admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-17T15:00:24.567296+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-17 15:00:28 +00:00
parent 451557370f
commit 5e3686c9c5
41 changed files with 681 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2021/CVE-2021-44xx/CVE-2021-4434.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-4434",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-17T09:15:25.980",
"lastModified": "2024-01-17T09:15:25.980",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server."
},
{
"lang": "es",
"value": "El complemento Social Warfare para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en versiones hasta la 3.5.2 inclusive a trav\u00e9s del par\u00e1metro 'swp_url'. Esto permite a los atacantes ejecutar c\u00f3digo en el servidor."
}
],
"metrics": {

8
CVE-2023/CVE-2023-252xx/CVE-2023-25295.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-25295",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T03:15:07.743",
"lastModified": "2024-01-17T03:15:07.743",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in GRN Software Group eVEWA3 Community version 31 through 53, allows attackers to gain escalated privileges via crafted request to login panel."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) en GRN Software Group eVEWA3 Community versi\u00f3n 31 a 53 permite a los atacantes obtener privilegios aumentados a trav\u00e9s de una solicitud manipulada para el panel de inicio de sesi\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-362xx/CVE-2023-36235.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36235",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T03:15:07.947",
"lastModified": "2024-01-17T03:15:07.947",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter."
},
{
"lang": "es",
"value": "Un problema en webkul qloapps anterior a v1.6.0 permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro id_order."
}
],
"metrics": {},

114
CVE-2023/CVE-2023-380xx/CVE-2023-38023.json
View File

@ -2,43 +2,137 @@
"id": "CVE-2023-38023",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-30T03:15:08.413",
"lastModified": "2024-01-01T02:12:45.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T14:52:48.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an \"AEPIC Leak.\""
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en SCONE Confidential Computing Platform anterior a 5.8.0 para Intel SGX. La falta de l\u00f3gica de alineaci\u00f3n de puntero en __scone_dispatch y otras funciones de entrada permite que un atacante local acceda a informaci\u00f3n no autorizada, tambi\u00e9n conocida como \"fuga AEPIC\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:scontain:scone:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.8.0",
"matchCriteriaId": "ACF15B4C-DE86-40B0-9CE7-C9042533D45B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:intel:software_guard_extensions:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B40511C-A841-4E8F-B081-0451B20C67CA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://sconedocs.github.io/release5.7/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://sconedocs.github.io/release5.8/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-469xx/CVE-2023-46952.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46952",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T03:15:07.997",
"lastModified": "2024-01-17T03:15:07.997",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting en ABO.CMS v.5.9.3 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el encabezado Referer."
}
],
"metrics": {},

71
CVE-2023/CVE-2023-493xx/CVE-2023-49394.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49394",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:44.037",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T13:33:05.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,76 @@
"value": "Las versiones 4.1.3 y anteriores de Zentao tienen una vulnerabilidad de redireccionamiento de URL, que impide que el sistema funcione correctamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easycorp:zentao:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.1.3",
"matchCriteriaId": "9BF78731-C108-453F-9875-030A56649F7A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/xue-yao-go/87d088fa3f423bba8098ef22988e4626",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://narrow-payment-2cd.notion.site/zentao-4-1-3-is-vulnerable-URL-redirect-b03f8f9f5b4e4cbea819c2961c097d92?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-494xx/CVE-2023-49471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49471",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:44.140",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T13:41:42.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de Blind Server-Side Request Forgery (SSRF) en Karlomikus Bar Assistant anterior a la versi\u00f3n 3.2.0 no valida un par\u00e1metro antes de realizar una solicitud a trav\u00e9s de Image::make(), lo que podr\u00eda permitir a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:barassistant:bar_assistant:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "911453D4-483B-4773-8E79-4ED9169DBE24"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zunak/CVE-2023-49471",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-495xx/CVE-2023-49515.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49515",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T02:15:06.957",
"lastModified": "2024-01-17T02:15:06.957",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components."
},
{
"lang": "es",
"value": "La vulnerabilidad de permisos inseguros en TP Link TC70 y C200 WIFI Camera v.3 firmware v.1.3.4 y corregida en v.1.3.11 permite a un atacante f\u00edsicamente cercano obtener informaci\u00f3n confidencial a trav\u00e9s de una conexi\u00f3n a los componentes del pin UART."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-496xx/CVE-2023-49619.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49619",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-10T09:15:44.183",
"lastModified": "2024-01-10T15:15:08.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-17T13:44:55.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,7 +14,30 @@
"value": "Ejecuci\u00f3n concurrente utilizando recurso compartido con vulnerabilidad de sincronizaci\u00f3n incorrecta ('condici\u00f3n de ejecuci\u00f3n') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.0. En circunstancias normales, un usuario solo puede marcar una pregunta una vez y solo aumentar\u00e1 la cantidad de preguntas marcadas una vez. Sin embargo, los env\u00edos repetidos a trav\u00e9s del gui\u00f3n pueden aumentar muchas veces el n\u00famero de recopilaci\u00f3n de la pregunta. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.2.1], que soluciona el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,14 +50,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.1",
"matchCriteriaId": "2BE51620-4C98-4784-A428-2CCD0BBC91A7"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/10/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-517xx/CVE-2023-51719.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51719",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:45.650",
"lastModified": "2024-01-17T07:15:45.650",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Traceroute en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51720.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51720",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:46.597",
"lastModified": "2024-01-17T07:15:46.597",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Time Server 1 en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51721.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51721",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:47.207",
"lastModified": "2024-01-17T07:15:47.207",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Time Server 2 en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51722.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51722",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:47.753",
"lastModified": "2024-01-17T07:15:47.753",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Time Server 3 en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51723.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51723",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:48.370",
"lastModified": "2024-01-17T07:15:48.370",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Description en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51724.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51724",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:49.050",
"lastModified": "2024-01-17T07:15:49.050",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro URL en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51725.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51725",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:49.690",
"lastModified": "2024-01-17T07:15:49.690",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Contact Email Address parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Contact Email Address en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51726.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51726",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:50.343",
"lastModified": "2024-01-17T07:15:50.343",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro SMTP Server Name en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51727.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51727",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:50.910",
"lastModified": "2024-01-17T07:15:50.910",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro SMTP Username en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51728.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51728",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:51.540",
"lastModified": "2024-01-17T07:15:51.540",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro SMTP Password en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51729.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51729",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:52.113",
"lastModified": "2024-01-17T07:15:52.113",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro DDNS Username en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51730.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51730",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:52.710",
"lastModified": "2024-01-17T07:15:52.710",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro DDNS Password en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51731.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51731",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:53.290",
"lastModified": "2024-01-17T07:15:53.290",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Hostname en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51732.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51732",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T07:15:53.873",
"lastModified": "2024-01-17T07:15:53.873",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the IPsec Tunnel Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro IPsec Tunnel Name en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51733.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51733",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:36.110",
"lastModified": "2024-01-17T08:15:36.110",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Identity en la configuraci\u00f3n del endpoint local en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51734.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51734",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:36.477",
"lastModified": "2024-01-17T08:15:36.477",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Identity en la configuraci\u00f3n del endpoint remoto en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51735.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51735",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:36.730",
"lastModified": "2024-01-17T08:15:36.730",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Pre-shared key parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Pre-shared key en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51736.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51736",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:36.990",
"lastModified": "2024-01-17T08:15:36.990",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Username L2TP/PPTP en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51737.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51737",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:37.230",
"lastModified": "2024-01-17T08:15:37.230",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Preshared Phrase en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51738.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51738",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:37.487",
"lastModified": "2024-01-17T08:15:37.487",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name (SSID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Network Name (SSID) en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51739.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51739",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:37.740",
"lastModified": "2024-01-17T08:15:37.740",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Device Name en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51740.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51740",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:37.970",
"lastModified": "2024-01-17T08:15:37.970",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim\u2019s network traffic to extract username and password from the web interface (Login Page) of the vulnerable targeted system."
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a la transmisi\u00f3n de credenciales de autenticaci\u00f3n en texto plano a trav\u00e9s de la red. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad escuchando a escondidas el tr\u00e1fico de red de la v\u00edctima para extraer el nombre de usuario y la contrase\u00f1a de la interfaz web (p\u00e1gina de inicio de sesi\u00f3n) del sistema objetivo vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51741.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51741",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:38.223",
"lastModified": "2024-01-17T08:15:38.223",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim\u2019s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system."
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a la transmisi\u00f3n de credenciales de autenticaci\u00f3n en texto plano a trav\u00e9s de la red. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad escuchando a escondidas el tr\u00e1fico de red de la v\u00edctima para extraer el nombre de usuario y la contrase\u00f1a de la interfaz web (p\u00e1gina de restablecimiento de contrase\u00f1a) del sistema objetivo vulnerable."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51742.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51742",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:38.487",
"lastModified": "2024-01-17T08:15:38.487",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Add Downstream Frequency parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. \n\nSuccessful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Add Downstream Frequency en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar un ataque de denegaci\u00f3n de servicio (DoS) en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-517xx/CVE-2023-51743.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51743",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-01-17T08:15:38.750",
"lastModified": "2024-01-17T08:15:38.750",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Set Upstream Channel ID (UCID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. \n\nSuccessful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.\n"
},
{
"lang": "es",
"value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Set Upstream Channel ID (UCID) en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar un ataque de denegaci\u00f3n de servicio (DoS) en el sistema objetivo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-520xx/CVE-2023-52069.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52069",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T03:15:08.043",
"lastModified": "2024-01-17T03:15:08.043",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que kodbox v1.49.04 conten\u00eda una vulnerabilidad de cross site scripting (XSS) a trav\u00e9s del par\u00e1metro URL."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-522xx/CVE-2023-52285.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52285",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T08:15:39.013",
"lastModified": "2024-01-17T08:15:39.013",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter."
},
{
"lang": "es",
"value": "ExamSys 9150244 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro /Support/action/Pages.php s_score2."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-04xx/CVE-2024-0405.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0405",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-17T05:15:08.913",
"lastModified": "2024-01-17T05:15:08.913",
"vulnStatus": "Received",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento Burst Statistics \u2013 Privacy-Friendly Analytics para WordPress, versi\u00f3n 1.5.3, es vulnerable a la inyecci\u00f3n SQL post-autenticada a trav\u00e9s de m\u00faltiples par\u00e1metros JSON en el endpoint /wp-json/burst/v1/data/compare. Los par\u00e1metros afectados incluyen \"browser\", \"device\", \"page_id\", \"page_url\", \"platform\" y \"referrer\". Esta vulnerabilidad surge debido a un escape insuficiente de los par\u00e1metros proporcionados por el usuario y a la falta de preparaci\u00f3n adecuada en las consultas SQL. Como resultado, los atacantes autenticados con acceso de editor o superior pueden agregar consultas SQL adicionales a las existentes, lo que podr\u00eda conducir a un acceso no autorizado a informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {

55
CVE-2024/CVE-2024-06xx/CVE-2024-0642.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0642",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-17T14:15:43.470",
"lastModified": "2024-01-17T14:15:43.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-06xx/CVE-2024-0643.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0643",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-17T14:15:43.920",
"lastModified": "2024-01-17T14:15:43.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-06xx/CVE-2024-0645.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0645",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-17T14:15:44.113",
"lastModified": "2024-01-17T14:15:44.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler (SEH) records."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-explorer",
"source": "cve-coordination@incibe.es"
}
]
}

39
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-17T11:00:24.069303+00:00
2024-01-17T15:00:24.567296+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-17T09:15:25.980000+00:00
2024-01-17T14:52:48.957000+00:00
```
### Last Data Feed Release
@ -29,20 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236205
236208
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `3`
* [CVE-2021-4434](CVE-2021/CVE-2021-44xx/CVE-2021-4434.json) (`2024-01-17T09:15:25.980`)
* [CVE-2024-0642](CVE-2024/CVE-2024-06xx/CVE-2024-0642.json) (`2024-01-17T14:15:43.470`)
* [CVE-2024-0643](CVE-2024/CVE-2024-06xx/CVE-2024-0643.json) (`2024-01-17T14:15:43.920`)
* [CVE-2024-0645](CVE-2024/CVE-2024-06xx/CVE-2024-0645.json) (`2024-01-17T14:15:44.113`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `37`
* [CVE-2023-51734](CVE-2023/CVE-2023-517xx/CVE-2023-51734.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51735](CVE-2023/CVE-2023-517xx/CVE-2023-51735.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51736](CVE-2023/CVE-2023-517xx/CVE-2023-51736.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51737](CVE-2023/CVE-2023-517xx/CVE-2023-51737.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51738](CVE-2023/CVE-2023-517xx/CVE-2023-51738.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51739](CVE-2023/CVE-2023-517xx/CVE-2023-51739.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51740](CVE-2023/CVE-2023-517xx/CVE-2023-51740.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51741](CVE-2023/CVE-2023-517xx/CVE-2023-51741.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51742](CVE-2023/CVE-2023-517xx/CVE-2023-51742.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-51743](CVE-2023/CVE-2023-517xx/CVE-2023-51743.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-52285](CVE-2023/CVE-2023-522xx/CVE-2023-52285.json) (`2024-01-17T14:01:37.163`)
* [CVE-2023-49515](CVE-2023/CVE-2023-495xx/CVE-2023-49515.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-25295](CVE-2023/CVE-2023-252xx/CVE-2023-25295.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-36235](CVE-2023/CVE-2023-362xx/CVE-2023-36235.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-46952](CVE-2023/CVE-2023-469xx/CVE-2023-46952.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-52069](CVE-2023/CVE-2023-520xx/CVE-2023-52069.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51719](CVE-2023/CVE-2023-517xx/CVE-2023-51719.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51720](CVE-2023/CVE-2023-517xx/CVE-2023-51720.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51721](CVE-2023/CVE-2023-517xx/CVE-2023-51721.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51722](CVE-2023/CVE-2023-517xx/CVE-2023-51722.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51723](CVE-2023/CVE-2023-517xx/CVE-2023-51723.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51724](CVE-2023/CVE-2023-517xx/CVE-2023-51724.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-51725](CVE-2023/CVE-2023-517xx/CVE-2023-51725.json) (`2024-01-17T14:01:41.410`)
* [CVE-2023-38023](CVE-2023/CVE-2023-380xx/CVE-2023-38023.json) (`2024-01-17T14:52:48.957`)
* [CVE-2024-0405](CVE-2024/CVE-2024-04xx/CVE-2024-0405.json) (`2024-01-17T14:01:41.410`)
## Download and Usage