admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-22T15:00:25.373801+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-22 15:00:29 +00:00
parent 45ee208c3c
commit 7dbe474e1d
41 changed files with 916 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2016/CVE-2016-150xx/CVE-2016-15037.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2016-15037",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-21T06:15:08.600",
"lastModified": "2024-01-21T06:15:08.600",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.2 is able to address this issue. The patch is identified as 5c9120f2362ddb7cbe48f2c4620715adddc4ee35. It is recommended to upgrade the affected component. VDB-251570 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en go4rayyan Scumblr hasta 2.0.1a. Una funci\u00f3n desconocida del componente Task Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede lanzarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2.0.2 puede solucionar este problema. El parche se identifica como 5c9120f2362ddb7cbe48f2c4620715adddc4ee35. Se recomienda actualizar el componente afectado. VDB-251570 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2017/CVE-2017-201xx/CVE-2017-20189.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2017-20189",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T06:15:07.563",
"lastModified": "2024-01-22T06:15:07.563",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects."
},
{
"lang": "es",
"value": "En Clojure anterior a 1.9.0, las clases se pueden usar para construir un objeto serializado que ejecuta c\u00f3digo arbitrario tras la deserializaci\u00f3n. Esto es relevante si un servidor deserializa objetos que no son de confianza."
}
],
"metrics": {},

32
CVE-2020/CVE-2020-367xx/CVE-2020-36771.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-36771",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-22T14:15:07.530",
"lastModified": "2024-01-22T14:33:50.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CloudLinux\n CageFS 7.1.1-1 or below passes the authentication token as command line\n argument. In some configurations this allows local users to view it via\n the process list and gain code execution as another user.\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-214"
}
]
}
],
"references": [
{
"url": "https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100",
"source": "secalert@redhat.com"
}
]
}

112
CVE-2023/CVE-2023-225xx/CVE-2023-22526.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22526",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-01-16T05:15:07.933",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T14:52:22.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@atlassian.com",
@ -38,14 +60,96 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.19.0",
"versionEndExcluding": "7.19.17",
"matchCriteriaId": "FFAC515C-172B-44D9-89A9-062F33E644E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.5",
"matchCriteriaId": "5910506D-FE53-411D-8684-C5477CE44D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndExcluding": "8.7.2",
"matchCriteriaId": "30B5862B-E498-44C3-8C73-8474AEA4108D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.19",
"versionEndExcluding": "7.19.17",
"matchCriteriaId": "56354085-184F-4B7A-B384-34A0D3B38EE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.5",
"matchCriteriaId": "A42A7385-4CBB-4EE3-B227-13CD02C50D8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndIncluding": "8.7.2",
"matchCriteriaId": "50F31DE4-0A6B-4183-8E74-324DA2BF2BD1"
}
]
}
]
}
],
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-93516",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Permissions Required"
]
}
]
}

8
CVE-2023/CVE-2023-464xx/CVE-2023-46447.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46447",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-20T05:15:08.207",
"lastModified": "2024-01-20T05:15:08.207",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n POPS! Rebel 5.0 para Android, en POPS! Rebel Bluetooth Glucose Monitoring System env\u00eda mediciones de glucosa sin cifrar a trav\u00e9s de BLE."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-473xx/CVE-2023-47352.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47352",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T05:15:08.307",
"lastModified": "2024-01-22T05:15:08.307",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords."
},
{
"lang": "es",
"value": "Los dispositivos Technicolor TC8715D tienen contrase\u00f1as de seguridad WPA2 predeterminadas y predecibles. Un atacante que busque valores SSID y BSSID puede predecir estas contrase\u00f1as."
}
],
"metrics": {},

115
CVE-2023/CVE-2023-496xx/CVE-2023-49647.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49647",
"sourceIdentifier": "security@zoom.us",
"published": "2024-01-12T22:15:45.130",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T14:23:47.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom SDK para Windows anteriores a la versi\u00f3n 5.16.10 puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -46,10 +80,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.10",
"matchCriteriaId": "6283C30D-420E-4A6F-B4C3-A67923467553"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.10",
"matchCriteriaId": "ACB8BA0C-2FE3-4AB2-8C43-1035A95408E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.16.10",
"matchCriteriaId": "EE4453C1-144A-4101-935E-966676895835"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.14",
"matchCriteriaId": "D33A3D73-DB80-4376-A9EE-2905A4B0B4B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "5.15.12",
"matchCriteriaId": "33411E35-8D01-42E4-85D6-0FE2C416E697"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionEndExcluding": "5.16.10",
"matchCriteriaId": "1865DF2E-65D2-4DEF-BFC5-5AC333AFF759"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-523xx/CVE-2023-52353.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52353",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T23:15:44.220",
"lastModified": "2024-01-21T23:15:44.220",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Mbed TLS hasta la versi\u00f3n 3.5.1. En mbedtls_ssl_session_reset, la versi\u00f3n TLS m\u00e1xima negociable no se maneja correctamente. Por ejemplo, si la \u00faltima conexi\u00f3n negoci\u00f3 TLS 1.2, entonces 1.2 se convierte en el nuevo m\u00e1ximo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-523xx/CVE-2023-52354.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52354",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T06:15:07.780",
"lastModified": "2024-01-22T06:15:07.780",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted."
},
{
"lang": "es",
"value": "chasquid anterior a 1.13 permite el contrabando SMTP porque se aceptan l\u00edneas terminadas en LF."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-65xx/CVE-2023-6531.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6531",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-21T10:15:07.967",
"lastModified": "2024-01-21T10:15:07.967",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de use-after-free en el kernel de Linux debido a un problema de ejecuci\u00f3n en la eliminaci\u00f3n de ejecuci\u00f3n de SKB por parte del recolector de basura de Unix con unix_stream_read_generic() en el socket en el que el SKB est\u00e1 en cola."
}
],
"metrics": {

8
CVE-2023/CVE-2023-70xx/CVE-2023-7063.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7063",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-20T09:15:07.520",
"lastModified": "2024-01-20T09:15:07.520",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WPForms Pro para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de par\u00e1metros de env\u00edo de formularios en todas las versiones hasta la 1.8.5.3 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-05xx/CVE-2024-0521.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0521",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-01-20T21:15:43.463",
"lastModified": "2024-01-20T21:15:43.463",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Code Injection in paddlepaddle/paddle"
},
{
"lang": "es",
"value": "Inyecci\u00f3n de c\u00f3digo en paddlepaddle/paddle "
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0623.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0623",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-20T06:15:44.400",
"lastModified": "2024-01-20T06:15:44.400",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento VK Block Patterns para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.31.1.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n vbp_clear_patterns_cache(). Esto hace posible que atacantes no autenticados borre el cach\u00e9 de patrones a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0679.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0679",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-20T06:15:44.660",
"lastModified": "2024-01-20T06:15:44.660",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins."
},
{
"lang": "es",
"value": "El tema ColorMag para WordPress es vulnerable al acceso no autorizado debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n plugin_action_callback() en todas las versiones hasta la 3.1.2 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, instalen y activen complementos arbitrarios."
}
],
"metrics": {

8
CVE-2024/CVE-2024-07xx/CVE-2024-0769.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0769",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-21T08:15:07.550",
"lastModified": "2024-01-21T08:15:07.550",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en D-Link DIR-859 1.06B01. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /hedwig.cgi del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento servicio con la entrada ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml conduce a un path traversal. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-251666 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {

8
CVE-2024/CVE-2024-07xx/CVE-2024-0770.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0770",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-21T23:15:44.273",
"lastModified": "2024-01-21T23:15:44.273",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en European Chemicals Agency IUCLID 7.10.3 en Windows y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo iuclid6.exe del componente Desktop Installer es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a permisos predeterminados incorrectos. El ataque debe abordarse localmente. VDB-251670 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-07xx/CVE-2024-0771.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0771",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-21T23:15:44.567",
"lastModified": "2024-01-21T23:15:44.567",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Nsasoft Product Key Explorer 4.0.9 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Registration Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Nombre/Clave conduce a da\u00f1os en la memoria. Un ataque debe abordarse localmente. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251671. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-07xx/CVE-2024-0772.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0772",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T00:15:06.807",
"lastModified": "2024-01-22T00:15:06.807",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Nsasoft ShareAlarmPro 2.1.4 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Registration Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Nombre/Clave conduce a da\u00f1os en la memoria. Se requiere acceso local para abordar este ataque. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251672. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-07xx/CVE-2024-0773.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0773",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T00:15:07.040",
"lastModified": "2024-01-22T00:15:07.040",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en CodeAstro Internet Banking System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo pages_client_signup.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Nombre completo del cliente conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251677."
}
],
"metrics": {

8
CVE-2024/CVE-2024-07xx/CVE-2024-0774.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0774",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T01:15:08.033",
"lastModified": "2024-01-22T01:15:08.033",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Any-Capture Any Sound Recorder 2.93. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del componente Registration Handler. La manipulaci\u00f3n del argumento Nombre de usuario/C\u00f3digo clave provoca da\u00f1os en la memoria. Es posible lanzar el ataque al servidor local. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-251674 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

63
CVE-2024/CVE-2024-07xx/CVE-2024-0775.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-0775",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-22T13:15:25.137",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0775",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259414",
"source": "secalert@redhat.com"
},
{
"url": "https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162",
"source": "secalert@redhat.com"
}
]
}

8
CVE-2024/CVE-2024-07xx/CVE-2024-0776.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0776",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T01:15:08.263",
"lastModified": "2024-01-22T01:15:08.263",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation with the input <div onmouseenter=\"alert(\"xss)\"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251678 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en LinZhaoguan pb-cms 2.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Comment Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n con la entrada conduce a cross site scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede usarse. VDB-251678 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-214xx/CVE-2024-21484.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21484",
"sourceIdentifier": "report@snyk.io",
"published": "2024-01-22T05:15:08.720",
"lastModified": "2024-01-22T05:15:08.720",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThis vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
},
{
"lang": "es",
"value": "Las versiones del paquete jsrsasign anteriores a 11.0.0 son vulnerables a la discrepancia observable a trav\u00e9s del proceso de descifrado RSA PKCS1.5 o RSAOAEP. Un atacante puede descifrar textos cifrados aprovechando esta vulnerabilidad. Explotar esta vulnerabilidad requiere que el atacante tenga acceso a una gran cantidad de textos cifrados con la misma clave. Workaround esta vulnerabilidad se puede mitigar buscando y reemplazando el descifrado RSA y RSAOAEP con otra librer\u00eda criptogr\u00e1fica."
}
],
"metrics": {

114
CVE-2024/CVE-2024-216xx/CVE-2024-21672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21672",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-01-16T05:15:08.537",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T14:51:42.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@atlassian.com",
@ -38,10 +60,96 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.19.0",
"versionEndExcluding": "7.19.18",
"matchCriteriaId": "6315A65C-D63C-4A23-BD87-4CCE7FA41662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.5",
"matchCriteriaId": "5910506D-FE53-411D-8684-C5477CE44D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndExcluding": "8.7.2",
"matchCriteriaId": "30B5862B-E498-44C3-8C73-8474AEA4108D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.19",
"versionEndExcluding": "7.19.18",
"matchCriteriaId": "EE863B2C-1277-400C-B9A6-9A7895DEDD8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.5",
"matchCriteriaId": "A42A7385-4CBB-4EE3-B227-13CD02C50D8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndIncluding": "8.7.2",
"matchCriteriaId": "50F31DE4-0A6B-4183-8E74-324DA2BF2BD1"
}
]
}
]
}
],
"references": [
{
"url": "https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html",
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-94064",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Permissions Required"
]
}
]
}

114
CVE-2024/CVE-2024-216xx/CVE-2024-21673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21673",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-01-16T05:15:08.730",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T14:50:35.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@atlassian.com",
@ -38,10 +60,96 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.19.0",
"versionEndExcluding": "7.19.18",
"matchCriteriaId": "6315A65C-D63C-4A23-BD87-4CCE7FA41662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.5",
"matchCriteriaId": "5910506D-FE53-411D-8684-C5477CE44D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndExcluding": "8.7.2",
"matchCriteriaId": "30B5862B-E498-44C3-8C73-8474AEA4108D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.19",
"versionEndExcluding": "7.19.18",
"matchCriteriaId": "EE863B2C-1277-400C-B9A6-9A7895DEDD8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.5",
"matchCriteriaId": "A42A7385-4CBB-4EE3-B227-13CD02C50D8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndIncluding": "8.7.2",
"matchCriteriaId": "50F31DE4-0A6B-4183-8E74-324DA2BF2BD1"
}
]
}
]
}
],
"references": [
{
"url": "https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html",
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-94065",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Permissions Required"
]
}
]
}

114
CVE-2024/CVE-2024-216xx/CVE-2024-21674.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21674",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-01-16T05:15:08.910",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-22T14:49:15.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@atlassian.com",
@ -38,10 +60,96 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.19.0",
"versionEndExcluding": "7.19.18",
"matchCriteriaId": "6315A65C-D63C-4A23-BD87-4CCE7FA41662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.5",
"matchCriteriaId": "5910506D-FE53-411D-8684-C5477CE44D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndExcluding": "8.7.2",
"matchCriteriaId": "30B5862B-E498-44C3-8C73-8474AEA4108D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.19",
"versionEndExcluding": "7.19.18",
"matchCriteriaId": "EE863B2C-1277-400C-B9A6-9A7895DEDD8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndExcluding": "8.5.5",
"matchCriteriaId": "A42A7385-4CBB-4EE3-B227-13CD02C50D8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndIncluding": "8.7.2",
"matchCriteriaId": "50F31DE4-0A6B-4183-8E74-324DA2BF2BD1"
}
]
}
]
}
],
"references": [
{
"url": "https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html",
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-94066",
"source": "security@atlassian.com"
"source": "security@atlassian.com",
"tags": [
"Permissions Required"
]
}
]
}

8
CVE-2024/CVE-2024-221xx/CVE-2024-22113.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22113",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-22T05:15:09.050",
"lastModified": "2024-01-22T05:15:09.050",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento abierto en el an\u00e1lisis de Access CGI An-Analyzer lanzado el 31 de diciembre de 2023 y antes permite a un atacante remoto no autenticado redirigir a los usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL especialmente manipulada."
}
],
"metrics": {},

43
CVE-2024/CVE-2024-222xx/CVE-2024-22233.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-22233",
"sourceIdentifier": "security@vmware.com",
"published": "2024-01-22T13:15:25.453",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * the application uses Spring MVC\n * Spring Security 6.1.6+ or 6.2.1+ is on the classpath\n\n\nTypically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web\u00a0and org.springframework.boot:spring-boot-starter-security\u00a0dependencies to meet all conditions.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://spring.io/security/cve-2024-22233/",
"source": "security@vmware.com"
}
]
}

8
CVE-2024/CVE-2024-237xx/CVE-2024-23725.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23725",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T04:15:19.177",
"lastModified": "2024-01-21T04:15:19.177",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries."
},
{
"lang": "es",
"value": "Ghost anterior a 5.76.0 permite XSS a trav\u00e9s de un extracto de publicaci\u00f3n en excerpt.js. Se puede representar un payload XSS en res\u00famenes de publicaciones."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23726.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23726",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T04:15:19.353",
"lastModified": "2024-01-21T04:15:19.353",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit."
},
{
"lang": "es",
"value": "Los dispositivos Ubee DDW365 XCNDDW365 y DDW366 XCNDXW3WB tienen PSK WPA2 predeterminados predecibles que podr\u00edan provocar un acceso remoto no autorizado. Un atacante remoto (cerca de una red Wi-Fi) puede derivar el valor WPA2-PSK predeterminado observando una trama de baliza. Un PSK se genera utilizando los primeros seis caracteres del SSID y los \u00faltimos seis del BSSID, disminuyendo el \u00faltimo d\u00edgito."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23730.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23730",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T17:15:44.373",
"lastModified": "2024-01-21T17:15:44.373",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML."
},
{
"lang": "es",
"value": "Los cargadores de complementos OpenAPI y ChatGPT en LlamaHub (tambi\u00e9n conocido como llama-hub) anteriores a 0.0.67 permiten a los atacantes ejecutar c\u00f3digo arbitrario porque safe_load no se usa para YAML."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23731.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23731",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T17:15:44.443",
"lastModified": "2024-01-21T17:15:44.443",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument."
},
{
"lang": "es",
"value": "OpenAPI loader in Embedchain anterior a 0.1.57 permite a los atacantes ejecutar c\u00f3digo arbitrario, relacionado con el argumento de la funci\u00f3n openapi.py yaml.load."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23732.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23732",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T17:15:44.497",
"lastModified": "2024-01-21T17:15:44.497",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:14.430",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py."
},
{
"lang": "es",
"value": "JSON loader in Embedchain anterior a 0.1.57 permite un ReDoS (denegaci\u00f3n de servicio de expresi\u00f3n regular) a trav\u00e9s de una cadena larga en json.py."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23744.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23744",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-21T23:15:44.833",
"lastModified": "2024-01-21T23:15:44.833",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Mbed TLS 3.5.1. Hay una denegaci\u00f3n persistente del protocolo de enlace si un cliente env\u00eda un ClientHello TLS 1.3 sin extensiones."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23750.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23750",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T01:15:08.507",
"lastModified": "2024-01-22T01:15:08.507",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen."
},
{
"lang": "es",
"value": "MetaGPT hasta 0.6.4 permite que la funci\u00f3n QaEngineer ejecute c\u00f3digo arbitrario porque RunCode.run_script() pasa metacaracteres de shell al subproceso.Popen."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23751.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23751",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T01:15:08.557",
"lastModified": "2024-01-22T01:15:08.557",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via \"Drop the Students table\" within English language input."
},
{
"lang": "es",
"value": "LlamaIndex (tambi\u00e9n conocido como llama_index) hasta 0.9.34 permite la inyecci\u00f3n de SQL a trav\u00e9s de la funci\u00f3n Texto a SQL en NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine y PGVectorSQLQueryEngine. Por ejemplo, un atacante podr\u00eda eliminar los registros de los estudiantes de este a\u00f1o mediante \"Soltar la tabla de estudiantes\" dentro de la entrada en idioma ingl\u00e9s."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23752.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23752",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T01:15:08.607",
"lastModified": "2024-01-22T01:15:08.607",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660."
},
{
"lang": "es",
"value": "GenerateSDFPipeline en Synthetic_dataframe en PandasAI (tambi\u00e9n conocido como pandas-ai) hasta 1.5.17 permite a los atacantes activar la generaci\u00f3n de c\u00f3digo Python arbitrario que es ejecutado por SDFCodeExecutor. Un atacante puede crear un marco de datos que proporcione una especificaci\u00f3n en ingl\u00e9s de este c\u00f3digo Python. NOTA: el proveedor intent\u00f3 anteriormente restringir la ejecuci\u00f3n del c\u00f3digo en respuesta a un problema separado, CVE-2023-39660."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23768.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23768",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T03:15:08.203",
"lastModified": "2024-01-22T03:15:08.203",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later."
},
{
"lang": "es",
"value": "Dremio anterior a 24.3.1 permite path traversal. Un usuario autenticado que no tiene privilegios en determinadas carpetas (y en los archivos y conjuntos de datos de estas carpetas) puede acceder a estas carpetas, archivos y conjuntos de datos. Para tener \u00e9xito, el usuario debe tener acceso a la fuente y al menos a una carpeta en la fuente. Las versiones afectadas son: 24.0.0 a 24.3.0, 23.0.0 a 23.2.3 y 22.0.0 a 22.2.2. Las versiones fijas son: 24.3.1 y posteriores, 23.2.4 y posteriores, y 22.2.3 y posteriores."
}
],
"metrics": {

8
CVE-2024/CVE-2024-237xx/CVE-2024-23770.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T04:15:07.670",
"lastModified": "2024-01-22T04:15:07.670",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments."
},
{
"lang": "es",
"value": "darkhttpd hasta 1.15 permite a los usuarios locales descubrir credenciales (para --auth) enumerando procesos y sus argumentos."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-237xx/CVE-2024-23771.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23771",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T04:15:07.723",
"lastModified": "2024-01-22T04:15:07.723",
"vulnStatus": "Received",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel."
},
{
"lang": "es",
"value": "darkhttpd anterior a 1.15 usa strcmp (que no es un tiempo constante) para verificar la autenticaci\u00f3n, lo que facilita a atacantes remotos eludir la autenticaci\u00f3n a trav\u00e9s de un canal lateral de temporizaci\u00f3n."
}
],
"metrics": {},

41
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-22T13:00:24.721565+00:00
2024-01-22T15:00:25.373801+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-22T11:15:47.500000+00:00
2024-01-22T14:52:22.780000+00:00
```
### Last Data Feed Release
@ -29,22 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236495
236498
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `3`
* [CVE-2020-36771](CVE-2020/CVE-2020-367xx/CVE-2020-36771.json) (`2024-01-22T14:15:07.530`)
* [CVE-2024-0775](CVE-2024/CVE-2024-07xx/CVE-2024-0775.json) (`2024-01-22T13:15:25.137`)
* [CVE-2024-22233](CVE-2024/CVE-2024-222xx/CVE-2024-22233.json) (`2024-01-22T13:15:25.453`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `37`
* [CVE-2023-29051](CVE-2023/CVE-2023-290xx/CVE-2023-29051.json) (`2024-01-22T11:15:46.907`)
* [CVE-2023-29052](CVE-2023/CVE-2023-290xx/CVE-2023-29052.json) (`2024-01-22T11:15:47.380`)
* [CVE-2023-41710](CVE-2023/CVE-2023-417xx/CVE-2023-41710.json) (`2024-01-22T11:15:47.500`)
* [CVE-2024-23744](CVE-2024/CVE-2024-237xx/CVE-2024-23744.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-0772](CVE-2024/CVE-2024-07xx/CVE-2024-0772.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-0773](CVE-2024/CVE-2024-07xx/CVE-2024-0773.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-0774](CVE-2024/CVE-2024-07xx/CVE-2024-0774.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-0776](CVE-2024/CVE-2024-07xx/CVE-2024-0776.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-23750](CVE-2024/CVE-2024-237xx/CVE-2024-23750.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-23751](CVE-2024/CVE-2024-237xx/CVE-2024-23751.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-23752](CVE-2024/CVE-2024-237xx/CVE-2024-23752.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-23768](CVE-2024/CVE-2024-237xx/CVE-2024-23768.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-23770](CVE-2024/CVE-2024-237xx/CVE-2024-23770.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-23771](CVE-2024/CVE-2024-237xx/CVE-2024-23771.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-21484](CVE-2024/CVE-2024-214xx/CVE-2024-21484.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-22113](CVE-2024/CVE-2024-221xx/CVE-2024-22113.json) (`2024-01-22T14:01:09.553`)
* [CVE-2024-0623](CVE-2024/CVE-2024-06xx/CVE-2024-0623.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-0679](CVE-2024/CVE-2024-06xx/CVE-2024-0679.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-0521](CVE-2024/CVE-2024-05xx/CVE-2024-0521.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-23725](CVE-2024/CVE-2024-237xx/CVE-2024-23725.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-23726](CVE-2024/CVE-2024-237xx/CVE-2024-23726.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-0769](CVE-2024/CVE-2024-07xx/CVE-2024-0769.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-23730](CVE-2024/CVE-2024-237xx/CVE-2024-23730.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-23731](CVE-2024/CVE-2024-237xx/CVE-2024-23731.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-23732](CVE-2024/CVE-2024-237xx/CVE-2024-23732.json) (`2024-01-22T14:01:14.430`)
* [CVE-2024-21674](CVE-2024/CVE-2024-216xx/CVE-2024-21674.json) (`2024-01-22T14:49:15.167`)
* [CVE-2024-21673](CVE-2024/CVE-2024-216xx/CVE-2024-21673.json) (`2024-01-22T14:50:35.133`)
* [CVE-2024-21672](CVE-2024/CVE-2024-216xx/CVE-2024-21672.json) (`2024-01-22T14:51:42.907`)
## Download and Usage