From 5e3686c9c5b97ab775772cb7ec6e209c8c96e23b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 17 Jan 2024 15:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-17T15:00:24.567296+00:00 --- CVE-2021/CVE-2021-44xx/CVE-2021-4434.json | 8 +- CVE-2023/CVE-2023-252xx/CVE-2023-25295.json | 8 +- CVE-2023/CVE-2023-362xx/CVE-2023-36235.json | 8 +- CVE-2023/CVE-2023-380xx/CVE-2023-38023.json | 114 ++++++++++++++++++-- CVE-2023/CVE-2023-469xx/CVE-2023-46952.json | 8 +- CVE-2023/CVE-2023-493xx/CVE-2023-49394.json | 71 +++++++++++- CVE-2023/CVE-2023-494xx/CVE-2023-49471.json | 65 ++++++++++- CVE-2023/CVE-2023-495xx/CVE-2023-49515.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49619.json | 59 +++++++++- CVE-2023/CVE-2023-517xx/CVE-2023-51719.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51720.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51721.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51722.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51723.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51724.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51725.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51726.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51727.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51728.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51729.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51730.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51731.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51732.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51733.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51734.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51735.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51736.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51737.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51738.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51739.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51740.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51741.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51742.json | 8 +- CVE-2023/CVE-2023-517xx/CVE-2023-51743.json | 8 +- CVE-2023/CVE-2023-520xx/CVE-2023-52069.json | 8 +- CVE-2023/CVE-2023-522xx/CVE-2023-52285.json | 8 +- CVE-2024/CVE-2024-04xx/CVE-2024-0405.json | 8 +- CVE-2024/CVE-2024-06xx/CVE-2024-0642.json | 55 ++++++++++ CVE-2024/CVE-2024-06xx/CVE-2024-0643.json | 55 ++++++++++ CVE-2024/CVE-2024-06xx/CVE-2024-0645.json | 55 ++++++++++ README.md | 39 +++++-- 41 files changed, 681 insertions(+), 96 deletions(-) create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0642.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0643.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0645.json diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4434.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4434.json index dabeae14c25..5015a83f043 100644 --- a/CVE-2021/CVE-2021-44xx/CVE-2021-4434.json +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4434.json @@ -2,12 +2,16 @@ "id": "CVE-2021-4434", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-17T09:15:25.980", - "lastModified": "2024-01-17T09:15:25.980", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server." + }, + { + "lang": "es", + "value": "El complemento Social Warfare para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en versiones hasta la 3.5.2 inclusive a trav\u00e9s del par\u00e1metro 'swp_url'. Esto permite a los atacantes ejecutar c\u00f3digo en el servidor." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-252xx/CVE-2023-25295.json b/CVE-2023/CVE-2023-252xx/CVE-2023-25295.json index dd3112321d3..f7b6442409c 100644 --- a/CVE-2023/CVE-2023-252xx/CVE-2023-25295.json +++ b/CVE-2023/CVE-2023-252xx/CVE-2023-25295.json @@ -2,12 +2,16 @@ "id": "CVE-2023-25295", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T03:15:07.743", - "lastModified": "2024-01-17T03:15:07.743", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in GRN Software Group eVEWA3 Community version 31 through 53, allows attackers to gain escalated privileges via crafted request to login panel." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross site scripting (XSS) en GRN Software Group eVEWA3 Community versi\u00f3n 31 a 53 permite a los atacantes obtener privilegios aumentados a trav\u00e9s de una solicitud manipulada para el panel de inicio de sesi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36235.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36235.json index fc72c8c3b9a..203ce5e5a16 100644 --- a/CVE-2023/CVE-2023-362xx/CVE-2023-36235.json +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36235.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36235", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T03:15:07.947", - "lastModified": "2024-01-17T03:15:07.947", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter." + }, + { + "lang": "es", + "value": "Un problema en webkul qloapps anterior a v1.6.0 permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro id_order." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38023.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38023.json index 25223447078..0370dfdcb5e 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38023.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38023.json @@ -2,43 +2,137 @@ "id": "CVE-2023-38023", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-30T03:15:08.413", - "lastModified": "2024-01-01T02:12:45.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T14:52:48.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an \"AEPIC Leak.\"" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en SCONE Confidential Computing Platform anterior a 5.8.0 para Intel SGX. La falta de l\u00f3gica de alineaci\u00f3n de puntero en __scone_dispatch y otras funciones de entrada permite que un atacante local acceda a informaci\u00f3n no autorizada, tambi\u00e9n conocida como \"fuga AEPIC\"." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:scontain:scone:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.8.0", + "matchCriteriaId": "ACF15B4C-DE86-40B0-9CE7-C9042533D45B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:intel:software_guard_extensions:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B40511C-A841-4E8F-B081-0451B20C67CA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] }, { "url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://sconedocs.github.io/release5.7/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://sconedocs.github.io/release5.8/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] }, { "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] }, { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46952.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46952.json index 255c200383f..a4a1679417e 100644 --- a/CVE-2023/CVE-2023-469xx/CVE-2023-46952.json +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46952.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46952", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T03:15:07.997", - "lastModified": "2024-01-17T03:15:07.997", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header." + }, + { + "lang": "es", + "value": "La vulnerabilidad de cross site scripting en ABO.CMS v.5.9.3 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el encabezado Referer." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49394.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49394.json index 7e2333ec1d3..81780a45196 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49394.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49394.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49394", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T09:15:44.037", - "lastModified": "2024-01-10T13:56:12.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T13:33:05.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "Las versiones 4.1.3 y anteriores de Zentao tienen una vulnerabilidad de redireccionamiento de URL, que impide que el sistema funcione correctamente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easycorp:zentao:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.1.3", + "matchCriteriaId": "9BF78731-C108-453F-9875-030A56649F7A" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/xue-yao-go/87d088fa3f423bba8098ef22988e4626", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://narrow-payment-2cd.notion.site/zentao-4-1-3-is-vulnerable-URL-redirect-b03f8f9f5b4e4cbea819c2961c097d92?pvs=4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49471.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49471.json index 840c949a719..d3c23de4660 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49471.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49471.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49471", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-10T09:15:44.140", - "lastModified": "2024-01-10T13:56:06.947", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T13:41:42.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Vulnerabilidad de Blind Server-Side Request Forgery (SSRF) en Karlomikus Bar Assistant anterior a la versi\u00f3n 3.2.0 no valida un par\u00e1metro antes de realizar una solicitud a trav\u00e9s de Image::make(), lo que podr\u00eda permitir a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:barassistant:bar_assistant:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.2.0", + "matchCriteriaId": "911453D4-483B-4773-8E79-4ED9169DBE24" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zunak/CVE-2023-49471", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49515.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49515.json index 55fc771b421..30dc8e7a160 100644 --- a/CVE-2023/CVE-2023-495xx/CVE-2023-49515.json +++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49515.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49515", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T02:15:06.957", - "lastModified": "2024-01-17T02:15:06.957", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components." + }, + { + "lang": "es", + "value": "La vulnerabilidad de permisos inseguros en TP Link TC70 y C200 WIFI Camera v.3 firmware v.1.3.4 y corregida en v.1.3.11 permite a un atacante f\u00edsicamente cercano obtener informaci\u00f3n confidencial a trav\u00e9s de una conexi\u00f3n a los componentes del pin UART." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49619.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49619.json index c224db41c8e..cfb1a562093 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49619.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49619.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49619", "sourceIdentifier": "security@apache.org", "published": "2024-01-10T09:15:44.183", - "lastModified": "2024-01-10T15:15:08.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-17T13:44:55.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Ejecuci\u00f3n concurrente utilizando recurso compartido con vulnerabilidad de sincronizaci\u00f3n incorrecta ('condici\u00f3n de ejecuci\u00f3n') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.0. En circunstancias normales, un usuario solo puede marcar una pregunta una vez y solo aumentar\u00e1 la cantidad de preguntas marcadas una vez. Sin embargo, los env\u00edos repetidos a trav\u00e9s del gui\u00f3n pueden aumentar muchas veces el n\u00famero de recopilaci\u00f3n de la pregunta. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.2.1], que soluciona el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -27,14 +50,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.1", + "matchCriteriaId": "2BE51620-4C98-4784-A428-2CCD0BBC91A7" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/10/1", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51719.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51719.json index acd85e24ac9..869a3f11811 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51719.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51719.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51719", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:45.650", - "lastModified": "2024-01-17T07:15:45.650", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Traceroute en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51720.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51720.json index 94ef9d08898..be870f8b1c3 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51720.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51720.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51720", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:46.597", - "lastModified": "2024-01-17T07:15:46.597", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Time Server 1 en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51721.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51721.json index 852b1bcb661..71d0d94d4a1 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51721.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51721.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51721", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:47.207", - "lastModified": "2024-01-17T07:15:47.207", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Time Server 2 en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51722.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51722.json index c4aa5da2125..f15c530e209 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51722.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51722.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51722", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:47.753", - "lastModified": "2024-01-17T07:15:47.753", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Time Server 3 en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51723.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51723.json index 68a2115b6a0..de39beb603a 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51723.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51723.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51723", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:48.370", - "lastModified": "2024-01-17T07:15:48.370", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Description en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51724.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51724.json index 0ab7ab66058..9db60e5f4cc 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51724.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51724.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51724", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:49.050", - "lastModified": "2024-01-17T07:15:49.050", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro URL en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51725.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51725.json index 7633f8b89f0..36282fd5402 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51725.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51725.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51725", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:49.690", - "lastModified": "2024-01-17T07:15:49.690", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Contact Email Address parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Contact Email Address en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51726.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51726.json index 1c94ef5c2fc..a0ec3d3d0bd 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51726.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51726.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51726", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:50.343", - "lastModified": "2024-01-17T07:15:50.343", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro SMTP Server Name en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51727.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51727.json index 2e562738022..bd9a6d05b12 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51727.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51727.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51727", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:50.910", - "lastModified": "2024-01-17T07:15:50.910", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro SMTP Username en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51728.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51728.json index 17a17b2731d..d910304fd84 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51728.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51728.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51728", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:51.540", - "lastModified": "2024-01-17T07:15:51.540", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro SMTP Password en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51729.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51729.json index 4e409b28d01..d6434aaf824 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51729.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51729.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51729", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:52.113", - "lastModified": "2024-01-17T07:15:52.113", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro DDNS Username en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51730.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51730.json index d3d929b8558..23e6cffc135 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51730.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51730.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51730", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:52.710", - "lastModified": "2024-01-17T07:15:52.710", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro DDNS Password en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51731.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51731.json index 1475cb83394..38c523de234 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51731.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51731.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51731", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:53.290", - "lastModified": "2024-01-17T07:15:53.290", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Hostname en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51732.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51732.json index 1d05ff9b696..9d2904689cd 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51732.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51732.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51732", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T07:15:53.873", - "lastModified": "2024-01-17T07:15:53.873", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the IPsec Tunnel Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro IPsec Tunnel Name en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51733.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51733.json index 41902fb897c..c3292d865b7 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51733.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51733.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51733", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:36.110", - "lastModified": "2024-01-17T08:15:36.110", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Identity en la configuraci\u00f3n del endpoint local en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51734.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51734.json index 48516cfc8e4..826bd3cf1ac 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51734.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51734.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51734", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:36.477", - "lastModified": "2024-01-17T08:15:36.477", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Identity en la configuraci\u00f3n del endpoint remoto en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51735.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51735.json index 759a298ed0b..c61c2292a3e 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51735.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51735.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51735", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:36.730", - "lastModified": "2024-01-17T08:15:36.730", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Pre-shared key parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Pre-shared key en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51736.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51736.json index 4cda153f90b..d8ad5545bae 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51736.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51736.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51736", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:36.990", - "lastModified": "2024-01-17T08:15:36.990", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Username L2TP/PPTP en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51737.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51737.json index c5d1b71ed04..204a0e8b4f2 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51737.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51737.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51737", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:37.230", - "lastModified": "2024-01-17T08:15:37.230", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Preshared Phrase en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51738.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51738.json index a1fcc67c217..6c323b956ec 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51738.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51738.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51738", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:37.487", - "lastModified": "2024-01-17T08:15:37.487", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name (SSID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Network Name (SSID) en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51739.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51739.json index 8deb3996ec0..ea32e9e73ef 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51739.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51739.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51739", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:37.740", - "lastModified": "2024-01-17T08:15:37.740", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Device Name en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51740.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51740.json index a81a61cf915..c7dc2faf207 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51740.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51740.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51740", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:37.970", - "lastModified": "2024-01-17T08:15:37.970", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim\u2019s network traffic to extract username and password from the web interface (Login Page) of the vulnerable targeted system." + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a la transmisi\u00f3n de credenciales de autenticaci\u00f3n en texto plano a trav\u00e9s de la red. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad escuchando a escondidas el tr\u00e1fico de red de la v\u00edctima para extraer el nombre de usuario y la contrase\u00f1a de la interfaz web (p\u00e1gina de inicio de sesi\u00f3n) del sistema objetivo vulnerable." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51741.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51741.json index e953acccb79..533a66e00ed 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51741.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51741.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51741", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:38.223", - "lastModified": "2024-01-17T08:15:38.223", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim\u2019s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system." + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a la transmisi\u00f3n de credenciales de autenticaci\u00f3n en texto plano a trav\u00e9s de la red. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad escuchando a escondidas el tr\u00e1fico de red de la v\u00edctima para extraer el nombre de usuario y la contrase\u00f1a de la interfaz web (p\u00e1gina de restablecimiento de contrase\u00f1a) del sistema objetivo vulnerable." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51742.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51742.json index 4f75987cc7b..05042a73126 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51742.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51742.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51742", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:38.487", - "lastModified": "2024-01-17T08:15:38.487", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Add Downstream Frequency parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. \n\nSuccessful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Add Downstream Frequency en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar un ataque de denegaci\u00f3n de servicio (DoS) en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51743.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51743.json index 277d59ac11c..0ef357ec510 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51743.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51743.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51743", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2024-01-17T08:15:38.750", - "lastModified": "2024-01-17T08:15:38.750", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Set Upstream Channel ID (UCID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. \n\nSuccessful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.\n" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad existe en Skyworth Router CM5100, versi\u00f3n 4.1.1.24, debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro Set Upstream Channel ID (UCID) en su interfaz web. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al par\u00e1metro en la interfaz web del sistema objetivo vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante realizar un ataque de denegaci\u00f3n de servicio (DoS) en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52069.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52069.json index 6ed36e46328..88a0697bac7 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52069.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52069.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52069", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T03:15:08.043", - "lastModified": "2024-01-17T03:15:08.043", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que kodbox v1.49.04 conten\u00eda una vulnerabilidad de cross site scripting (XSS) a trav\u00e9s del par\u00e1metro URL." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52285.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52285.json index 838c1e3b142..f78bf41aadf 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52285.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52285.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52285", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T08:15:39.013", - "lastModified": "2024-01-17T08:15:39.013", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:37.163", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter." + }, + { + "lang": "es", + "value": "ExamSys 9150244 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro /Support/action/Pages.php s_score2." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0405.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0405.json index 9989a7a089d..342a47c95a6 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0405.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0405.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0405", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-17T05:15:08.913", - "lastModified": "2024-01-17T05:15:08.913", - "vulnStatus": "Received", + "lastModified": "2024-01-17T14:01:41.410", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Burst Statistics \u2013 Privacy-Friendly Analytics para WordPress, versi\u00f3n 1.5.3, es vulnerable a la inyecci\u00f3n SQL post-autenticada a trav\u00e9s de m\u00faltiples par\u00e1metros JSON en el endpoint /wp-json/burst/v1/data/compare. Los par\u00e1metros afectados incluyen \"browser\", \"device\", \"page_id\", \"page_url\", \"platform\" y \"referrer\". Esta vulnerabilidad surge debido a un escape insuficiente de los par\u00e1metros proporcionados por el usuario y a la falta de preparaci\u00f3n adecuada en las consultas SQL. Como resultado, los atacantes autenticados con acceso de editor o superior pueden agregar consultas SQL adicionales a las existentes, lo que podr\u00eda conducir a un acceso no autorizado a informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0642.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0642.json new file mode 100644 index 00000000000..34f8fcfaec5 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0642.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0642", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-17T14:15:43.470", + "lastModified": "2024-01-17T14:15:43.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0643.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0643.json new file mode 100644 index 00000000000..b00db8e00da --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0643.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0643", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-17T14:15:43.920", + "lastModified": "2024-01-17T14:15:43.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0645.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0645.json new file mode 100644 index 00000000000..318cba3cd64 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0645.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0645", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-17T14:15:44.113", + "lastModified": "2024-01-17T14:15:44.113", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler (SEH) records." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-explorer", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c2542ca9152..0446b8d8159 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-17T11:00:24.069303+00:00 +2024-01-17T15:00:24.567296+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-17T09:15:25.980000+00:00 +2024-01-17T14:52:48.957000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236205 +236208 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -* [CVE-2021-4434](CVE-2021/CVE-2021-44xx/CVE-2021-4434.json) (`2024-01-17T09:15:25.980`) +* [CVE-2024-0642](CVE-2024/CVE-2024-06xx/CVE-2024-0642.json) (`2024-01-17T14:15:43.470`) +* [CVE-2024-0643](CVE-2024/CVE-2024-06xx/CVE-2024-0643.json) (`2024-01-17T14:15:43.920`) +* [CVE-2024-0645](CVE-2024/CVE-2024-06xx/CVE-2024-0645.json) (`2024-01-17T14:15:44.113`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `37` +* [CVE-2023-51734](CVE-2023/CVE-2023-517xx/CVE-2023-51734.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-51735](CVE-2023/CVE-2023-517xx/CVE-2023-51735.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-51736](CVE-2023/CVE-2023-517xx/CVE-2023-51736.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-51737](CVE-2023/CVE-2023-517xx/CVE-2023-51737.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-51738](CVE-2023/CVE-2023-517xx/CVE-2023-51738.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-51739](CVE-2023/CVE-2023-517xx/CVE-2023-51739.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-51740](CVE-2023/CVE-2023-517xx/CVE-2023-51740.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-51741](CVE-2023/CVE-2023-517xx/CVE-2023-51741.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-51742](CVE-2023/CVE-2023-517xx/CVE-2023-51742.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-51743](CVE-2023/CVE-2023-517xx/CVE-2023-51743.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-52285](CVE-2023/CVE-2023-522xx/CVE-2023-52285.json) (`2024-01-17T14:01:37.163`) +* [CVE-2023-49515](CVE-2023/CVE-2023-495xx/CVE-2023-49515.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-25295](CVE-2023/CVE-2023-252xx/CVE-2023-25295.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-36235](CVE-2023/CVE-2023-362xx/CVE-2023-36235.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-46952](CVE-2023/CVE-2023-469xx/CVE-2023-46952.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-52069](CVE-2023/CVE-2023-520xx/CVE-2023-52069.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-51719](CVE-2023/CVE-2023-517xx/CVE-2023-51719.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-51720](CVE-2023/CVE-2023-517xx/CVE-2023-51720.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-51721](CVE-2023/CVE-2023-517xx/CVE-2023-51721.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-51722](CVE-2023/CVE-2023-517xx/CVE-2023-51722.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-51723](CVE-2023/CVE-2023-517xx/CVE-2023-51723.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-51724](CVE-2023/CVE-2023-517xx/CVE-2023-51724.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-51725](CVE-2023/CVE-2023-517xx/CVE-2023-51725.json) (`2024-01-17T14:01:41.410`) +* [CVE-2023-38023](CVE-2023/CVE-2023-380xx/CVE-2023-38023.json) (`2024-01-17T14:52:48.957`) +* [CVE-2024-0405](CVE-2024/CVE-2024-04xx/CVE-2024-0405.json) (`2024-01-17T14:01:41.410`) ## Download and Usage