From 6392719977d0b24be551a40ecad5b1a8eb862c57 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 5 Feb 2024 15:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-02-05T15:00:26.125532+00:00 --- CVE-2021/CVE-2021-44xx/CVE-2021-4436.json | 8 +- CVE-2023/CVE-2023-515xx/CVE-2023-51504.json | 8 +- CVE-2023/CVE-2023-518xx/CVE-2023-51888.json | 69 +++++++++++++++- CVE-2023/CVE-2023-518xx/CVE-2023-51889.json | 69 +++++++++++++++- CVE-2023/CVE-2023-518xx/CVE-2023-51890.json | 69 +++++++++++++++- CVE-2023/CVE-2023-52xx/CVE-2023-5249.json | 8 +- CVE-2023/CVE-2023-56xx/CVE-2023-5643.json | 8 +- CVE-2023/CVE-2023-56xx/CVE-2023-5677.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5800.json | 8 +- CVE-2023/CVE-2023-70xx/CVE-2023-7077.json | 8 +- CVE-2024/CVE-2024-12xx/CVE-2024-1225.json | 92 +++++++++++++++++++++ CVE-2024/CVE-2024-200xx/CVE-2024-20001.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20002.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20003.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20004.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20006.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20007.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20009.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20010.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20011.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20012.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20013.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20015.json | 8 +- CVE-2024/CVE-2024-200xx/CVE-2024-20016.json | 8 +- CVE-2024/CVE-2024-223xx/CVE-2024-22386.json | 8 +- CVE-2024/CVE-2024-226xx/CVE-2024-22667.json | 8 +- CVE-2024/CVE-2024-231xx/CVE-2024-23108.json | 55 ++++++++++++ CVE-2024/CVE-2024-231xx/CVE-2024-23109.json | 55 ++++++++++++ CVE-2024/CVE-2024-231xx/CVE-2024-23196.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24838.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24839.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24841.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24846.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24847.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24848.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24855.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24857.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24858.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24859.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24860.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24861.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24864.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24865.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24866.json | 8 +- CVE-2024/CVE-2024-248xx/CVE-2024-24870.json | 8 +- README.md | 39 +++++++-- 46 files changed, 663 insertions(+), 97 deletions(-) create mode 100644 CVE-2024/CVE-2024-12xx/CVE-2024-1225.json create mode 100644 CVE-2024/CVE-2024-231xx/CVE-2024-23108.json create mode 100644 CVE-2024/CVE-2024-231xx/CVE-2024-23109.json diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4436.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4436.json index c4fc0a6ef71..79fcc9a715e 100644 --- a/CVE-2021/CVE-2021-44xx/CVE-2021-4436.json +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4436.json @@ -2,12 +2,16 @@ "id": "CVE-2021-4436", "sourceIdentifier": "contact@wpscan.com", "published": "2024-02-05T09:15:43.013", - "lastModified": "2024-02-05T09:15:43.013", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache." + }, + { + "lang": "es", + "value": "El complemento 3DPrint Lite de WordPress anterior a 1.9.1.5 no tiene ninguna autorizaci\u00f3n y no verifica el archivo cargado en su acci\u00f3n p3dlite_handle_upload AJAX, lo que permite a usuarios no autenticados cargar archivos arbitrarios al servidor web. Sin embargo, existe un .htaccess que impide acceder al archivo en servidores web como Apache." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51504.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51504.json index 10af28938b3..62d092ad94e 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51504.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51504.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51504", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T06:15:46.400", - "lastModified": "2024-02-05T06:15:46.400", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Dan Dulaney Dan's Embedder para Google Calendar permite almacenar XSS. Este problema afecta a Dan's Embedder para Google Calendar: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51888.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51888.json index 104e3e4aa71..13d49039c8c 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51888.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51888.json @@ -2,19 +2,80 @@ "id": "CVE-2023-51888", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T18:15:08.240", - "lastModified": "2024-01-24T18:45:30.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-05T14:11:51.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n nomath() en Mathtex v.1.05 y anteriores permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de una cadena manipulada en la URL de la aplicaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ctan:mathtex:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05", + "matchCriteriaId": "813741B4-82DA-4CEF-AC14-13D54FA54A13" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51889.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51889.json index 2e17dc1566a..05a46e01d8e 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51889.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51889.json @@ -2,19 +2,80 @@ "id": "CVE-2023-51889", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T18:15:08.320", - "lastModified": "2024-01-24T18:45:30.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-05T14:10:48.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n validar() en Mathtex v.1.05 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena manipulada en la URL de la aplicaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ctan:mathtex:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05", + "matchCriteriaId": "813741B4-82DA-4CEF-AC14-13D54FA54A13" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51890.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51890.json index 22310638e4e..b07dec79200 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51890.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51890.json @@ -2,19 +2,80 @@ "id": "CVE-2023-51890", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T18:15:08.380", - "lastModified": "2024-01-24T18:45:30.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-05T13:57:15.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL." + }, + { + "lang": "es", + "value": "Un problema de bucle infinito descubierto en Mathtex 1.05 y anteriores permite a atacantes remotos consumir recursos de CPU a trav\u00e9s de una cadena manipulada en la URL de la aplicaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ctan:mathtex:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05", + "matchCriteriaId": "813741B4-82DA-4CEF-AC14-13D54FA54A13" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5249.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5249.json index 89c4add51bc..b7491cefe2c 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5249.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5249.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5249", "sourceIdentifier": "arm-security@arm.com", "published": "2024-02-05T10:15:08.310", - "lastModified": "2024-02-05T10:15:08.310", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system\u2019s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Use After Free en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria inadecuadas para explotar una condici\u00f3n de ejecuci\u00f3n del software. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez provocar\u00e1 un use-after-free. Este problema afecta al controlador del kernel de GPU Bifrost: de r35p0 a r40p0; Controlador del kernel de GPU Valhall: desde r35p0 hasta r40p0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5643.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5643.json index 47d4c4ca1e6..df2334bdd61 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5643.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5643.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5643", "sourceIdentifier": "arm-security@arm.com", "published": "2024-02-05T10:15:08.410", - "lastModified": "2024-02-05T10:15:08.410", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a\u00a0local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system\u2019s memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de escritura fuera de los l\u00edmites en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria GPU inadecuadas. Dependiendo de la configuraci\u00f3n del controlador del kernel de GPU de Mali, y si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podr\u00eda escribir en la memoria fuera de los l\u00edmites del b\u00fafer. Este problema afecta al controlador del kernel de GPU Bifrost: desde r41p0 hasta r45p0; Controlador del kernel de GPU Valhall: desde r41p0 hasta r45p0; Controlador del kernel de arquitectura de GPU Arm de quinta generaci\u00f3n: desde r41p0 hasta r45p0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5677.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5677.json index 1eacf183313..a8e9d26029c 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5677.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5677.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5677", "sourceIdentifier": "product-security@axis.com", "published": "2024-02-05T06:15:46.690", - "lastModified": "2024-02-05T06:15:46.690", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Brandon\nRothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi\ndid not have a sufficient input validation allowing for a possible remote code\nexecution. This flaw can only be exploited after authenticating with an\noperator- or administrator-privileged service account. The impact of exploiting\nthis vulnerability is lower with operator-privileges compared to\nadministrator-privileges service accounts. Axis has released patched AXIS OS\nversions for the highlighted flaw. Please refer to the Axis security advisory\nfor more information and solution. \n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Brandon Rothel de QED Secure Solutions descubri\u00f3 que la API VAPIX tcptest.cgi no ten\u00eda una validaci\u00f3n de entrada suficiente que permitiera una posible ejecuci\u00f3n remota de c\u00f3digo. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. El impacto de explotar esta vulnerabilidad es menor con privilegios de operador en comparaci\u00f3n con cuentas de servicio con privilegios de administrador. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5800.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5800.json index 730c4e2e86c..7ce1aa10770 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5800.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5800.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5800", "sourceIdentifier": "product-security@axis.com", "published": "2024-02-05T06:15:46.863", - "lastModified": "2024-02-05T06:15:46.863", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vintage,\nmember of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi\ndid not have a sufficient input validation allowing for a possible remote code\nexecution. This flaw can only be exploited after authenticating with an\noperator- or administrator-privileged service account. Axis has released patched AXIS OS\nversions for the highlighted flaw. Please refer to the Axis security advisory\nfor more information and solution.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Vintage, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX create_overlay.cgi no ten\u00eda una validaci\u00f3n de entrada suficiente que permitiera una posible ejecuci\u00f3n remota de c\u00f3digo. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7077.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7077.json index f8bf1523aab..7981b70c1ea 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7077.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7077.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7077", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2024-02-05T07:15:09.690", - "lastModified": "2024-02-05T07:15:09.690", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.\n\n" + }, + { + "lang": "es", + "value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551 S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) permite a un atacante ejecutar c\u00f3digo remoto enviando par\u00e1metros no deseados en una solicitud http." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1225.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1225.json new file mode 100644 index 00000000000..3737074ec27 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1225.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-1225", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-05T13:15:58.977", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en QiboSoft QiboCMS X1 hasta 1.0.6 y clasificada como cr\u00edtica. La funci\u00f3n rmb_pay del archivo /application/index/controller/Pay.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento callback_class conduce a la deserializaci\u00f3n. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252847. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/jDWk6INLzO12", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252847", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252847", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20001.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20001.json index b6338c8ad1c..14ae4601546 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20001.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20001.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20001", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.027", - "lastModified": "2024-02-05T06:15:47.027", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601." + }, + { + "lang": "es", + "value": "En TVAPI, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: DTV03961601; ID del problema: DTV03961601." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20002.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20002.json index fdf6d37563c..fb52675790f 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20002.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20002.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20002", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.083", - "lastModified": "2024-02-05T06:15:47.083", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715." + }, + { + "lang": "es", + "value": "En TVAPI, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: DTV03961715; ID del problema: DTV03961715." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20003.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20003.json index ce73f837692..a0dcad4d12e 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20003.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20003.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20003", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.130", - "lastModified": "2024-02-05T06:15:47.130", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981)." + }, + { + "lang": "es", + "value": "En Modem NL1, existe una posible falla del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio, si NW env\u00eda un mensaje de configuraci\u00f3n de conexi\u00f3n NR RRC no v\u00e1lido, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01191612; ID del problema: MOLY01191612 (MSV-981)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20004.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20004.json index 1015fe9ff13..6f5e9f741d2 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20004.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20004.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20004", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.190", - "lastModified": "2024-02-05T06:15:47.190", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985)." + }, + { + "lang": "es", + "value": "En Modem NL1, existe una posible falla del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio, si NW env\u00eda un mensaje de configuraci\u00f3n de conexi\u00f3n NR RRC no v\u00e1lido, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01191612; ID del problema: MOLY01195812 (MSV-985)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20006.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20006.json index 772ba749db2..ce9ad91d3e9 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20006.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20006.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20006", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.233", - "lastModified": "2024-02-05T06:15:47.233", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148." + }, + { + "lang": "es", + "value": "En da, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08477148; ID del problema: ALPS08477148." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20007.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20007.json index 9eeaed0363b..5417341cad7 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20007.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20007.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20007", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.283", - "lastModified": "2024-02-05T06:15:47.283", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369." + }, + { + "lang": "es", + "value": "En el decodificador de mp3, existe una posible escritura fuera de los l\u00edmites debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08441369; ID del problema: ALPS08441369." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20009.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20009.json index 41870ba8dc1..f2d7b438274 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20009.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20009.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20009", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.330", - "lastModified": "2024-02-05T06:15:47.330", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150." + }, + { + "lang": "es", + "value": "En el decodificador alac, existe una posible escritura fuera de los l\u00edmites debido a un manejo incorrecto de errores. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08441150; ID del problema: ALPS08441150." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20010.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20010.json index c91dfb29c6f..8e010f8c0ab 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20010.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20010.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20010", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.387", - "lastModified": "2024-02-05T06:15:47.387", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560." + }, + { + "lang": "es", + "value": "En keyInstall, existe una posible escalada de privilegios debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08358560; ID del problema: ALPS08358560." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20011.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20011.json index 366b8e742dd..9f61d0e4d4c 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20011.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20011.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20011", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.447", - "lastModified": "2024-02-05T06:15:47.447", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146." + }, + { + "lang": "es", + "value": "En el decodificador alac, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08441146; ID del problema: ALPS08441146." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20012.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20012.json index 57fdb28cd76..38eb4389ff3 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20012.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20012.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20012", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.490", - "lastModified": "2024-02-05T06:15:47.490", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566." + }, + { + "lang": "es", + "value": "En keyInstall, existe una posible escalada de privilegios debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08358566; ID del problema: ALPS08358566." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20013.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20013.json index d79bf444d7b..76646729cb2 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20013.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20013.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20013", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.530", - "lastModified": "2024-02-05T06:15:47.530", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608." + }, + { + "lang": "es", + "value": "En keyInstall, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08471742; ID del problema: ALPS08308608." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20015.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20015.json index fa8d8ccc02b..bb2ba4286e2 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20015.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20015.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20015", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.580", - "lastModified": "2024-02-05T06:15:47.580", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419." + }, + { + "lang": "es", + "value": "En telephony, existe una posible escalada de privilegios debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08441419; ID del problema: ALPS08441419." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20016.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20016.json index 00fa4d578d4..29f918986df 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20016.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20016.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20016", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.627", - "lastModified": "2024-02-05T06:15:47.627", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901." + }, + { + "lang": "es", + "value": "En ged, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con los privilegios de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS07835901; ID del problema: ALPS07835901." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22386.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22386.json index 0857b31dba1..56a79bfbcb5 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22386.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22386.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22386", "sourceIdentifier": "security@openanolis.org", "published": "2024-02-05T08:15:43.830", - "lastModified": "2024-02-05T08:15:43.830", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's drm/exynos device driver in\u00a0exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo drm/exynos del kernel de Linux en la funci\u00f3n exynos_drm_crtc_atomic_disable(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22667.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22667.json index 9bc8a2c3ca2..ac13ddab8be 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22667.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22667.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22667", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-05T08:15:44.110", - "lastModified": "2024-02-05T08:15:44.110", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions." + }, + { + "lang": "es", + "value": "Vim anterior a 9.0.2142 tiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria porque did_set_langmap en map.c llama a sprintf para escribir en el b\u00fafer de error que se pasa a las funciones de devoluci\u00f3n de llamada de opci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23108.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23108.json new file mode 100644 index 00000000000..c95140ded37 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23108.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23108", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-02-05T14:15:57.827", + "lastModified": "2024-02-05T14:15:57.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via\u00a0crafted API requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-130", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23109.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23109.json new file mode 100644 index 00000000000..4cbb3734b18 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23109.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23109", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-02-05T14:15:59.100", + "lastModified": "2024-02-05T14:15:59.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via\u00a0crafted API requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-130", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23196.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23196.json index 8d6adda5dca..51409c9a769 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23196.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23196.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23196", "sourceIdentifier": "security@openanolis.org", "published": "2024-02-05T08:15:44.167", - "lastModified": "2024-02-05T08:15:44.167", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo de sonido/hda del kernel de Linux en la funci\u00f3n snd_hdac_regmap_sync(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24838.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24838.json index 2c3a15de984..dea366a6518 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24838.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24838.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24838", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T07:15:10.237", - "lastModified": "2024-02-05T07:15:10.237", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Five Star Plugins Five Star Restaurant Reviews permite almacenar XSS. Este problema afecta a Five Star Restaurant Reviews: desde n/a hasta 2.3.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24839.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24839.json index b80f1b346a3..3c13b4df151 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24839.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24839.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24839", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T07:15:10.850", - "lastModified": "2024-02-05T07:15:10.850", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon B\u00f6hme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Gordon B\u00f6hme, Antonio Leutsch Structured Content (JSON-LD) #wpsc permite almacenar XSS. Este problema afecta a Structured Content (JSON-LD) #wpsc: de n/a hasta 1.6.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24841.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24841.json index 15facdd5541..0cd3972d01c 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24841.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24841.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24841", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T07:15:11.437", - "lastModified": "2024-02-05T07:15:11.437", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Dan's Art Add Customer for WooCommerce permite almacenar XSS. Este problema afecta a Add Customer for WooCommerce: desde n/a hasta 1.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24846.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24846.json index 632deeab00b..a0d9689307a 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24846.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24846.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24846", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T07:15:12.257", - "lastModified": "2024-02-05T07:15:12.257", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en MightyThemes Mighty Addons para Elementor permite Reflected XSS. Este problema afecta a Mighty Addons para Elementor: desde n/a hasta 1.9.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24847.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24847.json index e09c0835793..9da0e8bf03b 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24847.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24847.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24847", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T07:15:13.387", - "lastModified": "2024-02-05T07:15:13.387", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en jgadbois CalculatorPro Calculators permite XSS reflejado. Este problema afecta a CalculatorPro Calculators: desde n/a hasta 1.1.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24848.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24848.json index fcdcba56ff0..9a3cbe10d5b 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24848.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24848.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24848", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T07:15:13.970", - "lastModified": "2024-02-05T07:15:13.970", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') enMJS Software PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy permiten almacenar XSS. Este problema afecta a PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy: desde n/a hasta 1.0.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24855.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24855.json index f1cec875e6b..1862ce795ad 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24855.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24855.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24855", "sourceIdentifier": "security@openanolis.org", "published": "2024-02-05T08:15:44.353", - "lastModified": "2024-02-05T08:15:44.353", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo scsi del kernel de Linux en la funci\u00f3n lpfc_unregister_fcf_rescan(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24857.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24857.json index f845cfc0334..b474fcebd8a 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24857.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24857.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24857", "sourceIdentifier": "security@openanolis.org", "published": "2024-02-05T08:15:44.533", - "lastModified": "2024-02-05T08:15:44.533", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo net/bluetooth del kernel de Linux en la funci\u00f3n conn_info_{min,max}_age_set(). Esto puede provocar un problema de desbordamiento de enteros, lo que posiblemente provoque una anomal\u00eda en la conexi\u00f3n Bluetooth o una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24858.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24858.json index 50c519f1cf4..93389b2e5c2 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24858.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24858.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24858", "sourceIdentifier": "security@openanolis.org", "published": "2024-02-05T08:15:44.713", - "lastModified": "2024-02-05T08:15:44.713", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en la red/bluetooth del kernel de Linux en la funci\u00f3n {conn,adv}_{min,max}_interval_set(). Esto puede provocar una conexi\u00f3n I2cap o un problema de anomal\u00eda en la transmisi\u00f3n, lo que posiblemente provoque una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24859.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24859.json index 08aa2ad263b..560ee032790 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24859.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24859.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24859", "sourceIdentifier": "security@openanolis.org", "published": "2024-02-05T08:15:44.897", - "lastModified": "2024-02-05T08:15:44.897", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en la red/bluetooth del kernel de Linux en la funci\u00f3n sniff_{min,max}_interval_set(). Esto puede provocar un problema de excepci\u00f3n de rastreo de Bluetooth, lo que posiblemente provoque una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24860.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24860.json index 19bde171d68..a43815ec063 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24860.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24860.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24860", "sourceIdentifier": "security@openanolis.org", "published": "2024-02-05T08:15:45.077", - "lastModified": "2024-02-05T08:15:45.077", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador del dispositivo Bluetooth del kernel de Linux en la funci\u00f3n {min,max}_key_size_set(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24861.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24861.json index 0a03e285f2e..87db7603851 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24861.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24861.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24861", "sourceIdentifier": "security@openanolis.org", "published": "2024-02-05T08:15:45.253", - "lastModified": "2024-02-05T08:15:45.253", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo media/xc4000 del kernel de Linux en la funci\u00f3n xc4000 xc4000_get_frequency(). Esto puede provocar un problema de desbordamiento del valor de retorno, lo que posiblemente provoque un mal funcionamiento o un problema de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24864.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24864.json index fc48a3695c0..f82e4dd8315 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24864.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24864.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24864", "sourceIdentifier": "security@openanolis.org", "published": "2024-02-05T08:15:45.433", - "lastModified": "2024-02-05T08:15:45.433", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write()\u00a0function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en media/dvb-core del kernel de Linux en la funci\u00f3n dvbdmx_write(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24865.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24865.json index ec4542df9bb..70edbce767b 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24865.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24865.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24865", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T07:15:14.510", - "lastModified": "2024-02-05T07:15:14.510", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:19.310", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Noah Kagan Scroll Triggered Box permite almacenar XSS. Este problema afecta el Scroll Triggered Box: desde n/a hasta 2.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24866.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24866.json index 42028f3cacd..9e3077865c7 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24866.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24866.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24866", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T06:15:47.677", - "lastModified": "2024-02-05T06:15:47.677", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo permite XSS Reflejado. Este problema afecta a Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: de n/a hasta el 2.2.24." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24870.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24870.json index d9644b13f09..5ad44c36600 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24870.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24870.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24870", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-05T06:15:47.870", - "lastModified": "2024-02-05T06:15:47.870", - "vulnStatus": "Received", + "lastModified": "2024-02-05T13:54:33.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Michael Dempfle Advanced iFrame permite almacenar XSS. Este problema afecta a Advanced iFrame: desde n/a hasta 2023.10." } ], "metrics": { diff --git a/README.md b/README.md index 2c732eb6fba..0b933b7eedb 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-05T11:00:24.474863+00:00 +2024-02-05T15:00:26.125532+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-05T10:15:08.410000+00:00 +2024-02-05T14:15:59.100000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237561 +237564 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -* [CVE-2021-4436](CVE-2021/CVE-2021-44xx/CVE-2021-4436.json) (`2024-02-05T09:15:43.013`) -* [CVE-2023-5249](CVE-2023/CVE-2023-52xx/CVE-2023-5249.json) (`2024-02-05T10:15:08.310`) -* [CVE-2023-5643](CVE-2023/CVE-2023-56xx/CVE-2023-5643.json) (`2024-02-05T10:15:08.410`) +* [CVE-2024-1225](CVE-2024/CVE-2024-12xx/CVE-2024-1225.json) (`2024-02-05T13:15:58.977`) +* [CVE-2024-23108](CVE-2024/CVE-2024-231xx/CVE-2024-23108.json) (`2024-02-05T14:15:57.827`) +* [CVE-2024-23109](CVE-2024/CVE-2024-231xx/CVE-2024-23109.json) (`2024-02-05T14:15:59.100`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `42` +* [CVE-2024-22667](CVE-2024/CVE-2024-226xx/CVE-2024-22667.json) (`2024-02-05T13:54:19.310`) +* [CVE-2024-23196](CVE-2024/CVE-2024-231xx/CVE-2024-23196.json) (`2024-02-05T13:54:19.310`) +* [CVE-2024-24855](CVE-2024/CVE-2024-248xx/CVE-2024-24855.json) (`2024-02-05T13:54:19.310`) +* [CVE-2024-24857](CVE-2024/CVE-2024-248xx/CVE-2024-24857.json) (`2024-02-05T13:54:19.310`) +* [CVE-2024-24858](CVE-2024/CVE-2024-248xx/CVE-2024-24858.json) (`2024-02-05T13:54:19.310`) +* [CVE-2024-24859](CVE-2024/CVE-2024-248xx/CVE-2024-24859.json) (`2024-02-05T13:54:19.310`) +* [CVE-2024-24860](CVE-2024/CVE-2024-248xx/CVE-2024-24860.json) (`2024-02-05T13:54:19.310`) +* [CVE-2024-24861](CVE-2024/CVE-2024-248xx/CVE-2024-24861.json) (`2024-02-05T13:54:19.310`) +* [CVE-2024-24864](CVE-2024/CVE-2024-248xx/CVE-2024-24864.json) (`2024-02-05T13:54:19.310`) +* [CVE-2024-20001](CVE-2024/CVE-2024-200xx/CVE-2024-20001.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20002](CVE-2024/CVE-2024-200xx/CVE-2024-20002.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20003](CVE-2024/CVE-2024-200xx/CVE-2024-20003.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20004](CVE-2024/CVE-2024-200xx/CVE-2024-20004.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20006](CVE-2024/CVE-2024-200xx/CVE-2024-20006.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20007](CVE-2024/CVE-2024-200xx/CVE-2024-20007.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20009](CVE-2024/CVE-2024-200xx/CVE-2024-20009.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20010](CVE-2024/CVE-2024-200xx/CVE-2024-20010.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20011](CVE-2024/CVE-2024-200xx/CVE-2024-20011.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20012](CVE-2024/CVE-2024-200xx/CVE-2024-20012.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20013](CVE-2024/CVE-2024-200xx/CVE-2024-20013.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20015](CVE-2024/CVE-2024-200xx/CVE-2024-20015.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-20016](CVE-2024/CVE-2024-200xx/CVE-2024-20016.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-24866](CVE-2024/CVE-2024-248xx/CVE-2024-24866.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-24870](CVE-2024/CVE-2024-248xx/CVE-2024-24870.json) (`2024-02-05T13:54:33.663`) +* [CVE-2024-24838](CVE-2024/CVE-2024-248xx/CVE-2024-24838.json) (`2024-02-05T13:54:33.663`) ## Download and Usage