admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-27T13:00:53.399042+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-27 13:03:43 +00:00
parent b551afd3fe
commit 78e8a5635e
227 changed files with 2789 additions and 619 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2017/CVE-2017-201xx/CVE-2017-20190.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2017-20190",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T00:15:07.580",
"lastModified": "2024-03-27T00:15:07.580",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a \"Zalgo text\" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability."
},
{
"lang": "es",
"value": "Algunas tecnolog\u00edas de Microsoft utilizadas en Windows 8 a 11 permiten una degradaci\u00f3n temporal del rendimiento del lado del cliente durante el procesamiento de m\u00faltiples caracteres combinados Unicode, tambi\u00e9n conocido como ataque de \"texto Zalgo\". NOTA: los terceros cuestionan si el costo computacional de interpretar los datos Unicode debe considerarse una vulnerabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-236xx/CVE-2023-23656.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23656",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T20:15:08.067",
"lastModified": "2024-03-26T20:15:08.067",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en MainWP MainWP File Uploader Extension. Este problema afecta a MainWP File Uploader Extension: desde n/a hasta 4.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-253xx/CVE-2023-25364.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-25364",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T07:15:47.340",
"lastModified": "2024-03-27T07:15:47.340",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks."
},
{
"lang": "es",
"value": "Opswat Metadefender Core anterior a 5.2.1 no defiende adecuadamente contra posibles inyecciones de HTML y ataques XSS."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-259xx/CVE-2023-25965.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-25965",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T20:15:08.280",
"lastModified": "2024-03-26T20:15:08.280",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en mbbhatti Upload Resume. Este problema afecta a Upload Resume: desde n/a hasta 1.2.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-274xx/CVE-2023-27440.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-27440",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T20:15:08.483",
"lastModified": "2024-03-26T20:15:08.483",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en OnTheGoSystems Types. Este problema afecta a los tipos: desde n/a hasta 3.4.17."
}
],
"metrics": {

8
CVE-2023/CVE-2023-274xx/CVE-2023-27459.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-27459",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T20:15:08.737",
"lastModified": "2024-03-26T20:15:08.737",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en el registro de usuarios de WPeverest. Este problema afecta el registro de usuarios: desde n/a hasta 2.3.2.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-276xx/CVE-2023-27630.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-27630",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T20:15:08.953",
"lastModified": "2024-03-26T20:15:08.953",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en PeepSo Community por PeepSo. Este problema afecta a Community by PeepSo: desde n/a hasta 6.0.9.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-286xx/CVE-2023-28687.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28687",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:50.477",
"lastModified": "2024-03-26T21:15:50.477",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine permite XSS reflejado. Este problema afecta a Glaze Blog Lite: desde n/a hasta &lt; = 1.1.4; Fascinate: desde n/a hasta 1.0.8; Blog Cream: desde n/a hasta 2.1.3; Revista Cream: desde n/a hasta 2.1.4."
}
],
"metrics": {

8
CVE-2023/CVE-2023-287xx/CVE-2023-28787.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28787",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:50.693",
"lastModified": "2024-03-26T21:15:50.693",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en ExpressTech Quiz And Survey Master. Este problema afecta a Quiz And Survey Master: desde n/a hasta 8.1.4."
}
],
"metrics": {

8
CVE-2023/CVE-2023-291xx/CVE-2023-29134.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29134",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T06:15:08.280",
"lastModified": "2024-03-27T06:15:08.280",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la extensi\u00f3n Cargo para MediaWiki hasta la versi\u00f3n 1.39.3. Hay un mal manejo de las comillas invertidas en smartSplit."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-293xx/CVE-2023-29386.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29386",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:50.900",
"lastModified": "2024-03-26T21:15:50.900",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Julien Crego Manager para Icomoon. Este problema afecta a Manager para Icomoon: desde n/a hasta 2.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-316xx/CVE-2023-31634.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31634",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T06:15:08.807",
"lastModified": "2024-03-27T06:15:08.807",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126."
},
{
"lang": "es",
"value": "En TeslaMate anterior a 1.27.2, existe acceso no autorizado al puerto 4000 para visualizaci\u00f3n y operaci\u00f3n remota de los datos del usuario. Despu\u00e9s de acceder a la direcci\u00f3n IP de la instancia de TeslaMate, un atacante puede cambiar el puerto a 3000 para ingresar a Grafana para operaciones remotas. En ese momento, el nombre de usuario y la contrase\u00f1a predeterminados se pueden usar para ingresar a la consola de administraci\u00f3n de Grafana sin iniciar sesi\u00f3n, un problema relacionado con CVE-2022-23126."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-318xx/CVE-2023-31854.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31854",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T06:15:09.023",
"lastModified": "2024-03-27T06:15:09.023",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem."
},
{
"lang": "es",
"value": "std::bad_alloc se maneja mal en Precomp 0.4.8. NOTA: esto est\u00e1 en disputa porque deber\u00eda categorizarse como un problema de usabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38388.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38388",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:51.113",
"lastModified": "2024-03-26T21:15:51.113",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Artbees JupiterX Core. Este problema afecta a JupiterX Core: desde n/a hasta 3.3.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-393xx/CVE-2023-39306.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39306",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:09.263",
"lastModified": "2024-03-27T06:15:09.263",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ThemeFusion Fusion Builder permite el XSS reflejado. Este problema afecta a Fusion Builder: desde n/a hasta 3.11.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-393xx/CVE-2023-39307.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39307",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:51.330",
"lastModified": "2024-03-26T21:15:51.330",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en ThemeFusion Avada. Este problema afecta a Avada: desde n/a hasta 7.11.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-398xx/CVE-2023-39804.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39804",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:08.897",
"lastModified": "2024-03-27T04:15:08.897",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c."
},
{
"lang": "es",
"value": "En GNU tar anterior a 1.35, los atributos de extensi\u00f3n mal manejados en un archivo PAX pueden provocar un bloqueo de la aplicaci\u00f3n en xheader.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-402xx/CVE-2023-40284.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40284",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:09.200",
"lastModified": "2024-03-27T04:15:09.200",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Supermicro X11SSM-F, X11SAE-F y X11SSE-F 1.66. Un atacante podr\u00eda aprovechar un problema XSS."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-402xx/CVE-2023-40285.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40285",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:09.440",
"lastModified": "2024-03-27T04:15:09.440",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Supermicro X11SSM-F, X11SAE-F y X11SSE-F 1.66. Un atacante podr\u00eda aprovechar un problema XSS."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-402xx/CVE-2023-40286.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40286",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:09.643",
"lastModified": "2024-03-27T04:15:09.643",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Supermicro X11SSM-F, X11SAE-F y X11SSE-F 1.66. Un atacante podr\u00eda aprovechar un problema XSS."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-402xx/CVE-2023-40287.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40287",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:09.833",
"lastModified": "2024-03-27T04:15:09.833",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Supermicro X11SSM-F, X11SAE-F y X11SSE-F 1.66. Un atacante podr\u00eda aprovechar un problema XSS."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-402xx/CVE-2023-40288.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40288",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:10.027",
"lastModified": "2024-03-27T04:15:10.027",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Supermicro X11SSM-F, X11SAE-F y X11SSE-F 1.66. Un atacante podr\u00eda aprovechar un problema XSS."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-402xx/CVE-2023-40289.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40289",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:10.220",
"lastModified": "2024-03-27T04:15:10.220",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de inyecci\u00f3n de comandos en los dispositivos Supermicro X11SSM-F, X11SAE-F y X11SSE-F 1.66. Un atacante puede aprovechar esto para elevar los privilegios de un usuario con privilegios administrativos de BMC."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-402xx/CVE-2023-40290.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40290",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:10.387",
"lastModified": "2024-03-27T04:15:10.387",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Supermicro X11SSM-F, X11SAE-F y X11SSE-F 1.66. Un atacante podr\u00eda aprovechar un problema XSS que afecta a Internet Explorer 11 en Windows."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-437xx/CVE-2023-43768.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43768",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T07:15:48.390",
"lastModified": "2024-03-27T07:15:48.390",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Couchbase Server 6.6.x hasta 7.2.0, anteriores a 7.1.5 y 7.2.1. Los usuarios no autenticados pueden hacer que Memcached se quede sin memoria mediante comandos grandes."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-449xx/CVE-2023-44989.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44989",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T18:15:08.273",
"lastModified": "2024-03-26T18:15:08.273",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en un archivo de registro en GSheetConnector CF7 Google Sheets Connector. Este problema afecta a CF7 Google Sheets Connector: desde n/a hasta 5.0.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-459xx/CVE-2023-45913.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45913",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:10.590",
"lastModified": "2024-03-27T04:15:10.590",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Mesa v23.0.4 conten\u00eda una desreferencia de puntero NULL mediante la funci\u00f3n dri2GetGlxDrawableFromXDrawableId(). Esta vulnerabilidad se activa cuando el servidor X11 env\u00eda un evento DRI2_BufferSwapComplete inesperadamente cuando la aplicaci\u00f3n usa DRI3. NOTA: esto est\u00e1 en disputa porque no existe ning\u00fan escenario en el que se demuestre la vulnerabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45919.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45919",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.030",
"lastModified": "2024-03-27T05:15:47.030",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Mesa 23.0.4 conten\u00eda un b\u00fafer sobrele\u00eddo en glXQueryServerString(). NOTA: esto est\u00e1 en disputa porque no hay situaciones comunes en las que los usuarios requieran una operaci\u00f3n ininterrumpida con un servidor controlador de atacante."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45920.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45920",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.140",
"lastModified": "2024-03-27T05:15:47.140",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Xfig v3.2.8 conten\u00eda una desreferencia de puntero NULL al llamar a XGetWMHints(). NOTA: esto est\u00e1 en disputa porque no se espera que una aplicaci\u00f3n X contin\u00fae ejecut\u00e1ndose cuando hay un comportamiento an\u00f3malo arbitrario del servidor X o del administrador de ventanas."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45922.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45922",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.203",
"lastModified": "2024-03-27T05:15:47.203",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que glx_pbuffer.c en Mesa 23.0.4 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n al llamar a __glXGetDrawableAttribute(). NOTA: esto est\u00e1 en disputa porque no hay situaciones comunes en las que los usuarios requieran una operaci\u00f3n ininterrumpida con un servidor controlador de atacante."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45924.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45924",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.263",
"lastModified": "2024-03-27T05:15:47.263",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que libglxproto.c en OpenGL libglvnd bb06db5a conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n glXGetDrawableScreen(). NOTA: esto est\u00e1 en disputa porque no hay situaciones comunes en las que los usuarios requieran una operaci\u00f3n ininterrumpida con un servidor controlador de atacante."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45925.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45925",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.320",
"lastModified": "2024-03-27T05:15:47.320",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que GNU Midnight Commander 4.8.29-146-g299d9a2fb contiene una desreferencia de puntero NULL a trav\u00e9s de la funci\u00f3n x_error_handler() en tty/x11conn.c. NOTA: esto est\u00e1 en disputa porque deber\u00eda categorizarse como un problema de usabilidad (una operaci\u00f3n X falla silenciosamente)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45927.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45927",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:10.847",
"lastModified": "2024-03-27T04:15:10.847",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf()."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que S-Lang 2.3.2 conten\u00eda una excepci\u00f3n aritm\u00e9tica mediante la funci\u00f3n tt_sprintf()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45929.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45929",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:11.067",
"lastModified": "2024-03-27T04:15:11.067",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr()."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que S-Lang 2.3.2 conten\u00eda un error de segmentaci\u00f3n mediante la funci\u00f3n fixup_tgetstr()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45931.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45931",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:11.250",
"lastModified": "2024-03-27T04:15:11.250",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Mesa 23.0.4 conten\u00eda una desreferencia de puntero NULL en check_xshm() para el estado has_error. NOTA: esto est\u00e1 en disputa porque no existe ning\u00fan escenario en el que se demuestre la vulnerabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-459xx/CVE-2023-45935.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45935",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.377",
"lastModified": "2024-03-27T05:15:47.377",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Qt 6 a 6.6 conten\u00eda una desreferencia de puntero NULL mediante la funci\u00f3n QXcbConnection::initializeAllAtoms(). NOTA: esto est\u00e1 en disputa porque no se espera que una aplicaci\u00f3n X contin\u00fae ejecut\u00e1ndose cuando hay un comportamiento an\u00f3malo arbitrario del servidor X."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-460xx/CVE-2023-46046.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46046",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.440",
"lastModified": "2024-03-27T05:15:47.440",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files."
},
{
"lang": "es",
"value": "Un problema en MiniZinc anterior a 2.8.0 permite una desreferencia de puntero NULL a trav\u00e9s de ti_expr en un archivo .mzn manipulado. NOTA: esto est\u00e1 en disputa porque no existe un caso de uso com\u00fan de libminizinc en el que se suponga que un proceso desatendido debe ejecutarse indefinidamente para procesar una serie de archivos .mzn controlados por atacantes."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-460xx/CVE-2023-46047.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46047",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.500",
"lastModified": "2024-03-27T05:15:47.500",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file."
},
{
"lang": "es",
"value": "Un problema en Sane 1.2.1 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado en la funci\u00f3n sanei_configure_attach(). NOTA: esto est\u00e1 en disputa porque no se espera que el producto comience con un archivo de configuraci\u00f3n controlado por el atacante."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-460xx/CVE-2023-46048.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46048",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.560",
"lastModified": "2024-03-27T05:15:47.560",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem."
},
{
"lang": "es",
"value": "Tex Live 944e257 tiene una desreferencia de puntero NULL en texk/web2c/pdftexdir/writet1.c. NOTA: esto est\u00e1 en disputa porque deber\u00eda categorizarse como un problema de usabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-460xx/CVE-2023-46049.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46049",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T06:15:10.037",
"lastModified": "2024-03-27T06:15:10.037",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem."
},
{
"lang": "es",
"value": "LLVM 15.0.0 tiene una desreferencia de puntero NULL en la funci\u00f3n parseOneMetadata() a trav\u00e9s de un archivo pdflatex.fmt modificado (o quiz\u00e1s un archivo .o modificado) a llvm-lto. NOTA: esto est\u00e1 en disputa porque no se explica la relaci\u00f3n entre pdflatex.fmt y cualquier interfaz de lenguaje LLVM, y porque una falla de la aplicaci\u00f3n llvm-lto debe clasificarse como un problema de usabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-460xx/CVE-2023-46051.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46051",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T06:15:10.243",
"lastModified": "2024-03-27T06:15:10.243",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem."
},
{
"lang": "es",
"value": "TeX Live 944e257 permite una desreferencia de puntero NULL en texk/web2c/pdftexdir/tounicode.c. NOTA: esto est\u00e1 en disputa porque deber\u00eda categorizarse como un problema de usabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-460xx/CVE-2023-46052.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46052",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T06:15:10.403",
"lastModified": "2024-03-27T06:15:10.403",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file."
},
{
"lang": "es",
"value": "Vulnerabilidad en la sobrescritura de los l\u00edmites de almacenamiento din\u00e1mico Sane 1.2.1 en init_options() desde backend/test.c a trav\u00e9s de una cadena larga init_mode en un archivo de configuraci\u00f3n. NOTA: esto est\u00e1 en disputa porque no se espera que el c\u00f3digo test.c se ejecute con un archivo de configuraci\u00f3n controlado por el atacante."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-478xx/CVE-2023-47842.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47842",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:51.530",
"lastModified": "2024-03-26T21:15:51.530",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Zachary Segal CataBlog. Este problema afecta a CataBlog: desde n/a hasta 1.7.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47846.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47846",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:51.737",
"lastModified": "2024-03-26T21:15:51.737",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Terry Lin WP Githuber MD. Este problema afecta a WP Githuber MD: desde n/a hasta 1.16.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47873.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47873",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:51.933",
"lastModified": "2024-03-26T21:15:51.933",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WEN Solutions WP Child Theme Generator. Este problema afecta al WP Child Theme Generator: desde n/a hasta 1.0.9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-482xx/CVE-2023-48275.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48275",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:52.143",
"lastModified": "2024-03-26T21:15:52.143",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los widgets Trustindex.Io para rese\u00f1as de Google. Este problema afecta a los widgets para rese\u00f1as de Google: desde n/a hasta 11.0.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48777.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48777",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:52.350",
"lastModified": "2024-03-26T21:15:52.350",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Elementor.Com Elementor Website Builder. Este problema afecta a Elementor Website Builder: desde 3.3.0 hasta 3.18.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-498xx/CVE-2023-49815.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49815",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:10.627",
"lastModified": "2024-03-27T06:15:10.627",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WappPress Team WappPress. Este problema afecta a WappPress: desde n/a hasta 5.0.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-507xx/CVE-2023-50702.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50702",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-26T23:15:46.587",
"lastModified": "2024-03-26T23:15:46.587",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem."
},
{
"lang": "es",
"value": "Sikka SSCWindowsService 5 2023-09-14 ejecuta un programa como LocalSystem pero permite el control total por parte de usuarios con pocos privilegios (y los usuarios con pocos privilegios tienen acceso de escritura a %PROGRAMDATA%\\SSCService). En consecuencia, los usuarios con pocos privilegios pueden ejecutar c\u00f3digo arbitrario como LocalSystem."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-511xx/CVE-2023-51146.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51146",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-26T22:15:07.677",
"lastModified": "2024-03-26T22:15:07.677",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en TRENDnet AC1200 TEW-821DAP con versi\u00f3n de firmware 3.00b06 permite a un atacante ejecutar c\u00f3digo arbitrario mediante la acci\u00f3n adm_add_user."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-511xx/CVE-2023-51147.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51147",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-26T22:15:07.747",
"lastModified": "2024-03-26T22:15:07.747",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en TRENDnet Trendnet AC1200 TEW-821DAP con versi\u00f3n de firmware 3.00b06 permite a un atacante ejecutar c\u00f3digo arbitrario mediante la acci\u00f3n adm_mod_pwd."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-511xx/CVE-2023-51148.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51148",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-26T21:15:52.557",
"lastModified": "2024-03-26T21:15:52.557",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component."
},
{
"lang": "es",
"value": "Un problema en TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente de interfaz de l\u00ednea de comandos 'mycli'."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-522xx/CVE-2023-52228.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52228",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:11.387",
"lastModified": "2024-03-27T06:15:11.387",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Mark Kinchin Beds24 Online Booking permite XSS almacenado. Este problema afecta a Beds24 Online Booking: desde n/a hasta 2.0.24."
}
],
"metrics": {

8
CVE-2023/CVE-2023-526xx/CVE-2023-52621.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52621",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-26T18:15:08.817",
"lastModified": "2024-03-26T18:15:08.817",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() before calling bpf map helpers\n\nThese three bpf_map_{lookup,update,delete}_elem() helpers are also\navailable for sleepable bpf program, so add the corresponding lock\nassertion for sleepable bpf program, otherwise the following warning\nwill be reported when a sleepable bpf program manipulates bpf map under\ninterpreter mode (aka bpf_jit_enable=0):\n\n WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ......\n CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:bpf_map_lookup_elem+0x54/0x60\n ......\n Call Trace:\n <TASK>\n ? __warn+0xa5/0x240\n ? bpf_map_lookup_elem+0x54/0x60\n ? report_bug+0x1ba/0x1f0\n ? handle_bug+0x40/0x80\n ? exc_invalid_op+0x18/0x50\n ? asm_exc_invalid_op+0x1b/0x20\n ? __pfx_bpf_map_lookup_elem+0x10/0x10\n ? rcu_lockdep_current_cpu_online+0x65/0xb0\n ? rcu_is_watching+0x23/0x50\n ? bpf_map_lookup_elem+0x54/0x60\n ? __pfx_bpf_map_lookup_elem+0x10/0x10\n ___bpf_prog_run+0x513/0x3b70\n __bpf_prog_run32+0x9d/0xd0\n ? __bpf_prog_enter_sleepable_recur+0xad/0x120\n ? __bpf_prog_enter_sleepable_recur+0x3e/0x120\n bpf_trampoline_6442580665+0x4d/0x1000\n __x64_sys_getpgid+0x5/0x30\n ? do_syscall_64+0x36/0xb0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n </TASK>"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: verifique rcu_read_lock_trace_held() antes de llamar a los ayudantes de mapas de bpf. Estos tres ayudantes de bpf_map_{lookup,update,delete}_elem() tambi\u00e9n est\u00e1n disponibles para el programa bpf que se puede dormir, as\u00ed que agregue el bloqueo correspondiente. aserci\u00f3n para el programa bpf con capacidad para dormir; de lo contrario, se informar\u00e1 la siguiente advertencia cuando un programa bpf con capacidad para dormir manipule el mapa bpf en modo int\u00e9rprete (tambi\u00e9n conocido como bpf_jit_enable=0): ADVERTENCIA: CPU: 3 PID: 4985 en kernel/bpf/helpers.c:40. ..... CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996) ...... RIP: 0010:bpf_map_lookup_elem+0x54/0x60 ...... Seguimiento de llamadas: ? __advertir+0xa5/0x240 ? bpf_map_lookup_elem+0x54/0x60? report_bug+0x1ba/0x1f0? handle_bug+0x40/0x80? exc_invalid_op+0x18/0x50? asm_exc_invalid_op+0x1b/0x20? __pfx_bpf_map_lookup_elem+0x10/0x10 ? rcu_lockdep_current_cpu_online+0x65/0xb0? rcu_is_watching+0x23/0x50? bpf_map_lookup_elem+0x54/0x60? __pfx_bpf_map_lookup_elem+0x10/0x10 ___bpf_prog_run+0x513/0x3b70 __bpf_prog_run32+0x9d/0xd0 ? __bpf_prog_enter_sleepable_recur+0xad/0x120 ? __bpf_prog_enter_sleepable_recur+0x3e/0x120 bpf_trampoline_6442580665+0x4d/0x1000 __x64_sys_getpgid+0x5/0x30 ? do_syscall_64+0x36/0xb0 entrada_SYSCALL_64_after_hwframe+0x6e/0x76 "
}
],
"metrics": {},

10
CVE-2023/CVE-2023-526xx/CVE-2023-52622.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52622",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-26T18:15:08.873",
"lastModified": "2024-03-26T18:15:08.873",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid online resizing failures due to oversized flex bg\n\nWhen we online resize an ext4 filesystem with a oversized flexbg_size,\n\n mkfs.ext4 -F -G 67108864 $dev -b 4096 100M\n mount $dev $dir\n resize2fs $dev 16G\n\nthe following WARN_ON is triggered:\n==================================================================\nWARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550\nModules linked in: sg(E)\nCPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314\nRIP: 0010:__alloc_pages+0x411/0x550\nCall Trace:\n <TASK>\n __kmalloc_large_node+0xa2/0x200\n __kmalloc+0x16e/0x290\n ext4_resize_fs+0x481/0xd80\n __ext4_ioctl+0x1616/0x1d90\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xf0/0x150\n do_syscall_64+0x3b/0x90\n==================================================================\n\nThis is because flexbg_size is too large and the size of the new_group_data\narray to be allocated exceeds MAX_ORDER. Currently, the minimum value of\nMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding\nmaximum number of groups that can be allocated is:\n\n (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) \u2248 21845\n\nAnd the value that is down-aligned to the power of 2 is 16384. Therefore,\nthis value is defined as MAX_RESIZE_BG, and the number of groups added\neach time does not exceed this value during resizing, and is added multiple\ntimes to complete the online resizing. The difference is that the metadata\nin a flex_bg may be more dispersed."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid online resizing failures due to oversized flex bg\n\nWhen we online resize an ext4 filesystem with a oversized flexbg_size,\n\n mkfs.ext4 -F -G 67108864 $dev -b 4096 100M\n mount $dev $dir\n resize2fs $dev 16G\n\nthe following WARN_ON is triggered:\n==================================================================\nWARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550\nModules linked in: sg(E)\nCPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314\nRIP: 0010:__alloc_pages+0x411/0x550\nCall Trace:\n <TASK>\n __kmalloc_large_node+0xa2/0x200\n __kmalloc+0x16e/0x290\n ext4_resize_fs+0x481/0xd80\n __ext4_ioctl+0x1616/0x1d90\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xf0/0x150\n do_syscall_64+0x3b/0x90\n==================================================================\n\nThis is because flexbg_size is too large and the size of the new_group_data\narray to be allocated exceeds MAX_ORDER. Currently, the minimum value of\nMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding\nmaximum number of groups that can be allocated is:\n\n (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ? 21845\n\nAnd the value that is down-aligned to the power of 2 is 16384. Therefore,\nthis value is defined as MAX_RESIZE_BG, and the number of groups added\neach time does not exceed this value during resizing, and is added multiple\ntimes to complete the online resizing. The difference is that the metadata\nin a flex_bg may be more dispersed."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: evita fallos de cambio de tama\u00f1o en l\u00ednea debido a flex bg sobredimensionado Cuando redimensionamos en l\u00ednea un sistema de archivos ext4 con un flexbg_size sobredimensionado, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G se activa el siguiente WARN_ON: ===================================== ============================== ADVERTENCIA: CPU: 0 PID: 427 en mm/page_alloc.c:4402 __alloc_pages+0x411/ 0x550 M\u00f3dulos vinculados en: sg(E) CPU: 0 PID: 427 Comm: resize2fs Contaminado: GE 6.6.0-rc5+ #314 RIP: 0010:__alloc_pages+0x411/0x550 Seguimiento de llamadas: __kmalloc_large_node+0xa2/0x200 __kmalloc+ 0x16e/0x290 text4_resize_fs+0x481/0xd80 __ext4_ioctl+0x1616/0x1d90 text4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90 ======== =============== ============================================ Esto se debe a que flexbg_size tambi\u00e9n lo es grande y el tama\u00f1o de la matriz new_group_data que se asignar\u00e1 excede MAX_ORDER. Actualmente, el valor m\u00ednimo de MAX_ORDER es 8, el valor m\u00ednimo de PAGE_SIZE es 4096, el n\u00famero m\u00e1ximo correspondiente de grupos que se pueden asignar es: (PAGE_SIZE &lt;&lt; MAX_ORDER) / sizeof(struct text4_new_group_data) ? 21845 Y el valor que est\u00e1 hacia abajo -alineado a la potencia de 2 es 16384. Por lo tanto, este valor se define como MAX_RESIZE_BG, y el n\u00famero de grupos agregados cada vez no excede este valor durante el cambio de tama\u00f1o y se agrega varias veces para completar el cambio de tama\u00f1o en l\u00ednea. La diferencia es que los metadatos en flex_bg pueden estar m\u00e1s dispersos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-526xx/CVE-2023-52623.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52623",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-26T18:15:08.930",
"lastModified": "2024-03-26T18:15:08.930",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a suspicious RCU usage warning\n\nI received the following warning while running cthon against an ontap\nserver running pNFS:\n\n[ 57.202521] =============================\n[ 57.202522] WARNING: suspicious RCU usage\n[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted\n[ 57.202525] -----------------------------\n[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!\n[ 57.202527]\n other info that might help us debug this:\n\n[ 57.202528]\n rcu_scheduler_active = 2, debug_locks = 1\n[ 57.202529] no locks held by test5/3567.\n[ 57.202530]\n stack backtrace:\n[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e\n[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022\n[ 57.202536] Call Trace:\n[ 57.202537] <TASK>\n[ 57.202540] dump_stack_lvl+0x77/0xb0\n[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0\n[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202866] write_cache_pages+0x265/0x450\n[ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202913] do_writepages+0xd2/0x230\n[ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80\n[ 57.202921] filemap_fdatawrite_wbc+0x67/0x80\n[ 57.202924] filemap_write_and_wait_range+0xd9/0x170\n[ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202969] __se_sys_close+0x46/0xd0\n[ 57.202972] do_syscall_64+0x68/0x100\n[ 57.202975] ? do_syscall_64+0x77/0x100\n[ 57.202976] ? do_syscall_64+0x77/0x100\n[ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 57.202982] RIP: 0033:0x7fe2b12e4a94\n[ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3\n[ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n[ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94\n[ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003\n[ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49\n[ 57.202993] R10: 00007f\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: SUNRPC: corrija una advertencia de uso sospechoso de RCU Recib\u00ed la siguiente advertencia mientras ejecutaba cthon en un servidor ontap que ejecutaba pNFS: [ 57.202521] ============ ================= [ 57.202522] ADVERTENCIA: uso sospechoso de RCU [ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 No contaminado [ 57.202525] -------- --------------------- [ 57.202525] net/sunrpc/xprtmultipath.c:349 \u00a1\u00a1Lista de RCU atravesada en la secci\u00f3n que no es de lectura!! [57.202527] otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: [57.202528] rcu_scheduler_active = 2, debug_locks = 1 [57.202529] no hay bloqueos retenidos por test5/3567. [ 57.202530] seguimiento de pila: [ 57.202532] CPU: 0 PID: 3567 Comm: test5 No contaminado 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e [ 57.20253 4] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS desconocido 2 /2/2022 [ 57.202536] Seguimiento de llamadas: [ 57.202537] [ 57.202540] dump_stack_lvl+0x77/0xb0 [ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0 [ 57.202556] rpc_xprt_sw itch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50 /0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d 98e71675af20c19bdb1f6] [57.202671]? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c71 6d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e 3a4187f18ae8a27b630f9feae6831b584a9360a] [ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a] [ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202788] __nfs_pageio_add_request+ 0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965 514a828e6902] [ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202849] nfs_writepages_callback+0x13/0x30 [n fs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202866] write_cache_pages+0x265/ 0x450 [57.202870]? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f 5a0aeb4965514a828e6902] [ 57.202913] do_writepages+0xd2/0x230 [ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80 [ 57.202921] filemap_fdatawrite_wbc+0x67/0x80 [ 57.202924] filemap_write_and_wait_range+0xd9/0x170 [ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c97 6fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202969] __se_s ys_cerrar+ 0x46/0xd0 [57.202972] do_syscall_64+0x68/0x100 [57.202975]? do_syscall_64+0x77/0x100 [57.202976]? do_syscall_64+0x77/0x100 [ 57.202979] Entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 57.202982] RIP: 0033:0x7fe2b12e4a94 [ 57.202985] C\u00f3digo: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 &lt;48&gt; 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3 [ 57.202987] RSP : 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 00000000000000003 [ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94 [ 57.202991] RDX: 00000000 00002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003 [ 57.202992] RBP: 00007ffe857dfc50 R08: 7ffffffffffffffff R09: 0000000065650f49 [ 57.202993] R10 : 00007f -- -truncado---"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-526xx/CVE-2023-52624.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52624",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-26T18:15:08.990",
"lastModified": "2024-03-26T18:15:08.990",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before executing GPINT commands\n\n[Why]\nDMCUB can be in idle when we attempt to interface with the HW through\nthe GPINT mailbox resulting in a system hang.\n\n[How]\nAdd dc_wake_and_execute_gpint() to wrap the wake, execute, sleep\nsequence.\n\nIf the GPINT executes successfully then DMCUB will be put back into\nsleep after the optional response is returned.\n\nIt functions similar to the inbox command interface."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Activa DMCUB antes de ejecutar comandos GPINT [Por qu\u00e9] DMCUB puede estar inactivo cuando intentamos interactuar con el HW a trav\u00e9s del buz\u00f3n GPINT, lo que provoca un bloqueo del sistema. [C\u00f3mo] Agregue dc_wake_and_execute_gpint() para ajustar la secuencia de activaci\u00f3n, ejecuci\u00f3n y suspensi\u00f3n. Si GPINT se ejecuta correctamente, DMCUB volver\u00e1 a entrar en modo de suspensi\u00f3n despu\u00e9s de que se devuelva la respuesta opcional. Funciona de manera similar a la interfaz de comando de la bandeja de entrada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-526xx/CVE-2023-52625.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52625",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-26T18:15:09.040",
"lastModified": "2024-03-26T18:15:09.040",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Refactor DMCUB enter/exit idle interface\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nWe need to exit out of the idle state prior to sending a command,\nbut the process that performs the exit also invokes a command itself.\n\nFixing this issue involves the following:\n\n1. Using a software state to track whether or not we need to start\n the process to exit idle or notify idle.\n\nIt's possible for the hardware to have exited an idle state without\ndriver knowledge, but entering one is always restricted to a driver\nallow - which makes the SW state vs HW state mismatch issue purely one\nof optimization, which should seldomly be hit, if at all.\n\n2. Refactor any instances of exit/notify idle to use a single wrapper\n that maintains this SW state.\n\nThis works simialr to dc_allow_idle_optimizations, but works at the\nDMCUB level and makes sure the state is marked prior to any notify/exit\nidle so we don't enter an infinite loop.\n\n3. Make sure we exit out of idle prior to sending any commands or\n waiting for DMCUB idle.\n\nThis patch takes care of 1/2. A future patch will take care of wrapping\nDMCUB command submission with calls to this new interface."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Refactor DMCUB entra/sale de la interfaz inactiva [Por qu\u00e9] Podemos quedarnos quietos intentando enviar comandos cuando el DMCUB no est\u00e1 encendido. [C\u00f3mo] Necesitamos salir del estado inactivo antes de enviar un comando, pero el proceso que realiza la salida tambi\u00e9n invoca un comando en s\u00ed. Solucionar este problema implica lo siguiente: 1. Usar un estado de software para rastrear si necesitamos o no iniciar el proceso para salir de inactivo o notificarlo. Es posible que el hardware haya salido de un estado inactivo sin el conocimiento del controlador, pero ingresar a uno siempre est\u00e1 restringido a un permiso del controlador, lo que hace que el problema de discrepancia entre el estado del SW y el estado del HW sea puramente de optimizaci\u00f3n, que rara vez deber\u00eda solucionarse, en todo caso. . 2. Refactorice cualquier instancia de salida/notificaci\u00f3n inactiva para utilizar un contenedor \u00fanico que mantenga este estado de software. Esto funciona de manera similar a dc_allow_idle_optimizations, pero funciona en el nivel DMCUB y garantiza que el estado est\u00e9 marcado antes de cualquier notificaci\u00f3n/salida inactiva para que no entremos en un bucle infinito. 3. Aseg\u00farese de salir del modo inactivo antes de enviar cualquier comando o esperar a que DMCUB est\u00e9 inactivo. Este parche se ocupa de la mitad. Un parche futuro se encargar\u00e1 de empaquetar el env\u00edo de comandos DMCUB con llamadas a esta nueva interfaz."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-526xx/CVE-2023-52626.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52626",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-26T18:15:09.087",
"lastModified": "2024-03-26T18:15:09.087",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix operation precedence bug in port timestamping napi_poll context\n\nIndirection (*) is of lower precedence than postfix increment (++). Logic\nin napi_poll context would cause an out-of-bound read by first increment\nthe pointer address by byte address space and then dereference the value.\nRather, the intended logic was to dereference first and then increment the\nunderlying value."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5e: se corrigi\u00f3 el error de precedencia de operaci\u00f3n en la marca de tiempo del puerto contexto napi_poll La indirecci\u00f3n (*) tiene menor prioridad que el incremento de postfijo (++). La l\u00f3gica en el contexto napi_poll provocar\u00eda una lectura fuera de los l\u00edmites al incrementar primero la direcci\u00f3n del puntero por espacio de direcciones de bytes y luego desreferenciar el valor. M\u00e1s bien, la l\u00f3gica prevista era desreferenciar primero y luego incrementar el valor subyacente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-526xx/CVE-2023-52627.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52627",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-26T18:15:09.140",
"lastModified": "2024-03-26T18:15:09.140",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7091r: Allow users to configure device events\n\nAD7091R-5 devices are supported by the ad7091r-5 driver together with\nthe ad7091r-base driver. Those drivers declared iio events for notifying\nuser space when ADC readings fall bellow the thresholds of low limit\nregisters or above the values set in high limit registers.\nHowever, to configure iio events and their thresholds, a set of callback\nfunctions must be implemented and those were not present until now.\nThe consequence of trying to configure ad7091r-5 events without the\nproper callback functions was a null pointer dereference in the kernel\nbecause the pointers to the callback functions were not set.\n\nImplement event configuration callbacks allowing users to read/write\nevent thresholds and enable/disable event generation.\n\nSince the event spec structs are generic to AD7091R devices, also move\nthose from the ad7091r-5 driver the base driver so they can be reused\nwhen support for ad7091r-2/-4/-8 be added."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iio: adc: ad7091r: permitir a los usuarios configurar eventos de dispositivo Los dispositivos AD7091R-5 son compatibles con el controlador ad7091r-5 junto con el controlador ad7091r-base. Esos controladores declararon eventos iio para notificar al espacio del usuario cuando las lecturas de ADC caen por debajo de los umbrales de los registros de l\u00edmite bajo o por encima de los valores establecidos en los registros de l\u00edmite alto. Sin embargo, para configurar los eventos de iio y sus umbrales, se debe implementar un conjunto de funciones de devoluci\u00f3n de llamada que no estaban presentes hasta ahora. La consecuencia de intentar configurar eventos ad7091r-5 sin las funciones de devoluci\u00f3n de llamada adecuadas fue una desreferencia del puntero nulo en el kernel porque los punteros a las funciones de devoluci\u00f3n de llamada no estaban configurados. Implemente devoluciones de llamadas de configuraci\u00f3n de eventos que permitan a los usuarios leer/escribir umbrales de eventos y habilitar/deshabilitar la generaci\u00f3n de eventos. Dado que las estructuras de especificaciones de eventos son gen\u00e9ricas para los dispositivos AD7091R, tambi\u00e9n mueva las del controlador ad7091r-5 al controlador base para que puedan reutilizarse cuando se agregue soporte para ad7091r-2/-4/-8."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-60xx/CVE-2023-6091.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6091",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T20:15:09.167",
"lastModified": "2024-03-26T20:15:09.167",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en mndpsingh287 Theme Editor. Este problema afecta al Theme Editor: desde n/a hasta 2.7.1."
}
],
"metrics": {

55
CVE-2023/CVE-2023-61xx/CVE-2023-6173.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6173",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-03-27T12:15:08.370",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0238",
"source": "iletisim@usom.gov.tr"
}
]
}

8
CVE-2024/CVE-2024-04xx/CVE-2024-0400.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0400",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-03-27T03:15:10.697",
"lastModified": "2024-03-27T03:15:10.697",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability."
},
{
"lang": "es",
"value": "El software SCM es una aplicaci\u00f3n cliente y servidor. Un cliente del administrador del sistema autenticado puede ejecutar consultas LINQ en el servidor SCM para un filtrado personalizado. Un cliente malicioso autenticado puede enviar un c\u00f3digo especialmente dise\u00f1ado para omitir la validaci\u00f3n y ejecutar c\u00f3digo arbitrario (RCE) en el servidor SCM de forma remota. Los clientes malintencionados pueden ejecutar cualquier comando utilizando esta vulnerabilidad RCE."
}
],
"metrics": {

8
CVE-2024/CVE-2024-10xx/CVE-2024-1023.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1023",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-03-27T08:15:38.140",
"lastModified": "2024-03-27T08:15:38.140",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el kit de herramientas Eclipse Vert.x provoca una p\u00e9rdida de memoria debido al uso de estructuras de datos Netty FastThreadLocal. Espec\u00edficamente, cuando el cliente HTTP Vert.x establece conexiones con diferentes hosts, lo que desencadena la p\u00e9rdida de memoria. La filtraci\u00f3n se puede acelerar con un conocimiento \u00edntimo del tiempo de ejecuci\u00f3n, lo que permite a un atacante explotar esta vulnerabilidad. Por ejemplo, un servidor que acepte direcciones de Internet arbitrarias podr\u00eda servir como vector de ataque al conectarse a estas direcciones, acelerando as\u00ed la p\u00e9rdida de memoria."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-13xx/CVE-2024-1313.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1313",
"sourceIdentifier": "security@grafana.com",
"published": "2024-03-26T18:15:09.350",
"lastModified": "2024-03-26T18:15:09.350",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized.\n\nGrafana Labs would like to thank Ravid Mazon and Jay Chen of Palo \nAlto Research for discovering and disclosing this vulnerability.\n\nThis issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.\n\n"
},
{
"lang": "es",
"value": "Es posible que un usuario de una organizaci\u00f3n diferente al propietario de una instant\u00e1nea omita la autorizaci\u00f3n y elimine una instant\u00e1nea emitiendo una solicitud DELETE a /api/snapshots/ usando su clave de vista. Esta funcionalidad est\u00e1 destinada a estar disponible solo para personas con permiso para escribir/editar la instant\u00e1nea en cuesti\u00f3n, pero debido a un error en la l\u00f3gica de autorizaci\u00f3n, las solicitudes de eliminaci\u00f3n emitidas por un usuario sin privilegios en una organizaci\u00f3n diferente a la del propietario de la instant\u00e1nea se tratan. seg\u00fan lo autorizado. Grafana Labs desea agradecer a Ravid Mazon y Jay Chen de Palo Alto Research por descubrir y revelar esta vulnerabilidad. Este problema afecta a Grafana: desde 9.5.0 antes de 9.5.18, desde 10.0.0 antes de 10.0.13, desde 10.1.0 antes de 10.1.9, desde 10.2.0 antes de 10.2.6, desde 10.3.0 antes de 10.3.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-13xx/CVE-2024-1364.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1364",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T07:15:48.497",
"lastModified": "2024-03-27T07:15:48.497",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Elementor Website Builder Pro para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del custom_id del widget en todas las versiones hasta la 3.20.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-15xx/CVE-2024-1521.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1521",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T07:15:48.793",
"lastModified": "2024-03-27T07:15:48.793",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is only exploitable on web servers running NGINX. It is not exploitable on web servers running Apache HTTP Server."
},
{
"lang": "es",
"value": "El complemento Elementor Website Builder Pro para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de un archivo SVGZ cargado a trav\u00e9s del widget de formulario en todas las versiones hasta la 3.20.1 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. NOTA: Esta vulnerabilidad solo se puede explotar en servidores web que ejecutan NGINX. No es explotable en servidores web que ejecutan Apache HTTP Server."
}
],
"metrics": {

8
CVE-2024/CVE-2024-15xx/CVE-2024-1531.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1531",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-03-27T02:15:11.177",
"lastModified": "2024-03-27T02:15:11.177",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en el manejo de archivos en lenguaje stb que afecta a las versiones de productos de la serie RTU500 que se enumeran a continuaci\u00f3n. Un actor malintencionado podr\u00eda imprimir contenido de memoria aleatorio en el registro del sistema RTU500, si un usuario autorizado carga un archivo en lenguaje stb especialmente manipulado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-15xx/CVE-2024-1532.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1532",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-03-27T03:15:10.933",
"lastModified": "2024-03-27T03:15:10.933",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en el manejo de archivos en lenguaje stb que afecta a las versiones de productos de la serie RTU500 que se enumeran a continuaci\u00f3n. Un actor malintencionado podr\u00eda obligar a que los textos de diagn\u00f3stico se muestren como cadenas vac\u00edas, si un usuario autorizado carga un archivo en lenguaje stb especialmente manipulado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-20xx/CVE-2024-2004.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2004",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"published": "2024-03-27T08:15:41.173",
"lastModified": "2024-03-27T08:15:41.173",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug."
},
{
"lang": "es",
"value": "Cuando una opci\u00f3n de par\u00e1metro de selecci\u00f3n de protocolo deshabilita todos los protocolos sin agregar ninguno, el conjunto predeterminado de protocolos permanecer\u00eda en el conjunto permitido debido a un error en la l\u00f3gica para eliminar protocolos. El siguiente comando realizar\u00eda una solicitud a curl.se con un protocolo de texto plano que ha sido expl\u00edcitamente deshabilitado. curl --proto -all,-http http://curl.se La falla solo est\u00e1 presente si el conjunto de protocolos seleccionados desactiva todo el conjunto de protocolos disponibles, lo que en s\u00ed mismo es un comando sin uso pr\u00e1ctico y, por lo tanto, es poco probable que se encuentre en situaciones reales. Por lo tanto, el equipo de seguridad de curl ha evaluado que se trata de un error de baja gravedad."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-20xx/CVE-2024-2097.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2097",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-03-27T03:15:12.290",
"lastModified": "2024-03-27T03:15:12.290",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do."
},
{
"lang": "es",
"value": "El cliente de control de lista autenticado puede ejecutar la consulta LINQ en el servidor SCM para presentar el evento como una lista para el operador. Un cliente malicioso autenticado puede enviar una consulta LINQ especial para ejecutar c\u00f3digo arbitrario de forma remota (RCE) en el servidor SCM para lo cual, de otro modo, un atacante no tendr\u00eda autorizaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-21xx/CVE-2024-2120.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2120",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T07:15:53.447",
"lastModified": "2024-03-27T07:15:53.447",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "Elementor Website Builder \u2013 More than Just a Page Builder para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del widget de navegaci\u00f3n posterior del complemento en todas las versiones hasta la 3.20.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida del usuario. atributos proporcionados. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-21xx/CVE-2024-2121.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2121",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T07:15:53.760",
"lastModified": "2024-03-27T07:15:53.760",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Elementor Website Builder Pro para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del widget Media Carousel del complemento en todas las versiones hasta la 3.20.1 incluida debido a una limpieza de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-21xx/CVE-2024-2139.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2139",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T03:15:12.510",
"lastModified": "2024-03-27T03:15:12.510",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Master Addons para Elementor para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del widget de tabla de precios en todas las versiones hasta la 2.0.5.6 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-221xx/CVE-2024-22149.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22149",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:12.890",
"lastModified": "2024-03-27T06:15:12.890",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CformsII Oliver Seidel, Bastian Germannx para WordPress permite XSS almacenado. Este problema afecta a CformsII: desde n/a hasta 15.0.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-222xx/CVE-2024-22288.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22288",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:13.670",
"lastModified": "2024-03-27T06:15:13.670",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels permite el XSS reflejado. Este problema afecta a WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: desde n/a hasta 4.4.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-222xx/CVE-2024-22299.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22299",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:14.273",
"lastModified": "2024-03-27T06:15:14.273",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Foliovision: Making the web work for you FV Flowplayer Video Player permite XSS reflejado. Este problema afecta a FV Flowplayer Video Player: desde n/a hasta 7.5.41.7212 ."
}
],
"metrics": {

8
CVE-2024/CVE-2024-223xx/CVE-2024-22300.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22300",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:14.883",
"lastModified": "2024-03-27T06:15:14.883",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Email Subscribers &amp; Newsletters de Icegram para WordPress permite el XSS reflejado. Este problema afecta a los suscriptores de correo electr\u00f3nico y boletines: desde n/a hasta 5.7.11."
}
],
"metrics": {

8
CVE-2024/CVE-2024-223xx/CVE-2024-22311.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22311",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:15.450",
"lastModified": "2024-03-27T06:15:15.450",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en N Squared Simply Schedule Appointments permite el XSS reflejado. Este problema afecta a Simply Schedule Appointments: desde n/a hasta 1.6.6.20."
}
],
"metrics": {

8
CVE-2024/CVE-2024-224xx/CVE-2024-22436.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22436",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-26T19:15:48.550",
"lastModified": "2024-03-26T19:15:48.550",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:41.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de seguridad en los productos HPE IceWall Agent podr\u00eda explotarse de forma remota para provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-22xx/CVE-2024-2203.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2203",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T03:15:12.737",
"lastModified": "2024-03-27T03:15:12.737",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
},
{
"lang": "es",
"value": "El complemento The Plus Addons for Elementor para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 5.4.1 incluida a trav\u00e9s del widget Clientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, incluyan y ejecuten archivos arbitrarios en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en los casos en que se puedan cargar e incluir im\u00e1genes y otros tipos de archivos \"seguros\"."
}
],
"metrics": {

8
CVE-2024/CVE-2024-22xx/CVE-2024-2206.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2206",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-03-27T01:15:46.613",
"lastModified": "2024-03-27T01:15:46.613",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The /proxy route allows a user to proxy arbitrary urls including potential internal endpoints."
},
{
"lang": "es",
"value": "La ruta /proxy permite a un usuario enviar URL arbitrarias, incluidos posibles endpoints internos."
}
],
"metrics": {

8
CVE-2024/CVE-2024-22xx/CVE-2024-2209.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2209",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-03-27T00:15:07.817",
"lastModified": "2024-03-27T00:15:07.817",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer\u2019s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution."
},
{
"lang": "es",
"value": "Un usuario con privilegios administrativos puede crear un archivo dll comprometido con el mismo nombre que el dll original dentro del paquete Firmware Update Utility (FUU) de la impresora HP y colocarlo en el directorio de descargas predeterminado de Microsoft Windows, lo que puede conducir a una posible ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-22xx/CVE-2024-2210.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2210",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T03:15:12.937",
"lastModified": "2024-03-27T03:15:12.937",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
},
{
"lang": "es",
"value": "El complemento The Plus Addons para Elementor para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 5.4.1 incluida a trav\u00e9s del widget de listado de miembros del equipo. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, incluyan y ejecuten archivos arbitrarios en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en los casos en que se puedan cargar e incluir im\u00e1genes y otros tipos de archivos \"seguros\"."
}
],
"metrics": {

8
CVE-2024/CVE-2024-22xx/CVE-2024-2244.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2244",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-03-27T02:15:11.417",
"lastModified": "2024-03-27T02:15:11.417",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "REST service authentication anomaly with \u201cvalid username/no password\u201d credential combination for batch job processing resulting in successful service invocation. The anomaly doesn\u2019t exist with other credential combinations."
},
{
"lang": "es",
"value": "Anomal\u00eda de autenticaci\u00f3n del servicio REST con una combinaci\u00f3n de credenciales de \u201cnombre de usuario v\u00e1lido/sin contrase\u00f1a\u201d para el procesamiento de trabajos por lotes, lo que da como resultado una invocaci\u00f3n exitosa del servicio. La anomal\u00eda no existe con otras combinaciones de credenciales."
}
],
"metrics": {

8
CVE-2024/CVE-2024-23xx/CVE-2024-2379.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2379",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"published": "2024-03-27T08:15:41.230",
"lastModified": "2024-03-27T08:15:41.230",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems."
},
{
"lang": "es",
"value": "libcurl omite la verificaci\u00f3n del certificado para una conexi\u00f3n QUIC bajo ciertas condiciones, cuando est\u00e1 dise\u00f1ado para usar wolfSSL. Si se le indica que utilice un cifrado o curva desconocido/incorrecto, la ruta de error omite accidentalmente la verificaci\u00f3n y devuelve OK, ignorando as\u00ed cualquier problema de certificado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-23xx/CVE-2024-2398.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2398",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"published": "2024-03-27T08:15:41.283",
"lastModified": "2024-03-27T08:15:41.283",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application."
},
{
"lang": "es",
"value": "Cuando una aplicaci\u00f3n le dice a libcurl que quiere permitir la inserci\u00f3n del servidor HTTP/2 y la cantidad de encabezados recibidos para la inserci\u00f3n supera el l\u00edmite m\u00e1ximo permitido (1000), libcurl cancela la inserci\u00f3n del servidor. Al cancelar, libcurl inadvertidamente no libera todos los encabezados previamente asignados y, en cambio, pierde memoria. Adem\u00e1s, esta condici\u00f3n de error falla silenciosamente y, por lo tanto, una aplicaci\u00f3n no la detecta f\u00e1cilmente."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-243xx/CVE-2024-24334.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24334",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T03:15:11.260",
"lastModified": "2024-03-27T03:15:11.260",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2."
},
{
"lang": "es",
"value": "Se produce un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en dfs_v2 dfs_file en RT-Thread hasta 5.0.2."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-243xx/CVE-2024-24335.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24335",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T03:15:11.330",
"lastModified": "2024-03-27T03:15:11.330",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2."
},
{
"lang": "es",
"value": "Se produce un desbordamiento de b\u00fafer de almacenamiento din\u00e1micoen el sistema de archivos romfs dfs_v2 RT-Thread hasta 5.0.2."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-247xx/CVE-2024-24700.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24700",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:16.127",
"lastModified": "2024-03-27T06:15:16.127",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WP Editor de Benjamin Rojas para WordPress permite XSS reflejado. Este problema afecta al WP Editor: desde n/a hasta 1.2.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24800.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24800",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:16.700",
"lastModified": "2024-03-27T06:15:16.700",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en AdTribes.Io Product Feed PRO for WooCommerce permite XSS reflejado. Este problema afecta a Product Feed PRO for WooCommerce: desde n/a hasta 13.2.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-248xx/CVE-2024-24842.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24842",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:17.420",
"lastModified": "2024-03-27T06:15:17.420",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance. Este problema afecta a Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance: desde n/a hasta 11.30.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-24xx/CVE-2024-2466.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2466",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"published": "2024-03-27T08:15:41.343",
"lastModified": "2024-03-27T08:15:41.343",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc)."
},
{
"lang": "es",
"value": "libcurl no verific\u00f3 el certificado del servidor de las conexiones TLS realizadas a un host especificado como direcci\u00f3n IP, cuando se cre\u00f3 para usar mbedTLS. libcurl evitar\u00eda err\u00f3neamente el uso de la funci\u00f3n establecer nombre de host cuando el nombre de host especificado se proporcionara como direcci\u00f3n IP, por lo que se saltar\u00eda por completo la verificaci\u00f3n del certificado. Esto afecta a todos los usos de los protocolos TLS (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc)."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-251xx/CVE-2024-25136.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25136",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-03-26T23:15:46.663",
"lastModified": "2024-03-26T23:15:46.663",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nThere is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.\n\n"
},
{
"lang": "es",
"value": "Hay una funci\u00f3n en AutomationDirect C-MORE EA9 HMI que permite a un atacante enviar una ruta relativa en la URL sin una sanitizaci\u00f3n adecuada del contenido."
}
],
"metrics": {

8
CVE-2024/CVE-2024-251xx/CVE-2024-25137.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25137",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-03-26T23:15:46.873",
"lastModified": "2024-03-26T23:15:46.873",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIn AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.\n\n"
},
{
"lang": "es",
"value": "En AutomationDirect C-MORE EA9 HMI hay un programa que copia un b\u00fafer de un tama\u00f1o controlado por el usuario en un b\u00fafer de tama\u00f1o limitado en la pila, lo que puede provocar un desbordamiento de la pila. El resultado de este desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria puede provocar condiciones de denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2024/CVE-2024-251xx/CVE-2024-25138.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25138",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-03-26T23:15:47.073",
"lastModified": "2024-03-26T23:15:47.073",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIn AutomationDirect C-MORE EA9 HMI, \n\ncredentials used by the platform are stored as plain text on the device.\n\n"
},
{
"lang": "es",
"value": "En AutomationDirect C-MORE EA9 HMI, las credenciales utilizadas por la plataforma se almacenan como texto plano en el dispositivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-253xx/CVE-2024-25388.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25388",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T03:15:11.400",
"lastModified": "2024-03-27T03:15:11.400",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow."
},
{
"lang": "es",
"value": "drivers/wlan/wlan_mgmt,c en RT-Thread hasta 5.0.2 tiene un error de firma de entero y el consiguiente desbordamiento del b\u00fafer."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-253xx/CVE-2024-25389.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25389",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T03:15:11.460",
"lastModified": "2024-03-27T03:15:11.460",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "RT-Thread through 5.0.2 generates random numbers with a weak algorithm of \"seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;\" in calc_random in drivers/misc/rt_random.c."
},
{
"lang": "es",
"value": "RT-Thread hasta 5.0.2 genera n\u00fameros aleatorios con un algoritmo d\u00e9bil de \"seed = 214013L * seed + 2531011L; return (seed &gt;&gt; 16) &amp; 0x7FFF;\" en calc_random en drivers/misc/rt_random.c."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-253xx/CVE-2024-25390.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25390",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T03:15:11.537",
"lastModified": "2024-03-27T03:15:11.537",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2."
},
{
"lang": "es",
"value": "Se produce un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en finsh/msh_file.c y finsh/msh.c en RT-Thread hasta 5.0.2."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-253xx/CVE-2024-25391.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25391",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T03:15:11.603",
"lastModified": "2024-03-27T03:15:11.603",
"vulnStatus": "Received",
"lastModified": "2024-03-27T12:29:30.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2."
},
{
"lang": "es",
"value": "Se produce un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en libc/posix/ipc/mqueue.c en RT-Thread hasta 5.0.2."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More