-01-29T02:15:07.547",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda i6 1.0.0.9(3857). It has been classified as critical. Affected is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tenda i6 1.0.0.9(3857). Ha sido clasificada como cr\u00edtica. La funci\u00f3n formWifiMacFilterGet del archivo /goform/WifiMacFilterGet del componente httpd es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento index conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252258 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0994.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0994",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T02:15:07.940",
"lastModified": "2024-01-29T02:15:07.940",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been declared as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tenda W6 1.0.0.9(4122). Ha sido declarada cr\u00edtica. La funci\u00f3n formSetCfm del archivo /goform/setcfm del componente httpd es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento funcpara1 provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252259. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0995.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0995",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T02:15:08.190",
"lastModified": "2024-01-29T02:15:08.190",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tenda W6 1.0.0.9(4122). Ha sido calificada como cr\u00edtica. La funci\u00f3n formwrlSSIDset del archivo /goform/wifiSSIDset del componente httpd es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento index conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252260. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-09xx/CVE-2024-0996.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0996",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T03:15:07.217",
"lastModified": "2024-01-29T03:15:07.217",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). This affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Tenda i9 1.0.0.9(4122) y clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n formSetCfm del archivo /goform/setcfm del componente httpd. La manipulaci\u00f3n del argumento funcpara1 provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252261. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

92
CVE-2024/CVE-2024-09xx/CVE-2024-0997.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-0997",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T13:15:08.127",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Totolink N200RE 9.3.5u.6139_B20201216 y clasificada como cr\u00edtica. La funci\u00f3n setOpModeCfg del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento pppoeUser provoca un Totolink N200RE 9.3.5u.6139_B20201216. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-252266 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setOpModeCfg-9faac02b13d84bd3b7fe84aab68c7add?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252266",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252266",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-09xx/CVE-2024-0998.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-0998",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T13:15:08.470",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Totolink N200RE 9.3.5u.6139_B20201216. Ha sido clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n setDiagnosisCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento ip conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252267. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setDiagnosisCfg-b2d36451543e4c6da063646721a24604?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252267",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252267",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-09xx/CVE-2024-0999.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-0999",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T13:15:08.753",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument eTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Totolink N200RE 9.3.5u.6139_B20201216. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n setParentalRules del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento eTime provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252268. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setParentalRules-f891c062b86349a596ee173cb456b4f6?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252268",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252268",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1000.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1000",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T14:15:08.717",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252269 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setTracerouteCfg-b6b3fe05b4a945a3bc460dbcb61dfc75?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252269",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252269",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1001.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1001",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T14:15:08.970",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-main-942df77e9c70495390e4aed2a29f3d13?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252270",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252270",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1002.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1002",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T14:15:09.200",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setIpPortFilterRules-71c3f0a947e14b7f95fa19b7d6676994?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252271",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252271",
"source": "cna@vuldb.com"
}
]
}

55
CVE-2024/CVE-2024-10xx/CVE-2024-1014.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1014",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-29T14:15:09.437",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could interrupt the availability of the administration panel by sending multiple ICMP packets."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-10xx/CVE-2024-1015.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1015",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-29T14:15:09.657",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products",
"source": "cve-coordination@incibe.es"
}
]
}

70
CVE-2024/CVE-2024-221xx/CVE-2024-22113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22113",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-22T05:15:09.050",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T14:23:46.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Vulnerabilidad de redireccionamiento abierto en el an\u00e1lisis de Access CGI An-Analyzer lanzado el 31 de diciembre de 2023 y antes permite a un atacante remoto no autenticado redirigir a los usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL especialmente manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anglers-net:cgi_an-anlyzer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-12-31",
"matchCriteriaId": "F487E53F-8808-4579-AEEE-919088D72305"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN73587943/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.anglers-net.com/anlog/update/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22559.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22559",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T14:15:09.940",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/eddy8/LightCMS/issues/34",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-228xx/CVE-2024-22860.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22860",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T06:15:48.430",
"lastModified": "2024-01-27T06:15:48.430",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente jpegxl_anim_read_packet en el decodificador de animaci\u00f3n JPEG XL."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-228xx/CVE-2024-22861.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22861",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T07:15:07.603",
"lastModified": "2024-01-27T07:15:07.603",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s del m\u00f3dulo avcodec/osq."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-228xx/CVE-2024-22862.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22862",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T06:15:48.477",
"lastModified": "2024-01-27T06:15:48.477",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de JJPEG XL Parser."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23738.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23738",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T01:15:07.933",
"lastModified": "2024-01-28T01:15:07.933",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings."
},
{
"lang": "es",
"value": "Un problema en Postman versi\u00f3n 10.22 y anteriores en macOS permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23739.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23739",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T03:15:07.700",
"lastModified": "2024-01-28T03:15:07.700",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings."
},
{
"lang": "es",
"value": "Un problema en Discord para macOS versi\u00f3n 0.0.291 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23740.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23740",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T04:15:07.830",
"lastModified": "2024-01-28T04:15:07.830",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings."
},
{
"lang": "es",
"value": "Un problema en Kap para macOS versi\u00f3n 3.6.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23741.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23741",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T03:15:08.337",
"lastModified": "2024-01-28T03:15:08.337",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings."
},
{
"lang": "es",
"value": "Un problema en Hyper en macOS versi\u00f3n 3.4.1 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23742.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23742",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T03:15:08.390",
"lastModified": "2024-01-28T03:15:08.390",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings."
},
{
"lang": "es",
"value": "Un problema en Loom en macOS versi\u00f3n 0.196.1 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la configuraci\u00f3n RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23743.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23743",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T02:15:08.773",
"lastModified": "2024-01-28T02:15:08.773",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Notion for macOS version 3.1.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components."
},
{
"lang": "es",
"value": "Un problema en Notion para macOS versi\u00f3n 3.1.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de los componentes RunAsNode y enableNodeClilnspectArguments."
}
],
"metrics": {},

24
CVE-2024/CVE-2024-237xx/CVE-2024-23747.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23747",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T14:15:09.993",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/louiselalanne/CVE-2024-23747",
"source": "cve@mitre.org"
},
{
"url": "https://modernasistemas.com.br/sitems/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-237xx/CVE-2024-23782.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23782",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-28T23:15:58.350",
"lastModified": "2024-01-28T23:15:58.350",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:25.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting existe en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a Ver.2.11.58, versiones de la serie Ver.2.10.x anteriores a Ver.2.10.50 y Ver.2.9.0 y versiones anteriores. Si se explota esta vulnerabilidad, un usuario con un privilegio de colaborador o superior puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio web utilizando el producto."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23790.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23790",
"sourceIdentifier": "security@otrs.com",
"published": "2024-01-29T10:15:08.263",
"lastModified": "2024-01-29T10:15:08.263",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en la funcionalidad de carga de avatares de usuarios permite un mal uso de la funcionalidad debido a la falta de verificaci\u00f3n de los tipos de archivos. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.48, desde 8.0.X hasta 8.0.37, desde 2023 hasta 2023.1.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23791.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23791",
"sourceIdentifier": "security@otrs.com",
"published": "2024-01-29T10:15:08.483",
"lastModified": "2024-01-29T10:15:08.483",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
},
{
"lang": "es",
"value": "La inserci\u00f3n de informaci\u00f3n de depuraci\u00f3n en el archivo de registro durante la creaci\u00f3n del \u00edndice de b\u00fasqueda el\u00e1stico permite leer informaci\u00f3n confidencial de los art\u00edculos. Este problema afecta a OTRS: de 7.0.X a 7.0.48, de 8.0.X a 8.0.37, de 2023.X a 2023.1 .1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23792.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23792",
"sourceIdentifier": "security@otrs.com",
"published": "2024-01-29T10:15:08.683",
"lastModified": "2024-01-29T10:15:08.683",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\n\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
},
{
"lang": "es",
"value": "Al agregar archivos adjuntos a los comentarios del ticket, otro usuario puede agregar archivos adjuntos y hacerse pasar por el usuario original. El ataque requiere que otro usuario que haya iniciado sesi\u00f3n conozca el UUID. Mientras el usuario leg\u00edtimo completa el comentario, el usuario malintencionado puede agregar m\u00e1s archivos al comentario. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.48, desde 8.0.X hasta 8.0.37, desde 2023.X hasta 2023.1.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-247xx/CVE-2024-24736.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24736",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T04:15:07.637",
"lastModified": "2024-01-29T04:15:07.637",
"vulnStatus": "Received",
"lastModified": "2024-01-29T14:25:21.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558."
},
{
"lang": "es",
"value": "El servicio POP3 en YahooPOPs (tambi\u00e9n conocido como YPOPs!) 1.6 permite una denegaci\u00f3n remota de servicio (reboot) a trav\u00e9s de una larga cadena al puerto TCP 110, un problema relacionado con CVE-2004-1558."
}
],
"metrics": {},

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-29T13:00:25.035188+00:00
2024-01-29T15:00:24.860612+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-29T12:15:07.860000+00:00
2024-01-29T14:29:25.953000+00:00
```
### Last Data Feed Release
@ -29,21 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237001
237012
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `11`
* [CVE-2023-46838](CVE-2023/CVE-2023-468xx/CVE-2023-46838.json) (`2024-01-29T11:15:07.933`)
* [CVE-2023-5378](CVE-2023/CVE-2023-53xx/CVE-2023-5378.json) (`2024-01-29T12:15:07.860`)
* [CVE-2023-29055](CVE-2023/CVE-2023-290xx/CVE-2023-29055.json) (`2024-01-29T13:15:07.970`)
* [CVE-2024-0997](CVE-2024/CVE-2024-09xx/CVE-2024-0997.json) (`2024-01-29T13:15:08.127`)
* [CVE-2024-0998](CVE-2024/CVE-2024-09xx/CVE-2024-0998.json) (`2024-01-29T13:15:08.470`)
* [CVE-2024-0999](CVE-2024/CVE-2024-09xx/CVE-2024-0999.json) (`2024-01-29T13:15:08.753`)
* [CVE-2024-1000](CVE-2024/CVE-2024-10xx/CVE-2024-1000.json) (`2024-01-29T14:15:08.717`)
* [CVE-2024-1001](CVE-2024/CVE-2024-10xx/CVE-2024-1001.json) (`2024-01-29T14:15:08.970`)
* [CVE-2024-1002](CVE-2024/CVE-2024-10xx/CVE-2024-1002.json) (`2024-01-29T14:15:09.200`)
* [CVE-2024-1014](CVE-2024/CVE-2024-10xx/CVE-2024-1014.json) (`2024-01-29T14:15:09.437`)
* [CVE-2024-1015](CVE-2024/CVE-2024-10xx/CVE-2024-1015.json) (`2024-01-29T14:15:09.657`)
* [CVE-2024-22559](CVE-2024/CVE-2024-225xx/CVE-2024-22559.json) (`2024-01-29T14:15:09.940`)
* [CVE-2024-23747](CVE-2024/CVE-2024-237xx/CVE-2024-23747.json) (`2024-01-29T14:15:09.993`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `63`
* [CVE-2024-0989](CVE-2024/CVE-2024-09xx/CVE-2024-0989.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0990](CVE-2024/CVE-2024-09xx/CVE-2024-0990.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0991](CVE-2024/CVE-2024-09xx/CVE-2024-0991.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0992](CVE-2024/CVE-2024-09xx/CVE-2024-0992.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0993](CVE-2024/CVE-2024-09xx/CVE-2024-0993.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0994](CVE-2024/CVE-2024-09xx/CVE-2024-0994.json) (`2024-01-29T14:25:25.440`)
* [CVE-2024-0664](CVE-2024/CVE-2024-06xx/CVE-2024-0664.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0667](CVE-2024/CVE-2024-06xx/CVE-2024-0667.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0697](CVE-2024/CVE-2024-06xx/CVE-2024-0697.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0824](CVE-2024/CVE-2024-08xx/CVE-2024-0824.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0618](CVE-2024/CVE-2024-06xx/CVE-2024-0618.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0958](CVE-2024/CVE-2024-09xx/CVE-2024-0958.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-22860](CVE-2024/CVE-2024-228xx/CVE-2024-22860.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-22862](CVE-2024/CVE-2024-228xx/CVE-2024-22862.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-22861](CVE-2024/CVE-2024-228xx/CVE-2024-22861.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0959](CVE-2024/CVE-2024-09xx/CVE-2024-0959.json) (`2024-01-29T14:25:30.223`)
* [CVE-2024-0807](CVE-2024/CVE-2024-08xx/CVE-2024-0807.json) (`2024-01-29T14:25:31.763`)
* [CVE-2024-0808](CVE-2024/CVE-2024-08xx/CVE-2024-0808.json) (`2024-01-29T14:25:59.197`)
* [CVE-2024-0809](CVE-2024/CVE-2024-08xx/CVE-2024-0809.json) (`2024-01-29T14:26:42.917`)
* [CVE-2024-0811](CVE-2024/CVE-2024-08xx/CVE-2024-0811.json) (`2024-01-29T14:27:18.327`)
* [CVE-2024-0814](CVE-2024/CVE-2024-08xx/CVE-2024-0814.json) (`2024-01-29T14:27:48.647`)
* [CVE-2024-0813](CVE-2024/CVE-2024-08xx/CVE-2024-0813.json) (`2024-01-29T14:28:14.090`)
* [CVE-2024-0812](CVE-2024/CVE-2024-08xx/CVE-2024-0812.json) (`2024-01-29T14:28:45.320`)
* [CVE-2024-0810](CVE-2024/CVE-2024-08xx/CVE-2024-0810.json) (`2024-01-29T14:29:03.063`)
* [CVE-2024-0804](CVE-2024/CVE-2024-08xx/CVE-2024-0804.json) (`2024-01-29T14:29:25.953`)
## Download and Usage