admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-05T15:00:26.125532+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-05 15:00:29 +00:00
parent de055df019
commit 6392719977
46 changed files with 663 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2021/CVE-2021-44xx/CVE-2021-4436.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-4436",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-02-05T09:15:43.013",
"lastModified": "2024-02-05T09:15:43.013",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache."
},
{
"lang": "es",
"value": "El complemento 3DPrint Lite de WordPress anterior a 1.9.1.5 no tiene ninguna autorizaci\u00f3n y no verifica el archivo cargado en su acci\u00f3n p3dlite_handle_upload AJAX, lo que permite a usuarios no autenticados cargar archivos arbitrarios al servidor web. Sin embargo, existe un .htaccess que impide acceder al archivo en servidores web como Apache."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-515xx/CVE-2023-51504.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51504",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T06:15:46.400",
"lastModified": "2024-02-05T06:15:46.400",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Dan Dulaney Dan's Embedder para Google Calendar permite almacenar XSS. Este problema afecta a Dan's Embedder para Google Calendar: desde n/a hasta 1.2."
}
],
"metrics": {

73
CVE-2023/CVE-2023-518xx/CVE-2023-51888.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-51888",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.240",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T14:11:51.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n nomath() en Mathtex v.1.05 y anteriores permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de una cadena manipulada en la URL de la aplicaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ctan:mathtex:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.05",
"matchCriteriaId": "813741B4-82DA-4CEF-AC14-13D54FA54A13"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-518xx/CVE-2023-51889.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-51889",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.320",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T14:10:48.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n validar() en Mathtex v.1.05 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena manipulada en la URL de la aplicaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ctan:mathtex:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.05",
"matchCriteriaId": "813741B4-82DA-4CEF-AC14-13D54FA54A13"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-518xx/CVE-2023-51890.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-51890",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.380",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T13:57:15.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL."
},
{
"lang": "es",
"value": "Un problema de bucle infinito descubierto en Mathtex 1.05 y anteriores permite a atacantes remotos consumir recursos de CPU a trav\u00e9s de una cadena manipulada en la URL de la aplicaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ctan:mathtex:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.05",
"matchCriteriaId": "813741B4-82DA-4CEF-AC14-13D54FA54A13"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-52xx/CVE-2023-5249.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5249",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-02-05T10:15:08.310",
"lastModified": "2024-02-05T10:15:08.310",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system\u2019s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Use After Free en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria inadecuadas para explotar una condici\u00f3n de ejecuci\u00f3n del software. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez provocar\u00e1 un use-after-free. Este problema afecta al controlador del kernel de GPU Bifrost: de r35p0 a r40p0; Controlador del kernel de GPU Valhall: desde r35p0 hasta r40p0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-56xx/CVE-2023-5643.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5643",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-02-05T10:15:08.410",
"lastModified": "2024-02-05T10:15:08.410",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a\u00a0local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system\u2019s memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de escritura fuera de los l\u00edmites en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria GPU inadecuadas. Dependiendo de la configuraci\u00f3n del controlador del kernel de GPU de Mali, y si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podr\u00eda escribir en la memoria fuera de los l\u00edmites del b\u00fafer. Este problema afecta al controlador del kernel de GPU Bifrost: desde r41p0 hasta r45p0; Controlador del kernel de GPU Valhall: desde r41p0 hasta r45p0; Controlador del kernel de arquitectura de GPU Arm de quinta generaci\u00f3n: desde r41p0 hasta r45p0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-56xx/CVE-2023-5677.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5677",
"sourceIdentifier": "product-security@axis.com",
"published": "2024-02-05T06:15:46.690",
"lastModified": "2024-02-05T06:15:46.690",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Brandon\nRothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi\ndid not have a sufficient input validation allowing for a possible remote code\nexecution. This flaw can only be exploited after authenticating with an\noperator- or administrator-privileged service account. The impact of exploiting\nthis vulnerability is lower with operator-privileges compared to\nadministrator-privileges service accounts. Axis has released patched AXIS OS\nversions for the highlighted flaw. Please refer to the Axis security advisory\nfor more information and solution. \n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Brandon Rothel de QED Secure Solutions descubri\u00f3 que la API VAPIX tcptest.cgi no ten\u00eda una validaci\u00f3n de entrada suficiente que permitiera una posible ejecuci\u00f3n remota de c\u00f3digo. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. El impacto de explotar esta vulnerabilidad es menor con privilegios de operador en comparaci\u00f3n con cuentas de servicio con privilegios de administrador. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {

8
CVE-2023/CVE-2023-58xx/CVE-2023-5800.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5800",
"sourceIdentifier": "product-security@axis.com",
"published": "2024-02-05T06:15:46.863",
"lastModified": "2024-02-05T06:15:46.863",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vintage,\nmember of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi\ndid not have a sufficient input validation allowing for a possible remote code\nexecution. This flaw can only be exploited after authenticating with an\noperator- or administrator-privileged service account. Axis has released patched AXIS OS\nversions for the highlighted flaw. Please refer to the Axis security advisory\nfor more information and solution.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Vintage, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX create_overlay.cgi no ten\u00eda una validaci\u00f3n de entrada suficiente que permitiera una posible ejecuci\u00f3n remota de c\u00f3digo. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {

8
CVE-2023/CVE-2023-70xx/CVE-2023-7077.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7077",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2024-02-05T07:15:09.690",
"lastModified": "2024-02-05T07:15:09.690",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.\n\n"
},
{
"lang": "es",
"value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551 S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) permite a un atacante ejecutar c\u00f3digo remoto enviando par\u00e1metros no deseados en una solicitud http."
}
],
"metrics": {},

92
CVE-2024/CVE-2024-12xx/CVE-2024-1225.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-1225",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-05T13:15:58.977",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en QiboSoft QiboCMS X1 hasta 1.0.6 y clasificada como cr\u00edtica. La funci\u00f3n rmb_pay del archivo /application/index/controller/Pay.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento callback_class conduce a la deserializaci\u00f3n. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252847. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/jDWk6INLzO12",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252847",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252847",
"source": "cna@vuldb.com"
}
]
}

8
CVE-2024/CVE-2024-200xx/CVE-2024-20001.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20001",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.027",
"lastModified": "2024-02-05T06:15:47.027",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601."
},
{
"lang": "es",
"value": "En TVAPI, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: DTV03961601; ID del problema: DTV03961601."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20002.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20002",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.083",
"lastModified": "2024-02-05T06:15:47.083",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715."
},
{
"lang": "es",
"value": "En TVAPI, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: DTV03961715; ID del problema: DTV03961715."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20003.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20003",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.130",
"lastModified": "2024-02-05T06:15:47.130",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981)."
},
{
"lang": "es",
"value": "En Modem NL1, existe una posible falla del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio, si NW env\u00eda un mensaje de configuraci\u00f3n de conexi\u00f3n NR RRC no v\u00e1lido, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01191612; ID del problema: MOLY01191612 (MSV-981)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20004.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20004",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.190",
"lastModified": "2024-02-05T06:15:47.190",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985)."
},
{
"lang": "es",
"value": "En Modem NL1, existe una posible falla del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio, si NW env\u00eda un mensaje de configuraci\u00f3n de conexi\u00f3n NR RRC no v\u00e1lido, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01191612; ID del problema: MOLY01195812 (MSV-985)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20006.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20006",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.233",
"lastModified": "2024-02-05T06:15:47.233",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148."
},
{
"lang": "es",
"value": "En da, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08477148; ID del problema: ALPS08477148."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20007.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20007",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.283",
"lastModified": "2024-02-05T06:15:47.283",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369."
},
{
"lang": "es",
"value": "En el decodificador de mp3, existe una posible escritura fuera de los l\u00edmites debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08441369; ID del problema: ALPS08441369."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20009.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20009",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.330",
"lastModified": "2024-02-05T06:15:47.330",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150."
},
{
"lang": "es",
"value": "En el decodificador alac, existe una posible escritura fuera de los l\u00edmites debido a un manejo incorrecto de errores. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08441150; ID del problema: ALPS08441150."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20010.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20010",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.387",
"lastModified": "2024-02-05T06:15:47.387",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560."
},
{
"lang": "es",
"value": "En keyInstall, existe una posible escalada de privilegios debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08358560; ID del problema: ALPS08358560."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20011.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20011",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.447",
"lastModified": "2024-02-05T06:15:47.447",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146."
},
{
"lang": "es",
"value": "En el decodificador alac, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08441146; ID del problema: ALPS08441146."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20012.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20012",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.490",
"lastModified": "2024-02-05T06:15:47.490",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566."
},
{
"lang": "es",
"value": "En keyInstall, existe una posible escalada de privilegios debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08358566; ID del problema: ALPS08358566."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20013.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20013",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.530",
"lastModified": "2024-02-05T06:15:47.530",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608."
},
{
"lang": "es",
"value": "En keyInstall, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08471742; ID del problema: ALPS08308608."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20015.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20015",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.580",
"lastModified": "2024-02-05T06:15:47.580",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419."
},
{
"lang": "es",
"value": "En telephony, existe una posible escalada de privilegios debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08441419; ID del problema: ALPS08441419."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-200xx/CVE-2024-20016.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20016",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.627",
"lastModified": "2024-02-05T06:15:47.627",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901."
},
{
"lang": "es",
"value": "En ged, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con los privilegios de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS07835901; ID del problema: ALPS07835901."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-223xx/CVE-2024-22386.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22386",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:43.830",
"lastModified": "2024-02-05T08:15:43.830",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's drm/exynos device driver in\u00a0exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo drm/exynos del kernel de Linux en la funci\u00f3n exynos_drm_crtc_atomic_disable(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-226xx/CVE-2024-22667.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22667",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T08:15:44.110",
"lastModified": "2024-02-05T08:15:44.110",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions."
},
{
"lang": "es",
"value": "Vim anterior a 9.0.2142 tiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria porque did_set_langmap en map.c llama a sprintf para escribir en el b\u00fafer de error que se pasa a las funciones de devoluci\u00f3n de llamada de opci\u00f3n."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-231xx/CVE-2024-23108.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23108",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-05T14:15:57.827",
"lastModified": "2024-02-05T14:15:57.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via\u00a0crafted API requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-130",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23109.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23109",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-05T14:15:59.100",
"lastModified": "2024-02-05T14:15:59.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via\u00a0crafted API requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-130",
"source": "psirt@fortinet.com"
}
]
}

8
CVE-2024/CVE-2024-231xx/CVE-2024-23196.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23196",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.167",
"lastModified": "2024-02-05T08:15:44.167",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo de sonido/hda del kernel de Linux en la funci\u00f3n snd_hdac_regmap_sync(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24838.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24838",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:10.237",
"lastModified": "2024-02-05T07:15:10.237",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Five Star Plugins Five Star Restaurant Reviews permite almacenar XSS. Este problema afecta a Five Star Restaurant Reviews: desde n/a hasta 2.3.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24839.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24839",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:10.850",
"lastModified": "2024-02-05T07:15:10.850",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon B\u00f6hme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Gordon B\u00f6hme, Antonio Leutsch Structured Content (JSON-LD) #wpsc permite almacenar XSS. Este problema afecta a Structured Content (JSON-LD) #wpsc: de n/a hasta 1.6.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24841.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24841",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:11.437",
"lastModified": "2024-02-05T07:15:11.437",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Dan's Art Add Customer for WooCommerce permite almacenar XSS. Este problema afecta a Add Customer for WooCommerce: desde n/a hasta 1.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24846.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24846",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:12.257",
"lastModified": "2024-02-05T07:15:12.257",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en MightyThemes Mighty Addons para Elementor permite Reflected XSS. Este problema afecta a Mighty Addons para Elementor: desde n/a hasta 1.9.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24847.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24847",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:13.387",
"lastModified": "2024-02-05T07:15:13.387",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en jgadbois CalculatorPro Calculators permite XSS reflejado. Este problema afecta a CalculatorPro Calculators: desde n/a hasta 1.1.7."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24848.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24848",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:13.970",
"lastModified": "2024-02-05T07:15:13.970",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') enMJS Software PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy permiten almacenar XSS. Este problema afecta a PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy: desde n/a hasta 1.0.4."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24855.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24855",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.353",
"lastModified": "2024-02-05T08:15:44.353",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo scsi del kernel de Linux en la funci\u00f3n lpfc_unregister_fcf_rescan(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24857.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24857",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.533",
"lastModified": "2024-02-05T08:15:44.533",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo net/bluetooth del kernel de Linux en la funci\u00f3n conn_info_{min,max}_age_set(). Esto puede provocar un problema de desbordamiento de enteros, lo que posiblemente provoque una anomal\u00eda en la conexi\u00f3n Bluetooth o una denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24858.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24858",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.713",
"lastModified": "2024-02-05T08:15:44.713",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en la red/bluetooth del kernel de Linux en la funci\u00f3n {conn,adv}_{min,max}_interval_set(). Esto puede provocar una conexi\u00f3n I2cap o un problema de anomal\u00eda en la transmisi\u00f3n, lo que posiblemente provoque una denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24859.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24859",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.897",
"lastModified": "2024-02-05T08:15:44.897",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en la red/bluetooth del kernel de Linux en la funci\u00f3n sniff_{min,max}_interval_set(). Esto puede provocar un problema de excepci\u00f3n de rastreo de Bluetooth, lo que posiblemente provoque una denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24860.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24860",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:45.077",
"lastModified": "2024-02-05T08:15:45.077",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador del dispositivo Bluetooth del kernel de Linux en la funci\u00f3n {min,max}_key_size_set(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24861.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24861",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:45.253",
"lastModified": "2024-02-05T08:15:45.253",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo media/xc4000 del kernel de Linux en la funci\u00f3n xc4000 xc4000_get_frequency(). Esto puede provocar un problema de desbordamiento del valor de retorno, lo que posiblemente provoque un mal funcionamiento o un problema de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24864.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24864",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:45.433",
"lastModified": "2024-02-05T08:15:45.433",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write()\u00a0function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en media/dvb-core del kernel de Linux en la funci\u00f3n dvbdmx_write(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un p\u00e1nico en el kernel o un problema de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24865.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24865",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:14.510",
"lastModified": "2024-02-05T07:15:14.510",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Noah Kagan Scroll Triggered Box permite almacenar XSS. Este problema afecta el Scroll Triggered Box: desde n/a hasta 2.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24866.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24866",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T06:15:47.677",
"lastModified": "2024-02-05T06:15:47.677",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo permite XSS Reflejado. Este problema afecta a Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: de n/a hasta el 2.2.24."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24870.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24870",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T06:15:47.870",
"lastModified": "2024-02-05T06:15:47.870",
"vulnStatus": "Received",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Michael Dempfle Advanced iFrame permite almacenar XSS. Este problema afecta a Advanced iFrame: desde n/a hasta 2023.10."
}
],
"metrics": {

39
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-05T11:00:24.474863+00:00
2024-02-05T15:00:26.125532+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-05T10:15:08.410000+00:00
2024-02-05T14:15:59.100000+00:00
```
### Last Data Feed Release
@ -29,22 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237561
237564
```
### CVEs added in the last Commit
Recently added CVEs: `3`
* [CVE-2021-4436](CVE-2021/CVE-2021-44xx/CVE-2021-4436.json) (`2024-02-05T09:15:43.013`)
* [CVE-2023-5249](CVE-2023/CVE-2023-52xx/CVE-2023-5249.json) (`2024-02-05T10:15:08.310`)
* [CVE-2023-5643](CVE-2023/CVE-2023-56xx/CVE-2023-5643.json) (`2024-02-05T10:15:08.410`)
* [CVE-2024-1225](CVE-2024/CVE-2024-12xx/CVE-2024-1225.json) (`2024-02-05T13:15:58.977`)
* [CVE-2024-23108](CVE-2024/CVE-2024-231xx/CVE-2024-23108.json) (`2024-02-05T14:15:57.827`)
* [CVE-2024-23109](CVE-2024/CVE-2024-231xx/CVE-2024-23109.json) (`2024-02-05T14:15:59.100`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `42`
* [CVE-2024-22667](CVE-2024/CVE-2024-226xx/CVE-2024-22667.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-23196](CVE-2024/CVE-2024-231xx/CVE-2024-23196.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24855](CVE-2024/CVE-2024-248xx/CVE-2024-24855.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24857](CVE-2024/CVE-2024-248xx/CVE-2024-24857.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24858](CVE-2024/CVE-2024-248xx/CVE-2024-24858.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24859](CVE-2024/CVE-2024-248xx/CVE-2024-24859.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24860](CVE-2024/CVE-2024-248xx/CVE-2024-24860.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24861](CVE-2024/CVE-2024-248xx/CVE-2024-24861.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24864](CVE-2024/CVE-2024-248xx/CVE-2024-24864.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-20001](CVE-2024/CVE-2024-200xx/CVE-2024-20001.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20002](CVE-2024/CVE-2024-200xx/CVE-2024-20002.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20003](CVE-2024/CVE-2024-200xx/CVE-2024-20003.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20004](CVE-2024/CVE-2024-200xx/CVE-2024-20004.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20006](CVE-2024/CVE-2024-200xx/CVE-2024-20006.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20007](CVE-2024/CVE-2024-200xx/CVE-2024-20007.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20009](CVE-2024/CVE-2024-200xx/CVE-2024-20009.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20010](CVE-2024/CVE-2024-200xx/CVE-2024-20010.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20011](CVE-2024/CVE-2024-200xx/CVE-2024-20011.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20012](CVE-2024/CVE-2024-200xx/CVE-2024-20012.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20013](CVE-2024/CVE-2024-200xx/CVE-2024-20013.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20015](CVE-2024/CVE-2024-200xx/CVE-2024-20015.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20016](CVE-2024/CVE-2024-200xx/CVE-2024-20016.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-24866](CVE-2024/CVE-2024-248xx/CVE-2024-24866.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-24870](CVE-2024/CVE-2024-248xx/CVE-2024-24870.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-24838](CVE-2024/CVE-2024-248xx/CVE-2024-24838.json) (`2024-02-05T13:54:33.663`)
## Download and Usage